What changed in TELOS CORP's 2024 10-K compared to 2023?

Across the narrative sections we track, TELOS CORP (TLS) added 292 paragraphs, removed 286, and edited 216 between the 2023 and 2024 10-K filings. The biggest movers are Item 7. Management's Discussion & Analysis (+114/−104), Item 1A. Risk Factors (+99/−92), Item 1. Business (+61/−71).

Did TELOS CORP add new Risk Factors in the 2024 10-K?

Yes — Item 1A Risk Factors shows 99 new/edited paragraphs and 92 removed paragraphs versus the 2023 10-K.

What changed in TELOS CORP's MD&A (Item 7) in 2024?

Item 7 Management's Discussion & Analysis shows 114 new/edited paragraphs and 104 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Did TELOS CORP update its Cybersecurity disclosure (Item 1C) in 2024?

Item 1C Cybersecurity has 7 paragraph-level changes between the 2023 and 2024 filings.

Where does this TLS 10-K diff come from?

The source filings are TELOS CORP's official 2023 and 2024 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in TELOS CORP's 10-K — 2023 vs 2024

Paragraph-level year-over-year comparison of TELOS CORP's 2023 and 2024 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2024 report.

+292 added−286 removedSource: 10-K (2025-03-10) vs 10-K (2024-03-15)

Top changes in TELOS CORP's 2024 10-K

292 paragraphs added · 286 removed · 216 edited across 8 sections

Item 7. Management's Discussion & Analysis+114 / −104 · 79 edited
Item 1A. Risk Factors+99 / −92 · 75 edited
Item 1. Business+61 / −71 · 45 edited
Item 1C. Cybersecurity+7 / −7 · 7 edited
Item 5. Market for Registrant's Common Equity+4 / −5 · 4 edited

Item 1. Business

Business — how the company describes what it does

45 edited+16 added−26 removed29 unchanged

2023 filing

2024 filing

Biggest changeWe have also leveraged our U.S. federal government identity management qualifications to improve the speed and accuracy of vetting results for more than 100 airports, air carriers, and general aviation across the country. We intend to continue innovating and developing additional offerings for cloud, mobile, and Internet of Things ("IoT") devices. • Target and replace inefficient legacy products .

Biggest changeFor example, we have leveraged core Xacta functionality to meet the needs of large financial services and customer relationship management ("CRM") firms. We have also leveraged our U.S. federal government identity management qualifications to improve the speed and accuracy of vetting results for more than 100 airports, air carriers, and general aviation operators across the country.

Business Segments We conduct our business through two reportable and operating segments: Security Solutions and Secure Networks. These segments enable the alignment of our strategies and objectives and provide a framework for the timely and rational allocation of resources within the line of business.

Our Business Segments We conduct our business through two reportable and operating segments: Security Solutions and Secure Networks. These segments enable the alignment of our strategies and objectives and provide a framework for the timely and rational allocation of resources within the line of business.

Item 1. Business General Overview Telos Corporation is a Maryland corporation headquartered in Ashburn, Virginia. Telos Corporation, together with its subsidiaries (the "Company" or "Telos" or "We"), offers technologically advanced, software-based security solutions that empower and protect the world's most security-conscious organizations against rapidly evolving, sophisticated and pervasive threats.

Item 1. Business Business Overview Telos Corporation is a Maryland corporation headquartered in Ashburn, Virginia. Telos Corporation, together with its subsidiaries (the "Company" or "Telos" or "We"), offers technologically advanced, software-based security solutions that empower and protect the world's most security-conscious organizations against rapidly evolving, sophisticated and pervasive threats.

Telos provides an extensive range of wired and wireless, fixed and deployable, classified and unclassified voice, data, and video secure network solutions and services to support defense and civilian missions. Capabilities include network design, operations, and sustainment, system integration and engineering, network security and compliance, deployable comms, service desk, defensive cyber operations, and program management.

Telos provides an extensive range of wired and wireless, fixed and deployable, classified and unclassified voice, data, and video secure network solutions and services to support defense and civilian missions. Our capabilities include network design, operations and sustainment, system integration and engineering, network security and compliance, deployable comms, service desk, defensive cyber operations, and program management.

We derive a substantial portion of our revenue from the U.S. government, whose fiscal year ends on September 30 of each year, which may favorably impact our third fiscal quarter. In addition, our quarterly results may be impacted by the number of working days in a given quarter.

We derive a substantial portion of our revenue from the U.S. government, whose fiscal year ends on September 30 of each year, which may impact our third fiscal quarter. In addition, our quarterly results may be impacted by the number of working days in a given quarter.

With use cases including cyber risk management, risk remediation management, security authorization, compliance management, audit management, inventory management, vulnerability management, continuous compliance monitoring, and vendor and supply chain risk management, Xacta administers the key elements of more than 100 leading regulations and policies for IT security compliance, including the National Institute of Standards and Technology ("NIST") Risk Management Framework ("RMF"), RMF for Department of Defense ("DoD") IT, Committee on National Security Systems Instruction No. 1253, NIST Cybersecurity Framework, the Federal Risk and Authorization Management Program and the DoD's Cybersecurity Maturity Model Certification ("CMMC") program. ◦ Cybersecurity services : proven solutions and services for the full cybersecurity lifecycle, including consulting services, assessment and compliance, engineering and evaluation, operations, and penetration testing.

With use cases including cyber risk management, risk remediation management, security authorization, compliance management, audit management, inventory management, vulnerability management, continuous compliance monitoring, and vendor and supply chain risk management, Xacta administers the key elements of more than 100 leading regulations and policies for IT security compliance, including the National Institute of Standards and Technology ("NIST") Risk Management Framework ("RMF"), RMF for Department of Defense ("DoD") IT, Committee on National Security Systems Instruction No. 1253, NIST Cybersecurity Framework, the Federal Risk and Authorization Management Program ("FedRAMP") and the DoD's Cybersecurity Maturity Model Certification ("CMMC") program. • Cybersecurity Services: We offer solutions and services for the full cybersecurity lifecycle, including Risk Management Framework ("RMF") consulting services, assessment and compliance, engineering and evaluation, operations, and penetration testing.

U.S. government contracts generally are subject to the Federal Acquisition Regulation ("FAR"), which sets forth policies, procedures and requirements for acquiring goods and services by the U.S. government, and agency-specific regulations that implement or supplement the FAR.

U.S. government contracts generally are subject to the Federal Acquisition Regulation ("FAR") and Defense Federal Acquisition Regulation Supplement ("DFARS"), which sets forth policies, procedures and requirements for acquiring goods and services by the U.S. government, and agency-specific regulations that implement or supplement the FAR or DFARS.

We also offer secure mobility professional services, such as consulting and deployment services, to deliver integrated communications solutions that meet even the most complex needs of civilian, defense, and commercial customers. 7 Table of Contents • Network Management and Defense: services for operating, administrating, and defending complex enterprise networks and services for defensive cyber operations.

We also offer secure mobility professional services, such as consulting and deployment services, to deliver integrated communications solutions that meet even the most complex needs of civilian, defense, and commercial customers. • Network Management and Defense: We provide services for operating, administrating, and defending complex enterprise networks and services for defensive cyber operations.

With a pedigree in information and cybersecurity that spans three decades, our certified cybersecurity personnel provide services and solutions that deliver continuous security assurance for business, government, and critical infrastructure. • Secure Communications: ◦ Telos Automated Message Handling System ("Telos AMHS"): web-based organizational message distribution and management for mission-critical communications; the recognized gold standard for organizational messaging in the U.S. government.

With a pedigree in information and cybersecurity that spans three decades, our multi-certified cybersecurity personnel provide services and solutions that deliver continuous security assurance for business, government, and public sector critical infrastructure. • Telos Automated Message Handling System ("Telos AMHS ™ "): Telos AMHS is a web-based organizational message distribution and management solution for mission-critical communications; the recognized gold standard for organizational messaging in the U.S. government.

Approximately 377 of our U.S.-based employees held U.S. security clearances, and 26% self-identify as veterans of U.S. military service. Our employees are not represented by a labor union or covered by a collective bargaining agreement. We have not experienced any work stoppages, and we consider relations with our employees to be good.

Approximately 294 of our U.S.-based employees held U.S. security clearances, and 26% self-identified as veterans of U.S. military service as of that date. Our employees are not represented by a labor union or covered by a collective bargaining agreement. We have not experienced any work stoppages, and we consider relations with our employees to be good.

Additional information regarding our segments is presented in Note 1 8 – Segment Information to the consolidated financial statements at Item 8 of this Form 10-K. 5 Table of Contents Security Solutions Segment: The Security Solutions segment focuses on cybersecurity, cloud, identity solutions, and secure messaging.

Additional information regarding our segments is presented in Note 18 – Segment Information to the consolidated financial statements at Item 8 of this Form 10-K. Security Solutions Segment: The Security Solutions segment focuses on cybersecurity, cloud, identity solutions, and secure messaging.

The predominant contracting methods through which U.S. government agencies procure services and products include definitive award contracts, indefinite delivery / indefinite quantity ("IDIQ") contracts, U.S. General Service Administration ("GSA") schedule contracts and other transactional agreements ("OTA"). Government contracts are subject to congressional funding.

The predominant contracting methods through which U.S. government agencies procure services and products include definitive award contracts, IDIQ contracts, Blanket Purchase Agreements ("BPAs"), U.S. General Service Administration ("GSA") schedule contracts and other transactional agreements ("OTA"). Government contracts are subject to congressional funding.

As part of our effort to improve our disclosures around human capital issues, in 2023, we provided a public report pursuant to the Sustainability Accounting Standards Board ("SASB") Software & IT Service Standard, which report addresses, in part, metrics relating to recruiting and managing a global, diverse and skilled workforce.

As part of our effort to improve our disclosures around human capital issues, we provided a public report pursuant to the Sustainability Accounting Standards Board ("SASB") Software & IT Service Standard, which addresses, in part, metrics relating to recruiting and managing a global, diverse and skilled workforce. Talent Acquisition and Retention We operate in a very competitive environment for talent.

In the current global environment, our mission is more critical than ever. The emergence of each new information and communications technology ("ICT") introduces new vulnerabilities, as security is still too often overlooked in solution development. Networks and applications meant to enhance productivity and profitability often jeopardize an organization due to poor planning, misconfiguration, or an unknown gap in security.

The emergence of each new information and communications technology ("ICT") introduces new vulnerabilities, as security is still too often overlooked in solution development. Networks and applications meant to enhance productivity and profitability often jeopardize an organization due to poor planning, misconfiguration, or an unknown gap in security.

Security Solutions represented 53.3% and 55.5% of total revenues for fiscal years 2023 and 2022, respectively. The Security Solutions segment offers the following solutions and services: • Information Assurance: ◦ Xacta ® : a premier platform for enterprise cyber risk management and security compliance automation, delivering security awareness for systems in the cloud, on-premises, and in hybrid and multi-cloud environments.

Security Solutions represented 71% and 53% of total revenues for fiscal years 2024 and 2023, respectively. 5 Table of Contents The Security Solutions segment offers the following solutions and services: • Xacta ® : Xacta ® is a premier platform for enterprise cyber risk management and security compliance automation, delivering security awareness for systems in the cloud, on-premises, and in hybrid and multi-cloud environments.

The operating results of these classified programs are included in our consolidated financial statements. These regulations and risks are described in more detail below under "Risk Factors" in this Annual Report on Form 10-K. Environmental, Social, and Governance Matters We strive to operate our business in an environmentally responsible manner and in support of sustainable long-term financial performance.

These regulations and risks are described in more detail below under Item 1A, " Risk Factors " in this Annual Report on Form 10-K. 10 Table of Contents Environmental, Social, and Governance Matters We strive to operate our business in an environmentally responsible manner and in support of sustainable long-term financial performance.

Talent Acquisition and Retention We operate in a very competitive environment for talent. To ensure we can attract the most well-qualified employees, we employ strategic sourcing methods, innovative recruitment campaigns, and inclusive outreach initiatives to attract a diverse pool of candidates.

To ensure we can attract the most well-qualified employees, we employ strategic sourcing methods, innovative recruitment campaigns, and inclusive outreach initiatives to attract a diverse pool of candidates.

We understand that a range of complementary capabilities may be needed to solve a single challenge, and we also recognize when a single solution might address multiple challenges. Our security solutions span these three domains: cybersecurity, cloud security and enterprise security.

Our experience in addressing challenges in one area of an enterprise helps us meet requirements in others. We understand that a range of complementary capabilities may be needed to solve a single challenge, and we also recognize when a single solution might address multiple challenges. Our security solutions span these three domains: cybersecurity, cloud security and enterprise network security.

Sales and Marketing As part of our sales and marketing investments, we also make corporate investments in functional areas such as contracts, solution architects, lead generation tools, and operations to ensure our back-office systems and processes scale for business growth.

Our commercial customers include some of the largest technology, communications, and professional services companies in the U.S. Sales and Marketing As part of our sales and marketing investments, we also make corporate investments in functional areas such as contracts, solution architects, lead generation tools, and operations to ensure our back-office systems and processes scale for business growth.

Nonetheless, we believe the U.S. federal government continues to represent a significant growth opportunity, and we expect to continue to invest in products and solutions to serve additional customers within the U.S. federal government.

We have historically focused on the U.S. federal government and believe we are an established leader in providing security solutions to federal agencies. Nonetheless, we believe the U.S. federal government continues to represent a significant growth opportunity, and we expect to continue to invest in products and solutions to serve additional customers within the U.S. federal government.

For example, Xacta is included on DHS's Continuous Diagnostics and Mitigation Approved Products List to provide federal agencies with innovative security tools, which we believe presents us with an excellent opportunity to pursue contracts with additional federal agencies. In addition, our platform is available for use in the AWS GovCloud (U.S.), Oracle and Azure Government.

For example, Xacta is included on DHS's Continuous Diagnostics and Mitigation Approved Product List to provide federal agencies with innovative security tools, which we believe presents us with an excellent opportunity to pursue contracts with additional federal agencies.

Our portfolio of security products, services and expertise empowers our customers with capabilities to reach new markets, serve their stakeholders more effectively, and successfully defend the nation or their enterprise with confidence in their security and privacy. Our mission is to protect our customers' people, information, and digital assets with offerings for cybersecurity, cloud security, and enterprise security.

Our portfolio of security products, services and expertise endows our customers with capabilities to reach new markets, serve their stakeholders more effectively, and successfully defend the nation or their enterprise with confidence in their security and privacy. Our mission is to protect people, organizations, and information through trusted solutions that proactively manage risk, compliance, and persistent digital identity.

We are committed to and view our continued investment in research and development as a key factor to our long-term business success. 9 Table of Contents Human Capital Resources As of December 31, 2023, we had 619 employees, of whom approximately 88.7% are located in the United States.

We are committed to and view our continued investment in research and development as a key factor to our long-term business success. Human Capital Resources As of December 31, 2024, we had 519 employees, of which 504 were full-time employees. As of December 31, 2024, approximately 89% of our workforce was located in the United States.

We strive to create a working environment where everyone feels included and respected and has an equal opportunity to contribute. We believe that diverse teams maximize their potential and bring with them varied views, experiences, and perspectives .

We strive to create a working environment where everyone feels included and respected and has an equal opportunity to contribute. We promote collaboration and encourage employees to maximize their potential by bringing varied views, experiences, and perspectives to their work.

We believe that our markets remain fragmented, with many niche players providing limited product solutions targeting narrow customer segments. Given the breadth of our solution set and our customer end markets, we believe that we are well-positioned to opportunistically acquire smaller companies and incorporate their technology or deploy their solutions across a larger customer set.

Given the breadth of our solution set and our customer end markets, we believe we are well-positioned to opportunistically invest in and/or build partnerships with smaller companies, and incorporate their technology or deploy their solutions across a larger customer set.

Secure Networks represented 46.7% and 44.5% of total revenues for the years ended December 31, 2023 and 2022, respectively. These are our solutions and services in our Secure Networks segment: • Secure Mobility: solutions for business and government that enable remote work and minimize operational and security concerns across and beyond the enterprise.

Secure Networks represented 29% and 47% of total revenues for the years ended December 31, 2024 and 2023, respectively. The Security Networks segment offers the following solutions and services: • Secure Mobility: We offer solutions for business and government that enable work off-premise and minimize operational and security concerns across and beyond the enterprise.

During 2023, we made several improvements to our employee value proposition, including enhancements on benefits available to employees, increasing paid time off and parental leave, accelerating the vesting period for stock matched by the Company in employees' 401(k) plans, instituting a new performance management program, and various supplemental programs to support our employees' physical, mental and financial well-being.

This involves leveraging various channels, such as job boards, social media platforms, and diversity-focused partnerships, to engage with candidates from different backgrounds and experiences. 9 Table of Contents We continuously make improvements to our employee value proposition, including enhancements on benefits available to employees, increasing paid time off and parental leave, accelerating the vesting period for stock matched by the Company in employees' 401(k) plans, instituting a new performance management program, and various supplemental programs to support our employees' physical, mental and financial well-being.

The information on our website is not incorporated by reference into and is not part of this Annual Report on Form 10-K. The SEC also maintains a website (www.sec.gov) that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC, including Telos. 12 Table of Contents

The SEC also maintains a website (www.sec.gov) that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC, including Telos. 11 Table of Contents

Diversity and Inclusion We value diversity and inclusion and are committed to providing a work environment free of discrimination and harassment, where our employees can do their best work, bring their whole selves to work, feel supported, and in turn, support others.

This strategy increases employee empowerment and satisfaction, drives efficiency, and enables us to hire from a broad and diverse talent pool. We are committed to providing a work environment free of discrimination and harassment, where our employees can do their best work, bring their whole selves to work, feel supported, and in turn, support others.

We leverage the full power of Telos (executives, sales and industry partners) to gain access and build our brand awareness. Our sales strategy is to establish a customer foothold with one of our solutions and work to achieve rapid success. We then leverage this customer relationship to generate interest in other solutions from the Telos portfolio.

Our sales strategy is to establish a customer foothold with one of our solutions and work to achieve rapid success. We then leverage this customer relationship to generate interest in other solutions from the Telos portfolio. We have a variety of upsell opportunities that allow us to expand our presence within a customer account.

In June 2022, ONYX won first place in the overall competition of the Mobile Fingerprint Information Technology Challenge hosted by the NIST. We maintain government certifications and designations that distinguish Telos ID, including TSA PreCheck ® enrollment provider, Aviation Channeling Services ("ACS") provider, FBI-approved Channeler, and Financial Industry Regulatory Authority Electronic Fingerprint Submission provider.

We maintain government certifications and designations that distinguish Telos ID, including TSA PreCheck ® enrollment provider, Aviation Channeling Services provider, FBI-approved Channeler, and Financial Industry Regulatory Authority Electronic Fingerprint Submission provider.

Department of State, the FBI, and the Department of Health and Human Services. These customers have a number of subsidiary agencies with separate budgets and procurement functions. Our contracts may be with the highest level of these agencies or with the subsidiary agencies of these customers.

Department of Energy, the U.S Department of the Treasury, the U.S. Social Security Administration, the U.S. Environment Protection Agency, and more. These customers have a number of subsidiary agencies with separate budgets and procurement functions. Our contracts may be with the highest level of these agencies or with the subsidiary agencies of these customers.

Decades of experience in developing, orchestrating, and delivering solutions across these three domains give us the vision and the confidence to provide solutions that empower and protect the enterprise at an integrated, holistic level. Our experience in addressing challenges in one area of an enterprise helps us meet requirements in others.

Our vision is to create a more secure, interconnected world as the trusted leader in innovative digital security solutions that safeguard people, organizations, and information. Decades of experience in developing, orchestrating, and delivering solutions across these three domains give us the vision and the confidence to provide solutions that empower and protect the enterprise at an integrated, holistic level.

Through a link on the Investor Relations section of our website, copies of each of our filings with the U.S. Securities and Exchange Commission ("SEC") can be viewed and downloaded free of charge as soon as reasonably practicable after the reports and amendments are electronically filed with or furnished to the SEC.

Securities and Exchange Commission ("SEC") can be viewed and downloaded free of charge as soon as reasonably practicable after the reports and amendments are electronically filed with or furnished to the SEC. The information on our website is not incorporated by reference into and is not part of this Annual Report on Form 10-K.

Marketing We build market awareness of Telos and our solutions through a variety of marketing programs, including regular briefings with industry analysts, public relations activities, government relations initiatives, web seminars, trade show exhibitions, speaking engagements, and digital marketing.

Partner Organizations Our sales team works with partner organizations like AWS, Microsoft Azure, and IBM to pursue mutual customers and leverage their marketplace platforms and marketing programs. 8 Table of Contents Marketing We build market awareness of Telos and our solutions through a variety of marketing programs, including regular briefings with industry analysts, public relations activities, trade show exhibitions, speaking engagements, and digital marketing.

Our consolidated revenues are largely attributable to prime contracts or to subcontracts with our contractors engaged in work for the U.S. government, with the remaining attributable to state and local governments, and commercial markets. Our security solutions are the product of the extensive labor investment in developing our intellectual property and highly sophisticated software technology.

Our consolidated revenues are largely attributable to prime contracts or subcontracts with our contractors engaged in work for the U.S. government, with the remaining attributable to state and local governments, and commercial markets. Our U.S. federal government customers include the DoD, the IC, and multiple civilian and public sector agencies, including DHS, the U.S. Department of Justice, the U.S.

We ensure the consistency and continuity of network management services required in today's mission-critical network environments. Our Growth Strategies We are pursuing multiple strategies in order to grow the Company in both our commercial and government business end markets. Our key growth strategies include: • Broaden reach within the U.S. federal government .

We ensure the consistency and continuity of network management services required in today's mission-critical network environments. Drivers for Future Growth We are pursuing multiple strategies in order to grow our business, which include: • Ramp our pre-existing programs. Capitalizing on organic growth opportunities is a key to our core business.

In 2023, we invested in preexisting programs and next generation solutions in secure communications and cybersecurity. Leveraging our agile innovation and development practices, we rapidly establish prototypes that we can fully test for suitability and to pre-establish enterprise risk level across a variety of government networks and clouds.

See Note 2 - Significant Accounting Policies (under the caption "Research and Development") included in our notes to consolidated financial statements. We are leveraging our improved agile innovation and rapid automated development practices to rapidly establish prototypes that we can fully test for suitability and to pre-establish enterprise risk level across a variety of government networks and clouds.

See Item 1A, "Risk Factors," for discussion of risks related to global climate and ESG matters. 11 Table of Contents Company Website and Available Information Our corporate headquarters is located at 19886 Ashburn Road, Ashburn, Virginia 20147, and our telephone number is (703) 724-3800. Our website can be accessed at www.telos.com, which contains information about our Company and operations.

Company Website and Available Information Our corporate headquarters is located at 19886 Ashburn Road, Ashburn, Virginia 20147, and our telephone number is (703) 724-3800. Our website can be accessed at www.telos.com, which contains information about our Company and operations. Through a link on the Investor Relations section of our website, copies of each of our filings with the U.S.

We actively engage with federal customers to integrate vital event records, government identification document records, and other fingerprint-based biometric records hosted across multiple agencies. This enables Telos to offer NIST-compliant digital identity services aligned with federal security mandates. ◦ ONYX ® : the world's first and most accurate touchless fingerprint biometric solution for mobile devices.

We actively engage with federal customers to integrate vital event records, government identification document records, and other fingerprint-based biometric records hosted across multiple agencies.

While we believe that our employee population is gender and ethnically diverse for our industry and operating markets, with approximately 25% of our global population self-identifying as female and approximately 38% self-identifying as underrepresented minorities, our objective is to continue to improve our hiring, development, training, advancement, and retention of diverse talent and to foster an inclusive environment at Telos. 10 Table of Contents Seasonality We generally experience seasonality due to our key customers' fiscal year ends and procurement cycles.

Our objective is to continue to improve our hiring, development, training, advancement, and retention of talent and to foster a synergistic environment at Telos. Seasonality We generally experience seasonality due to our key customers' fiscal year ends and procurement cycles.

By making these disclosures, however, we have not concluded that the information disclosed is material to our business. The Board of Directors authorized the Nominating and Corporate Governance Committee to oversee the Company's ESG efforts, which include climate-related risks and opportunities.

The Board of Directors authorized the Nominating and Corporate Governance Committee to oversee the Company's ESG efforts, which include climate-related risks and opportunities. See Item 1A, " Risk Factors ," for discussion of risks related to global climate and ESG matters.

We have a variety of upsell opportunities that allow us to expand our presence within a customer account. For example, various complementary Xacta features build on each other and are sold separately. Much of our business is awarded through the submission of formal competitive bids; however, a portion of our revenue is awarded through limited competition or sole-source contracts.

Much of our business is awarded through the submission of formal competitive bids; however, a portion of our revenue is awarded through limited competition or sole-source contracts.

We believe that we are well-positioned to sell our capabilities into a dynamic and growing commercial opportunity set and will continue innovating to address emerging and unique requirements. For example, we have leveraged core Xacta functionality to meet the needs of large financial services and customer relationship management firms.

Our offerings are designed to have broad applications and include cloud and network security risk and compliance, secure messaging, and identity vetting through biometric capture and analysis. We believe we are well-positioned to sell our capabilities into a dynamic and growing commercial opportunity set and will continue innovating to address emerging and unique requirements.

We believe that a targeted and opportunistic acquisition strategy will be a force multiplier for our organic growth opportunity. Customers Our primary customers include the U.S. federal government, large commercial businesses, state and local governments, and international customers.

Telos has begun making strategic investments to bring meaningful AI capabilities to our platform. Our Customers Our primary customers include the U.S. federal government, large commercial businesses, state and local governments, and international customers.

Removed

Fiscal year 2023 was a transition year for Telos, with a focus on streamlining our operations while rebuilding and growing our revenue base by generating new business wins.

Added

We do this by developing robust, reliable, and uncompromising solutions for our customers, creating a workplace that engages and inspire our employees, and providing value to our shareholders to ensure a lasting legacy of excellence. In the current global environment, our mission is more critical than ever.

Removed

Our 2023 business development priorities were to: • Reorganize internally to consolidate and centralize business development resources; • Add new talent to drive execution of solution development and new business generation; • Maximize existing strategic partnerships for market expansion; and • Increase our opportunity portfolio and quality of contract vehicles.

Added

Information exchanged at this level and for these purposes requires operational requirements for time-sensitive, guaranteed delivery, precedence, high availability, and reliability. • Digital Identity Solutions: ◦ IDTrust360 ® is an enterprise digital trusted identity risk platform for extending flexible hybrid cloud identity services.

Removed

To improve our path forward, we planned to: • Optimize our solution portfolio through accelerated plays on various programs and enhance program management; • Expand our pipeline and strengthen proposals for new businesses; and • Engage all employees through synergy, setting performance goals, and improving benefits.

Added

This enables Telos to offer NIST-compliant digital identity services aligned with federal security mandates. ◦ ONYX®, a mobile touchless fingerprint software development kit, enables secure biometric authentication by leveraging standard smartphone cameras to capture and process high-quality fingerprint images without physical contact.

Removed

Information exchanged at this level and for these purposes requires operational requirements for time-sensitive, guaranteed delivery, precedence, high availability, and reliability. ◦ Telos Advanced Cyber Analytics ("Telos ACA") : a solution that is a dynamic, proprietary threat feed source of global Internet Protocol ("IP") addresses known to engage in potentially malicious activity, including mass scanning and generic opportunistic attacks.

Added

It uses artificial intelligence (“AI”) neural networks for finger detection and automatic acquisition, along with a patented image processing algorithm to generate precise, machine-matchable fingerprints. Targeting markets such as financial services, healthcare, government, and enterprise security, ONYX is ideally suited for use cases including mobile banking, field identification for law enforcement, telemedicine identity verification, secure access control, and remote onboarding.

Removed

Telos ACA™ allows security operation centers the advantage of being able to reduce "noisy" IP security threat alerts and thereby increase operational efficiency, the ability to potentially identify forthcoming mass exploitation events, and the ability to improve the focus of ongoing threat hunts. 6 Table of Contents Telos ACA leverages a sophisticated global sensor network of nodes that run 24/7/365 and analyzes and aggregates anomalous Internet activity in near real time.

Added

Its value proposition lies in delivering a cost-effective, scalable, and user-friendly biometric solution that eliminates the need for specialized hardware, enhances security with liveness detection, and supports seamless integration across iOS and Android platforms, empowering organizations to strengthen identity management and combat fraud efficiently 6 Table of Contents Telos’ sovereign, reusable Identity-as-a-Service Solution ("IDaaS") is designed for the use of government agencies, mobile network operators, banking organizations and others who need to incorporate a zero-trust method of identity verification into existing know-your-customer and onboarding processes, while striving to remain in front of international data protection and privacy regulations.

Removed

Telos ACA intelligence is seamlessly and conveniently delivered as an industry-standard Structured Threat Information eXpression/Trusted Automated eXchange of Intelligence Information ("STIX/TAXII") based threat feed. STIX states the "what" of threat intelligence, while TAXII defines "how" that information is relayed. STIX and TAXII are machine-readable and, therefore, easily automated.

Added

This user-controlled system empowers individuals to hold and manage their own identity data, presenting it securely to relying parties or verifiers while ensuring trust through server-side biometric authentication powered by our proprietary ONYX technology.

Removed

This allows for easy consumption into third-party security tools, where the threat feed can be used to enrich and provide relevant information related to potential malicious network activity within environments.

Added

Organizations leveraging the IDaaS solution offered by Telos save on the cost and effort of onboarding new users without worrying about the complexities of verifying individual identities.

Removed

Telos ACA provides the IP, metadata, and raw data elements to improve threat hunting and eliminate threat noise. ◦ Telos Ghost ® : a virtual obfuscation network-as-a-service with encryption and managed attribution capabilities to ensure the safety and privacy of people, information, and resources on the network.

Added

The solution provides fully proofed and vetted reusable identities to reduce risk across all identity-related enterprise events, and fosters trust across markets such as financial services, healthcare, government, and enterprise security for use cases like digital wallets, remote onboarding, and secure access control.

Removed

Telos Ghost seeks to eliminate cyberattack surfaces by obfuscating and encrypting data, masking user identity and location, and hiding network resources. It provides the additional layers of security and privacy needed for intelligence gathering, cyber threat protection, securing critical infrastructure, and protecting communications and applications when a single error in security can jeopardize operations, property, and even lives.

Added

Our strategy includes increasing the scope of our existing contracts through renewal or expansion of our offerings. • Rebuild our contract vehicles portfolio. Notable contracts with our key customers, mainly U.S. federal government agencies, require bidders to be pre-approved on registered contract vehicles.

Removed

Telos Ghost is used for a variety of highly sensitive applications, including cyber threat research, open-source intelligence, supply chain security vulnerability assessment, worldwide investigative and recovery services, and hiding critical assets. • Digital Identity Solutions: ◦ IDTrust360 ® : an enterprise digital trusted identity risk platform for extending flexible hybrid cloud identity services.

Added

We strive to have prime or subcontractor positions on a wide range of contracts to allow our customers and potential customers an opportunity to access our solutions and services through Indefinite Delivery / Indefinite Quantity ("IDIQ") and definite contract vehicles. • Broaden our reach within the U.S. federal government .

Removed

Powered by state-of-the-art machine learning, ONYX eases deployment in a variety of industries, including financial services and healthcare, and applications like consumer authentication and physical access and security. Acquired by Telos in 2021, the patented and award-winning ONYX solution delivers touchless fingerprint biometrics that people can submit simply by using their mobile phones.

Added

In addition, Xacta is available for use in the Amazon Web Services ("AWS") GovCloud (U.S.), Oracle and Azure Government. 7 Table of Contents • Leverage our diverse security solutions to target market expansion .

Removed

We have historically focused on the U.S. federal government and believe we are an established leader in providing security solutions to federal agencies, including DoD and the IC.

Added

We intend to continue innovating and developing additional offerings for cloud, mobile, and Internet of Things ("IoT") devices. • Pursue strategic investments and partnerships . We believe that our markets remain fragmented, with many niche players providing limited product solutions targeting narrow customer segments.

Removed

The Telos ACA offering is positioned to supply unique data sets to government agencies, allowing them to be better informed as they defend and protect their networks and assets.

Added

We believe a targeted and opportunistic investment strategy will be a force multiplier for our organic growth opportunity. • Invest strategically into groundbreaking research and development for our intellectual property . We believe artificial intelligence – large language models can offer an unparalleled advantage to our customers in automation and cost savings, a cornerstone of our Xacta platform.

Removed

Telos ACA is also positioned to provide government customers with specific, actionable and high-fidelity intelligence about malicious cyber activity targeted at their networks. • Leverage our diverse security solutions to expand our presence in commercial markets . Our offerings are designed to have broad applications and include security risk and compliance, secure messaging, identity vetting, and managed attribution and obfuscation.

Added

Sales We sell our products and services leveraging a direct sales approach, with a small subset being executed through a handful of partner organizations. Our customer acquisition success extends to commercial customers and vendors seeking to do business with the U.S. federal government, however our largest portion of revenue lies with the U.S. government itself.

Removed

Recognizing the limitations of their legacy systems, organizations are replacing existing systems and processes with Telos solutions. For example, Telos AMHS is a web-centric system that replaced legacy capabilities like communications centers for the purpose of executing operational orders (through organizational messaging) across the U.S. federal government and around the world.

Added

The operating results of these classified programs are included in our consolidated financial statements.

Removed

Xacta has disrupted the cyber risk and compliance management business across the U.S. federal government, replacing tedious manual activity with automation and delivering that automation to meet our customer's needs on-premises, in hybrid environments, in the cloud, and across multi-cloud infrastructures. • Pursue strategic acquisition opportunities .

Added

By making these disclosures, however, we have not concluded that the information disclosed is material to our business and this information is not incorporated by reference into and is not a part of this Annual Report on Form 10-K.

Removed

These investments helped us expand with commercial customers, and win additional contracts within the military, the IC and civilian government agencies.

Removed

Once our security solutions are embedded in our customers' technology infrastructure, these customer relationships often expand and lead to opportunities to provide additional security solutions. 8 Table of Contents Our U.S. federal government customers include the DoD, the Central Intelligence Agency, and multiple other agencies within the IC, and multiple civilian agencies, including but not limited to, the DHS, the U.S.

Removed

Our commercial customers include leading enterprises such as Amazon.com, Inc., Google, Zscaler, Ernst & Young, Deloitte, Accenture, SAP, Verizon and Oracle.

… 7 more changes not shown on this page.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

75 edited+24 added−17 removed140 unchanged

2023 filing

2024 filing

Biggest changeThe competitive bidding process presents a number of risks, including the following: • We may expend substantial funds and time to prepare bids and proposals for contracts that may ultimately be awarded to one of our competitors; • We may be unable to accurately estimate the resources and costs that will be required to perform any contract we are awarded, which could result in substantial cost overruns and decreased margins; • We may encounter expense and delay if our competitors protest or challenge awards of contracts, and any such protest or challenge could result in a requirement to resubmit bids on modified specifications or in the termination, reduction or modification of the awarded contract; • The protest of contracts awarded to us may result in the delay of program performance and the generation of revenue while the protest is pending; and • If we are not given the opportunity to re-compete for U.S. government contracts previously awarded to us, we may incur expenses to protest such a decision and ultimately may not succeed in competing for or winning such contract renewal.

Biggest changeThe competitive bidding process presents a number of risks, including the following: • From time to time we expend substantial funds and time to prepare bids and proposals for contracts that are ultimately awarded to one of our competitors; • From time to time we are unable to accurately estimate the resources and costs that will be required to perform any contract we are awarded, which results in substantial cost overruns and decreased margins; • From time to time we encounter expense and delay when our competitors protest or challenge awards of contracts, and any such protest or challenge could result in a requirement to resubmit bids on modified specifications or in the termination, reduction or modification of the awarded contract; • From time to time the protest of contracts awarded to us results in the delay of program performance and the generation of revenue while the protest is pending; and • From time to time we are not given the opportunity to re-compete for U.S. government contracts previously awarded to us, and we may incur expenses to protest such a decision and ultimately may not succeed in competing for or winning such contract renewal. 14 Table of Contents The U.S. government contracts for which we compete typically have multiple option periods, and if, as happens from time to time, we fail to win a contract or a task order, we generally will be unable to compete again for that contract for several years.

While we have security measures in place to protect our data, the data of our customers or end-users of our services, our services and underlying infrastructure may in the future be materially breached or compromised as a result of the following: • Third-party attempts to fraudulently induce employees or customers into disclosing sensitive information such as user names, passwords or other information to gain access to our customers' data, our data or our IT systems; • Efforts by individuals or groups of hackers and sophisticated organizations, including state-sponsored organizations or nation-states; • Cyberattacks on our internally built infrastructure; • Vulnerabilities resulting from enhancements and updates to our existing solutions; • Vulnerabilities in the products or components across the broad ecosystem that our services operate in or are dependent on; • Vulnerabilities existing within newly acquired or integrated technologies and infrastructures; • Vulnerabilities existing within third-party software or services that we employ; • Attacks on, or vulnerabilities in, the many different underlying networks and services that power the Internet that our products depend on, most of which are not under our control or the control of our vendors, partners, or customers; and • Employee or contractor errors or intentional acts that compromise our security systems.

While we have security measures in place to protect our data and the data of our customers or end-users of our services, our services and underlying infrastructure may in the future be materially breached or compromised as a result of the following: • Third-party attempts to fraudulently induce employees or customers into disclosing sensitive information such as user names, passwords or other information to gain access to our customers' data, our data or our IT systems; • Efforts by individuals or groups of hackers and sophisticated organizations, including state-sponsored organizations or nation-states; • Cyberattacks on our internally built infrastructure; • Vulnerabilities resulting from enhancements and updates to our existing solutions; • Vulnerabilities in the products or components across the broad ecosystem that our services operate in or are dependent on; • Vulnerabilities existing within newly acquired or integrated technologies and infrastructures; • Vulnerabilities existing within third-party software or services that we employ; • Attacks on, or vulnerabilities in, the many different underlying networks and services that power the Internet that our products depend on, most of which are not under our control or the control of our vendors, partners, or customers; and • Employee or contractor errors or intentional acts that compromise our security systems.

We believe that selling and marketing our security solutions requires advanced sales skills, customer relationships and technical knowledge to generate interest and effectively communicate our solutions or services to new markets.

We believe that selling and marketing our security solutions requires advanced sales skills, customer relationships and technical knowledge to generate interest and to effectively communicate our solutions or services to new markets.

Moreover, any significant natural disaster, pandemic, other catastrophic or force majeure events could affect our personnel, supply chain, or service providers' ability to provide materials and perform services on a timely basis.

Moreover, any significant natural disaster, pandemic, or other catastrophic or force majeure events could affect our personnel, supply chain, or service providers' ability to provide materials and perform services on a timely basis.

In addition, our sales process is highly dependent on the reputation of our solutions and support and on positive recommendations from our existing customers.

In addition, our sales process is highly dependent on the reputation of our solutions, support and positive recommendations from our existing customers.

On the other hand, any negative associations or perceptions with our solutions or biometrics could impede our business growth and could adversely affect our business, results of operations and financial condition. Likewise, any breaches on our information technology systems, particularly on the use and collection of biometric information, may subject us to significant reputational, financial, legal or operational consequences.

On the other hand, any negative associations or perceptions with our solutions or biometrics could impede our business growth and could adversely affect our business, results of operations and financial condition. Likewise, any breaches of our information technology systems, particularly on the use and collection of biometric information, may subject us to significant reputational, financial, legal or operational consequences.

Some large competitors offer capabilities in a number of markets that overlap many of the same areas in which we offer services, while certain companies are focused upon only one or a few of such markets. Some of the firms that compete with us in multiple areas include large, established defense contractors.

Some large competitors offer capabilities in a number of markets that overlap many of the same areas in which we offer services, while certain companies are focused upon only one or a few of such markets. Some firms that compete with us in multiple areas include large, established defense contractors.

These U.S. federal and state and foreign laws and regulations, which, depending on the regime, may be enforced by private parties or government entities, are constantly evolving and can be subject to significant change, and they are likely to remain uncertain for the foreseeable future.

These U.S. federal, state and foreign laws and regulations, which, depending on the regime, may be enforced by private parties or government entities, are constantly evolving and can be subject to significant change, and they are likely to remain uncertain for the foreseeable future.

Our future success also depends in part on our ability to expand our relationships with our current customers by selling additional features and services, more subscriptions or enhanced editions of our services. This may also require increasingly sophisticated and costly sales efforts that are targeted at senior leaders.

Our future success also depends in part on our ability to expand our relationships with our current customers by selling additional features, solutions and services, more subscriptions or enhanced editions of our solutions and services. This may also require increasingly sophisticated and costly sales efforts that are targeted at senior leaders.

We operate in an intensely competitive market and diverse industry segment, and we expect competition to increase in the future from established businesses and new market entrants. Based on our current market analysis, there is no single company or small group of companies in a dominant competitive position.

We operate in an intensely competitive market and diverse industry segment, and we expect competition to increase in the future from established businesses and new market entrants. Based on our current market analysis, no single company or small group of companies is in a dominant competitive position.

From time to time, we may release guidance in our quarterly earnings conference calls, quarterly earnings releases, or otherwise, regarding our future performance that represents our management's estimates as of the date of release. This guidance, which includes forward-looking statements, is based on projections prepared by our management.

From time to time, we release guidance in our quarterly earnings conference calls, quarterly earnings releases, or otherwise, regarding our future performance that represents our management's estimates as of the date of release. This guidance, which includes forward-looking statements, is based on projections prepared by our management.

If one or more of our suppliers or subcontractors is unable to satisfactorily provide on a timely basis the agreed-upon supplies or perform the agreed-upon services per its contractual obligations, our ability to perform our obligations as a prime contractor may be adversely affected, and we may be exposed to liability.

If one or more of our suppliers or subcontractors is unable to satisfactorily provide on a timely basis the agreed-upon supplies or perform the agreed-upon services per its contractual obligations, our ability to perform our obligations as a contractor may be adversely affected, and we may be exposed to liability.

Similarly, the rate at which our customers purchase new or enhanced services depends on a number of factors, some of which are beyond our control. If our efforts to maintain and expand our relationships with our existing customers are not successful, our business could be harmed.

Similarly, the rate at which our customers purchase new or enhanced solutions and services depends on a number of factors, some of which are beyond our control. If our efforts to maintain and expand our relationships with our existing customers are not successful, our business could be harmed.

A change in any of these principles or guidance, or in their interpretations or application to us, may have a significant effect on our reported results, as well as our processes and related controls, and may retroactively affect previously reported results or our forecasts, which may negatively impact our financial statements.

A change in any of these principles or guidance, or in their interpretations or application to us, may have a significant impact on our reported results, as well as our processes and related controls, and may retroactively affect previously reported results or our forecasts, which may negatively impact our financial statements.

We rely on the technology, infrastructure, and software applications of certain third parties in order to host or operate some of certain key platform features or functions of our business. Additionally, we rely on third-party computer hardware and cloud capabilities in order to deliver our solutions and services.

We rely on the technology, infrastructure, and software applications of certain third parties in order to host or operate certain key platform features or functions of our business. Additionally, we rely on third-party computer hardware and cloud capabilities in order to deliver our solutions and services.

U.S. government may terminate, cancel, delay, modify or curtail our contracts at any time prior to completion and, if we do not replace them, this may adversely affect our future revenues and could adversely impact our earnings .

The U.S. government may terminate, cancel, delay, modify or curtail our contracts at any time prior to completion and, if we do not replace them, this may adversely affect our future revenues and could adversely impact our earnings .

Any interruption in our service, whether as a result of an internal or third-party issue, could damage our brand and reputation, cause our customers to terminate or not renew their contracts with us or decrease the use of our solutions and services, require us to indemnify our customers against certain losses, result in our issuing credit or paying penalties or fines, subject us to other losses or liabilities, cause our solutions to be perceived as unreliable or unsecure, and prevent us from gaining new or additional business from current or future customers, any of which could harm our business, financial condition, and results of operations.

Any interruption in our service, whether as a result of an internal or third-party issue, could damage our brand and reputation, cause our customers to terminate or not renew their contracts with us or decrease the use of our solutions and services, require us to indemnify our customers against certain losses, result in our issuing credit or paying penalties or fines, subject us to other losses or liabilities, cause our solutions to be perceived as unreliable or unsecured, and prevent us from gaining new or additional business from current or future customers, any of which could harm our business, financial condition, and results of operations.

To date, any such attempts have not been material or significant to us, including to our reputation or business operations, or had a material financial impact, but there can be no assurance that future cyberattacks will not be material or significant.

To date, any such attempts have not been material to us, including to our reputation or business operations, or had a material financial impact, but there can be no assurance that future cyberattacks will not be material.

Partnerships, mergers, joint ventures, acquisitions, and divestitures include a number of risks and present financial, managerial and operational challenges, including but not limited to: • Diversion of management attention from running our existing business; • Possible material weaknesses in internal control over financial reporting; • Increased expenses, including legal, administrative and compensation expenses related to newly hired or terminated employees; • Increased costs to integrate the technology, personnel, customer base and business practices of the acquired company with us; • Potential exposure to material liabilities not discovered in the due diligence process; • Potential adverse effects on reported operating results due to possible write-down of goodwill and other intangible assets associated with acquisitions; and • Unavailability of acquisition financing or unavailability of such financing on reasonable terms.

Partnerships, mergers, joint ventures, acquisitions, and divestitures include a number of risks and present financial, managerial and operational challenges, including but not limited to: • Diversion of management attention from running our existing business; • Possible material weaknesses in internal control over financial reporting; • Increased expenses, including legal, administrative and compensation expenses related to newly hired or terminated employees; • Increased costs to integrate the technology, personnel, customer base and business practices of the acquired company with us; • Potential exposure to material liabilities not discovered in the due diligence process; 18 Table of Contents • Potential adverse effects on reported operating results due to possible write-down of goodwill and other intangible assets associated with acquisitions; and • Unavailability of acquisition financing or unavailability of such financing on reasonable terms.

Our systems and the third-party systems upon which we and our customers rely are also vulnerable to damage or interruption from catastrophic occurrences or events outside of our control.

Our systems and the third-party systems upon which we and our customers rely are also vulnerable to damage or interruption from catastrophic occurrences or events outside our control.

Any acquired business, technology, service or product could significantly underperform relative to our expectations and may not achieve the benefits we expect from possible acquisitions. For all these reasons, our pursuit of an acquisition, partnership, investment, divestiture, merger, or joint venture could cause its actual results to differ materially from those anticipated.

As we expand into and within new and emerging markets and heavily regulated industry verticals, we will likely face additional regulatory scrutiny, risks, and burdens from the governments and agencies which regulate those markets and industries. Failure to deliver high-quality technical support services may adversely affect our relationships with our customers and our financial results.

As we expand into and within new and emerging markets and heavily regulated industry verticals, we will likely face additional regulatory scrutiny, risks, and burdens from the governments and agencies that regulate those markets and industries. Failure to deliver high-quality technical support services may adversely affect our relationships with our customers and our financial results.

Delays in the funding process or changes in funding or funding priorities can impact the timing of available funds or can lead to changes in program content or termination at the government's convenience.

Delays in the funding process or changes in funding or funding priorities can impact the timing of available funds or can lead to changes in program content, delay or termination at the government's convenience.

In light of the foregoing, investors are urged not to rely upon our guidance in making an investment decision regarding our common stock.

In light of the foregoing, investors are urged not to rely upon our guidance when making an investment decision regarding our common stock.

These economic conditions can arise suddenly and the full impact of such conditions can remain uncertain at any point in time. In addition, geopolitical developments, such as the invasion of Ukraine by Russia, can increase levels of political and economic unpredictability globally and increase the volatility of global financial markets.

These economic conditions can arise suddenly and the full impact of such conditions can remain uncertain at any point in time. In addition, geopolitical developments, such as the invasion of Ukraine by Russia and the conflict in Gaza, can increase levels of political and economic unpredictability globally and increase the volatility of global financial markets.

We routinely experience cybersecurity threats, threats to our information technology infrastructure and attempts to gain access to our sensitive information, as do our customers, suppliers, subcontractors and joint venture partners. We may experience similar security threats at customer sites that we operate and manage as a contractual requirement.

We routinely experience cybersecurity threats, threats to our information technology infrastructure and attempts to gain access to our sensitive information, as do our customers, suppliers, prime and subcontractors, and joint venture partners. We experience similar security threats at customer sites that we operate and manage as a contractual requirement.

Finally, the detection, prevention and remediation of known or potential security vulnerabilities, including those arising from third-party hardware or software, may result in additional financial burdens due to additional direct and indirect costs, such as additional infrastructure capacity spending to mitigate any system degradation. 13 Table of Contents If our customers do not renew their subscriptions or contracts for our solutions and services and expand our relationship with them, our revenue could decline and our results of operations would be adversely impacted.

Finally, the detection, prevention and remediation of known or potential security vulnerabilities, including those arising from third-party hardware or software, may result in additional financial burdens due to additional direct and indirect costs, such as additional infrastructure capacity spending to mitigate any system degradation. 12 Table of Contents If our customers do not renew their subscriptions or contracts for our solutions and services and expand our relationships with them, our revenue could decline and our results of operations would be adversely impacted.

In May 2022, our Board of Directors approved a share repurchase program ("SRP") for the repurchase of up to $50.0 million of our outstanding shares of our common stock. As of December 31, 2023, approximately $38.7 million remained available under the stock repurchase program.

In May 2022, our Board of Directors approved a share repurchase program ("SRP") for the repurchase of up to $50.0 million of our outstanding shares of our common stock. As of December 31, 2024, approximately $38.7 million remained available under the stock repurchase program.

The stock repurchase program could affect the price of our common stock, increase volatility, diminish our cash reserves, and even if fully implemented may not enhance long-term stockholder value. 23 Table of Contents If we fail to maintain an effective system of internal control, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.

The stock repurchase program could affect the price of our common stock, increase volatility, diminish our cash reserves, and even if fully implemented may not enhance long-term stockholder value. If we fail to maintain an effective system of internal control, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.

We will face risks associated with the growth of our business in new commercial markets and with new customer verticals, and we may not be able to continue our organic growth nor have the necessary resources to dedicate to the overall growth of our business.

We will face risks associated with the growth of our business in new commercial markets and with new customer verticals, and we may not be able to achieve organic growth nor have the necessary resources to dedicate to the overall growth of our business.

Changes in congressional schedules, negotiations for program funding levels or unforeseen world events can interrupt the funding for a program or contract. Second, funds for multi-year contracts can be changed in subsequent years in the appropriations process.

Changes in congressional schedules, administration priorities, negotiations for program funding levels or unforeseen world events can interrupt the funding for a program or contract. Second, funds for multi-year contracts can be changed in subsequent years in the appropriations process.

Obtaining the necessary authorizations, including any required license, may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. 22 Table of Contents Furthermore, the U.S. export control laws and economic sanctions laws prohibit the shipment of certain products and services to U.S. embargoed or sanctioned countries, governments and persons.

Obtaining the necessary authorizations, including any required license, may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. Furthermore, the U.S. export control laws and economic sanctions laws prohibit the shipment of certain products and services to U.S. embargoed or sanctioned countries, governments and persons.

The loss of, or our inability to obtain or maintain, any of these technology licenses could delay the introduction of new products or services until equivalent technology, if available, is identified, licensed and integrated. The inability to set optimal pricing structures for our solutions and services could adversely impact our business, financial condition and results of operations.

The loss of, or our inability to obtain or maintain, any of these technology licenses could delay the introduction of new products or services until equivalent technology, if available, is identified, licensed and integrated. 17 Table of Contents The inability to set optimal pricing structures for our solutions and services could adversely impact our business, financial condition and results of operations.

In addition, any negative publicity arising from these disruptions could harm our reputation and brand and adversely affect our business. We may be also be impacted by natural disasters, wars, terrorist attacks, power outages, public health crisis (epidemics or pandemics), or other events outside of our control.

In addition, any negative publicity arising from these disruptions could harm our reputation and brand and adversely affect our business. We may also be impacted by natural disasters, wars, terrorist attacks, power outages, public health crises (epidemics or pandemics), or other events outside our control.

Our quarterly and annual operating results could be materially harmed if orders forecasted for a specific customer for a particular period of time are not realized. 15 Table of Contents Failure to effectively develop and execute our sales and business development capabilities will harm our ability to grow our business.

Our quarterly and annual operating results could be materially harmed if orders forecasted for a specific customer for a particular period of time are not realized. Failure to effectively develop and execute our sales and business development capabilities will harm our ability to grow our business.

Act of terrorism and other geopolitical unrest could also potentially cause disruptions in our business or the business of our supply chain, services providers, or the economy as a whole.

Acts of terrorism and other geopolitical unrest could also potentially cause disruptions in our business or the business of our supply chain, services providers, or the economy as a whole.

Significant changes in government spending or changes in U.S. government priorities, policies and requirements could have a material adverse effect on our results of operations, financial condition or liquidity. We are subject to the seasonality of U.S. government spending.

Significant changes in government spending or changes in U.S. government priorities, policies and requirements could have a material adverse effect on our results of operations, financial condition or liquidity. 20 Table of Contents We are subject to the seasonality of U.S. government spending.

Our ability to increase our customer base and achieve broader market acceptance of our solutions and services will depend, to a significant extent, on our ability to perform at a high level in our business development, growth, sales and marketing operations and activities.

Our ability to increase our customer base and achieve broader market acceptance of our solutions and services depends, to a significant extent, on our ability to perform at a high level in our business development, growth, sales and marketing operations and activities.

In addition, as we work to align our ESG practices with industry standards, we will likely continue to expand our disclosures in these areas and doing so may result in additional costs and require additional resources to monitor, report, and comply with our various ESG practices.

In addition, as we work to align our ESG practices with industry standards, we may expand our disclosures in these areas and doing so may result in additional costs and require additional resources to monitor, report, and comply with our various ESG practices.

The third-party technology licenses used by us may not continue to be available on commercially reasonable terms or at all. Our business could suffer if we lost the right to use these technologies.

The third-party technology licenses we use may not continue to be available on commercially reasonable terms or at all. Our business could suffer if we lost the right to use these technologies.

In addition, over the last few years, the U.S. government has been unable to complete its budget process before the end of its fiscal year, resulting in both a government shutdown and continuing resolutions to extend sufficient funds only for U.S. government agencies to continue operating.

In addition, over the last few years, the U.S. government has been unable to complete its budget process before the end of its fiscal year, resulting in a series of continuing resolutions to extend sufficient funds only for U.S. government agencies to continue operating.

In addition, it is possible that others may independently develop substantially equivalent intellectual property. If we do not effectively protect our intellectual property, our business could suffer. 17 Table of Contents To protect our intellectual property rights, we may be required to spend significant resources to monitor and protect our rights.

In addition, it is possible that others may independently develop substantially equivalent intellectual property. If we do not effectively protect our intellectual property, our business could suffer. To protect our intellectual property rights, we may be required to spend significant resources to monitor and protect our rights.

In addition, our reputation and client relationships may be damaged as a result of our practices related to climate change, including our involvement, or our clients' involvement, in certain industries or projects associated with causing or exacerbating climate change, as well as any decisions we make to continue to conduct or change our activities in response to considerations relating to climate change. 25 Table of Contents Item 1B.

The relationship we have with our partners, and that our partners have with our customers, provides our customers with enhanced value for our solutions and services. 18 Table of Contents Our agreements with our partners are generally non-exclusive; therefore, our partners may offer customer solutions from several companies, including solutions and services that compete with ours.

The relationship we have with our partners, and that our partners have with our customers, provides our customers with enhanced value for our solutions and services. Our agreements with our partners are generally non-exclusive; therefore, our partners may offer customer solutions from several companies, including solutions and services that compete with ours.

Competition for skilled personnel is intense and many U.S. government programs also require contractors to have security clearances, certain of which can be difficult and time-consuming to obtain. 14 Table of Contents We may not be successful in attracting and retaining qualified personnel.

Competition for skilled personnel is intense and many U.S. government programs also require contractors to have security clearances, which can be difficult and time-consuming to obtain. We may not be successful in attracting and retaining qualified personnel.

A security breach or incident could result in unauthorized parties obtaining access to, or the denial of authorized access to, our IT systems or data, or our customers' systems or data, including intellectual property, proprietary, sensitive, or other confidential information. A security breach or incident could result in the unauthorized disclosure of large quantities of our customers' personally identifiable information.

Any failure or perceived failure by us or our solutions to comply with U.S. or applicable foreign laws, regulations, directives, policies, industry standards, or legal obligations relating to privacy, data protection, or information security, or any security incident that results in loss of or the unauthorized access to, or acquisition, use, release, or transfer of, personal information, personal data, or other customer or sensitive data or information may result in governmental investigations, inquiries, enforcement actions and prosecutions, private claims and litigation, indemnification or other contractual obligations, other remedies, including fines or demands that we modify or cease existing business practices, or adverse publicity, and related costs and liabilities, which could significantly and adversely affect our business and results of operations.

Significant judgments, estimates, and assumptions used in preparing our consolidated financial statements include, or may in the future include, those related to revenue recognition, goodwill and other long-lived assets, and income taxes. 24 Table of Contents Weakened global economic conditions may adversely affect our industry, business, operating results and financial condition.

Significant judgments, estimates, and assumptions used in preparing our consolidated financial statements include, or may in the future include, those related to revenue recognition, goodwill and other long-lived assets, and income taxes. Weakened global economic conditions may adversely affect our industry, business, operating results and financial condition. Our overall performance depends in part on worldwide economic and geopolitical conditions.

Actions that we are taking to restructure our business to improve profitability may not be as effective as anticipated. During the fourth quarter of fiscal year 2022, we committed to a restructuring plan to streamline our workforce and spending to better align our cost structure with the volume of our business.

Actions that we are taking to restructure our business to improve profitability may not be as effective as anticipated. We committed to a restructuring plan to streamline our workforce and realign our cost structure with the volume of our business.

Depending on the results of any such audits and investigations, the U.S. government may make claims against us. Under U.S. government procurement regulations and practices, an indictment of a U.S. government contractor could result in that contractor being fined and/or suspended for a period of time from eligibility for bidding on, or for the award of, new U.S. government contracts.

Under U.S. government procurement regulations and practices, an indictment of a U.S. government contractor could result in that contractor being fined and/or suspended for a period of time from eligibility for bidding on, or for the award of, new U.S. government contracts.

GAAP requires management to make judgments, estimates, and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes.

The preparation of our consolidated financial statements in conformity with U.S. GAAP requires management to make judgments, estimates, and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes.

A number of proposals are pending before U.S. federal, state, and foreign legislative and regulatory bodies that could significantly affect our business. 21 Table of Contents The overarching complexity of privacy and data protection laws and regulations around the world pose a compliance challenge that could manifest in costs, damages, or liability in other forms as a result of failure to implement proper programmatic controls, failure to adhere to those controls, or the malicious or inadvertent breach of applicable privacy and data protection requirements by us, our employees, our business partners, or our customers.

The overarching complexity of privacy and data protection laws and regulations around the world pose a compliance challenge that could manifest in costs, damages, or liability in other forms as a result of failure to implement proper programmatic controls, failure to adhere to those controls, or the malicious or inadvertent breach of applicable privacy and data protection requirements by us, our employees, our business partners, or our customers.

Adverse outcomes with respect to litigation, or a government inquiry, or any of these legal proceedings may result in significant settlement costs or judgments, penalties and fines, or harm our reputation, all of which could negatively affect our business, results of operations and financial conditions. 19 Table of Contents Potential future acquisitions, strategic investments, partnerships, divestitures, mergers or joint ventures may subject us to significant risks, any of which could harm our business.

If we are unable to assert that our internal control over financial reporting is effective, or if, when required, our independent registered public accounting firm is unable to express an opinion on the effectiveness of our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, which would cause the price of our common stock to decline. 23 Table of Contents General Risk Factors If our judgments or estimates relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could be adversely affected.

Any decisions by the U.S. government to not exercise contract options or to terminate, cancel, delay, modify or curtail our major programs or contracts would adversely affect our revenues, revenue growth and profitability. Federal government spending reductions, workforce changes, and policy shifts may impact our existing operations and future opportunities for new contracts.

Adverse events affecting the programs subject to these contracts could also negatively affect our ability to process transactions under those contracts, which could adversely affect our revenue and the results of operations.

Adverse events affecting the programs subject to these contracts, such as a significant decline in the traveling public or any significant supply chain delay, could also negatively affect our ability to process transactions under those contracts, which could adversely affect our revenue and the results of operations.

We are subject to substantial oversight from federal agencies that have the authority to suspend our ability to bid on contracts . As a U.S. government contractor, we are subject to oversight by many agencies and entities of the U.S. government that may investigate and make inquiries about our business practices and conduct audits of contract performance and cost accounting.

As a U.S. government contractor, we are subject to oversight by many agencies and entities of the U.S. government that may investigate and make inquiries about our business practices and conduct audits of contract performance and cost accounting. Depending on the results of any such audits and investigations, the U.S. government may make claims against us.

Furthermore, if we make downward revisions to our previously announced guidance, or if our publicly announced guidance of future operating results fails to meet the expectations of securities analysts, investors or other interested parties, the price of our common stock may decline. 22 Table of Contents Our quarterly operating results fluctuate and may fall short of prior periods, our projections or the expectations of securities analysts or investors, which could adversely affect the trading price of our stock.

Under both types of contracts, we must accurately estimate the likely volume of work that will occur, costs and resource requirements involved, and assess the probability of completing individual transactions or milestones within the contracted time period and amount to maximize or earn profit on these contracts.

In addition, because many of our contracts involve advanced designs and innovative technologies, we may experience unforeseen technological difficulties and cost overruns. 16 Table of Contents Under both types of contracts, we must accurately estimate the likely volume of work that will occur, costs and resource requirements involved, and assess the probability of completing individual transactions or milestones within the contracted time period and amount to maximize or earn profit on these contracts.

Under fixed-price contracts, which represented approximately 78.5% of our 2023 revenues, we receive a fixed price irrespective of the actual costs we incur and, consequently, we carry the burden of any cost overruns.

Generally, our customer contracts are either firm-fixed-price ("FFP") or cost-reimbursable. Under FFP contracts, which represented approximately 75% of our 2024 revenues, we receive a fixed price irrespective of the actual costs we incur, and consequently, we carry the burden of any cost overruns.

We are subject to governmental export and import controls that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.

A conviction could result in debarment for a specified period of time, and debarment could materially and negatively affect our business and operating results. We are subject to governmental export and import controls that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.

As a result of this seasonality, we have historically experienced higher revenues in our third and fourth fiscal quarters, ending September 30 and December 31, respectively, with the pace of orders typically substantially reduced during our first and second fiscal quarters ending March 31 and June 30, respectively.

As a result of this seasonality, we have historically experienced higher revenues in the second half of our fiscal year, with the pace of orders typically substantially reduced during the first half of our fiscal year.

A failure to maintain our relationships with our third-party providers (or obtain adequate replacements), and to receive services from such providers that do not contain any material errors or defects, could adversely affect our ability to deliver effective products and solutions to our customers and adversely affect our business and results of operations. 16 Table of Contents We depend on third parties for certain operational services and components of our products in order to fully perform under our contracts, and the failure or disruption of a third party to perform these services could have an adverse impact on our business.

Likewise, if we are unable to develop new products that meet customers' changing needs, future sales and earnings may be adversely affected. Our financial results may fluctuate due to increasing variability in our security solutions' sales and implementation cycles . We market the majority of our security solutions directly to U.S. government customers.

Our financial results may fluctuate due to increasing variability in our security solutions' sales and implementation cycles . We market the majority of our security solutions directly to U.S. government customers.

In addition, the application, interpretation, and enforcement of these laws and regulations are often uncertain, and may be interpreted and applied inconsistently from country to country and inconsistently with our current policies and practices. A number of proposals are pending before U.S. federal, state, and foreign legislative and regulatory bodies that could significantly affect our business.

Because we do not carry insurance for all of these possible losses, and significant recovery time could be required to resume operations, our financial condition and operating results could be materially adversely affected by such an event outside of our control.

Because we do not carry insurance for all these possible losses, and significant recovery time could be required to resume operations, our financial condition and operating results could be materially adversely affected by such an event outside our control. 24 Table of Contents Increased scrutiny of our environmental, social and governance responsibilities may result in additional costs and risks, and may adversely impact our reputation, employee retention, and willingness of customers and suppliers to do business with us.

As a result, government spending levels are difficult to predict beyond the near term due to numerous factors, including the external threat environment, future government priorities and the state of government finances.

Moreover, the national debt threatened to reach the statutory debt ceiling, and such an event in future years could result in the U.S. government defaulting on its debts. As a result, government spending levels are difficult to predict beyond the near term due to numerous factors, including the external threat environment, future government priorities and the state of government finances.

Many of these third-party providers attempt to impose limitations on their liability for such errors, disruptions, defects, performance deficiencies, or failures, and if enforceable, we may have additional liability to our customers or third-party providers. 15 Table of Contents Furthermore, our solutions are, in many cases, important or essential to our customers' operations, including, in some cases, their cybersecurity or oversight and compliance programs, and subject to service level agreements.

Therefore, the results of any one quarter may not be a reliable indication of results to be expected for any other quarter or for any year.

Our operating results have fluctuated from quarter to quarter at points in the past, and they may do so in the future. Therefore, the results of any one quarter may not be a reliable indication of results to be expected for any other quarter or for any year.

Accordingly, our future performance in part depends on our ability to identify emerging technological trends, develop and manufacture competitive products, and bring those products to market quickly at cost-effective prices. If we fail to effectively anticipate, identify and respond to those changes in a timely manner, our business could be negatively impacted.

Accordingly, our future performance in part depends on our ability to identify emerging technological trends, devote adequate research and development resources, develop and manufacture competitive products, and bring those products to market quickly at cost-effective prices.

We may be unable to realize the expected improved profitability and efficiency from our restructuring efforts. 20 Table of Contents Industry, Legal and Regulatory Risks The business environment in which we operate is highly competitive, and we may not be able to compete successfully against existing or future competitors.

Failures to effectively address these risks and uncertainties may materially and adversely affect our business and results of operations. Industry, Legal and Regulatory Risks The business environment in which we operate is highly competitive, and we may not be able to compete successfully against existing or future competitors.

We have in the past acquired, and may in the future seek to acquire or invest in complementary businesses, products or technologies to enhance our technical capabilities or otherwise offer growth opportunities. Our long-term strategy may include identifying and acquiring, partnering with, investing in or merging with suitable candidates on acceptable terms, or divesting of certain business lines or activities.

Our long-term strategy may include identifying and acquiring, partnering with, investing in or merging with suitable candidates on acceptable terms, or divesting of certain business lines or activities.

We began the execution of the restructuring plan early 2023, incurring restructuring-related costs, including employee severance and related benefit costs and external consulting and advisory fees related to the implementation of the restructuring plan.

We executed the restructuring plan in early 2023, incurring restructuring-related costs, including employee severance and related benefit costs and external consulting and advisory fees related to the implementation of the restructuring plan. In addition, we undertook another restructuring action in the third quarter of 2024 in an effort to optimize our strategic priorities, and incurred severance and related benefit costs.

The inability to adequately protect and enforce our intellectual property and other proprietary rights could seriously harm our business, results of operations and financial condition. Failure to accurately estimate the factors upon which we base our contract pricing could adversely impact our earnings and profitability. Generally, our customer contracts are either fixed-price or cost-reimbursable.

The inability to adequately protect and enforce our intellectual property and other proprietary rights could seriously harm our business, results of operations and financial condition. Our earnings and profitability may vary based on the mix of our contracts and may be adversely affected by our failure to estimate and manage costs, time, and resources accurately.

Additionally, public interest and legislative pressure related to public companies' ESG practices continue to grow.

Investor advocacy groups, institutional investors, investment funds, proxy advisory services, stockholders, and customers are increasingly focused on companies' ESG practices. Additionally, public interest and legislative pressure related to public companies' ESG practices continue to change.

Removed

A security breach or incident could result in the unauthorized disclosure of large quantities of our customers' customers' personally identifiable information.

Added

Uncertainty exists regarding how future budget and program decisions will unfold, including the spending priorities of the new U.S. presidential administration and Congress, and what challenges budget reductions will present for us and our industry generally. The current administration's efforts to reduce the size and spending of the federal government pose several potential risks to our operations.

Removed

The U.S. government contracts for which we compete typically have multiple option periods, and if we fail to win a contract or a task order, we generally will be unable to compete again for that contract for several years.

Added

The focus on reducing government spending may lead to fewer contracts being awarded, reduced contract values, or delays in the awarding of contracts. Changes in federal priorities may result in a shift away from governance, risk and compliance software solutions, cybersecurity, and digital identity services, potentially reducing demand for our offerings.

Removed

Furthermore, our solutions are, in many cases, important or essential to our customers' operations, including in some cases, their cybersecurity or oversight and compliance programs, and subject to service level agreements.

… 36 more changes not shown on this page.

Item 1C. Cybersecurity

Cybersecurity — threats and controls disclosure

7 edited+0 added−0 removed17 unchanged

2023 filing

2024 filing

Biggest changeCertifications held by the Information Security team include CompTIA A+, Network+, Security+, Project+, & CyberSecurity Analyst+, eLearnSecurity Junior Penetration Tester, EC-Council Certified Ethical Hacker ("CEH"), Certified Encryption Specialist, Certified Security Analyst, & Computer Hacking Forensic Investigator ("CHFI"), CMMC-AB Registered Practitioner ("RP"), and ISC2 Certified Information Systems Security Professional ("CISSP").

Biggest changeCertifications held by the Information Security team include CompTIA A+, Network+, Security+, CyberSecurity Analyst+ ("CYSA+"), Pentest+, Advanced Security Practitioner ("CASP"), EC-Council Certified Ethical Hacker ("CEH"), Certified Security Analyst ("ECSA"), Computer Hacking Forensic Investigator ("CHFI"), Associate Chief Information Security Officer ("ACCISO"), CMMC-AB Registered Practitioner ("RP"), ISC2 Certified Information Systems Security Professional ("CISSP"), Systems Security Certified Practitioner ("SSCP"), ISACA Certified Information Security Manager ("CISM"), PCAP – Certified Associate Python Programmer, & eLearnSecurity Junior Penetration Tester ("eJPT").

Cybersecurity Company’s processes to assess, identify, and manage material cybersecurity risks We have developed an ISO/IEC 27001-certified Information Security Management System (“ISMS”) designed to enhance our corporate security measures, identify and mitigate information security risks, and protect and preserve the confidentiality, integrity, and continued availability of all information owned by the Company and that of its customers and suppliers in our control.

Cybersecurity The Company’s processes to assess, identify, and manage material cybersecurity risks We developed an ISO/IEC 27001-certified Information Security Management System (“ISMS”) designed to enhance our corporate security measures, identify and mitigate information security risks, and protect and preserve the confidentiality, integrity, and continued availability of all information owned by the Company and that of its customers and suppliers in our control.

Our ISO certification can be verified on the BSI Group website using certificate number IS 64920. Our ISMS includes developing, implementing, and continually improving policies and procedures designed to safeguard information and ensure the availability of critical data and systems.

Our ISO certification can be verified on the BSI Group website using certificate number IS 649202. Our ISMS includes developing, implementing, and continually improving policies and procedures designed to safeguard information and ensure the availability of critical data and systems.

Certifications held by the CISO include CompTIA A+, Network+, & Security+, Microsoft Technology Associate ("MTA"), CMMC-AB RP, ISO 27001 Certified Lead Implementer Professional, EC-Council CEH & CHFI, ISACA Certified Data Privacy Solutions Engineer & Certified Information Security Manager, ISC2 CISSP, and Offensive Security Certified Professional.

Certifications held by the CISO include CompTIA A+, Network+, & Security+, Microsoft Technology Associate ("MTA"), CMMC-AB RP, ISO 27001 Certified Lead Implementer Professional, EC-Council CEH & CHFI, ISACA Certified Data Privacy Solutions Engineer ("CDPSE") & Certified Information Security Manager ("CISM"), ISC2 CISSP, and Offensive Security Certified Professional ("OSCP").

Our CISO’s background includes over 17 years of experience in IT and Information Security. His formal education includes a Master’s degree in Cybersecurity and Information Assurance and a Bachelor’s degree in Computer Forensics.

Our CISO’s background includes over 18 years of experience in IT and Information Security. His formal education includes a Master’s degree in Cybersecurity and Information Assurance and a Bachelor’s degree in Computer Forensics.

Our Information Security organization also leverages third-party advisors, as appropriate, for various tasks such as conducting annual third-party penetration testing. In 2023, we conducted an enterprise risk assessment that included an assessment of cybersecurity risk in context with other enterprise-level risks. Furthermore, our CISO and our General Counsel regularly discuss cybersecurity risk mitigation.

Our Information Security organization also leverages third-party advisors, as appropriate, for various tasks, such as conducting annual third-party penetration testing. We conduct an enterprise risk assessment that includes an assessment of cybersecurity risk in context with other enterprise-level risks. Furthermore, our CISO and our General Counsel regularly discuss cybersecurity risk mitigation.

Management’s role and expertise in assessing and managing material cybersecurity risks Our Information Security team is charged with the responsibility for assessing and managing material cybersecurity risks. That team is led by our CISO.

Management’s role and expertise in assessing and managing material cybersecurity risks Our Information Security team, led by our CISO, is responsible for assessing and managing material cybersecurity risks.

Item 2. Properties

Properties — owned and leased real estate

0 edited+1 added−1 removed1 unchanged

2023 filing

2024 filing

Removed

We believe that the current space is substantially adequate to meet our operating requirements.

Added

We believe that the current space is substantially adequate to meet our operating requirements. Item 3. Legal Proceedings Information regarding legal proceedings may be found in Note 19 – Commitments and Contingencies to the Consolidated Financial Statements. Item 4. Mine Safety Disclosures Not applicable. 27 Table of Contents PART II

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

4 edited+0 added−1 removed1 unchanged

2023 filing

2024 filing

Biggest changeThe number of shareholders of record of our common stock may not be representative of the number of beneficial owners due to shares that may be held by depositories, brokers or nominees. For information regarding securities authorized for issuance under our stock-based compensation plan, see Note 12 – Stock-Based Compensation to the Consolidated Financial Statements contained in Item 8.

The repurchase program has no expiration date and may be modified, suspended, or terminated at any time. There were no repurchases of common stock in fiscal year 2023, and approximately $38.7 million remained available for future common stock repurchases under the SRP as of December 31, 2023. Item 6. [Reserved] None 28 Table of Contents

The repurchase program has no expiration date and may be modified, suspended, or terminated at any time. There were no repurchases of common stock in fiscal year 2024, and approximately $38.7 million remained available for future common stock repurchases under the SRP as of December 31, 2024. Item 6. [Reserved] None 28 Table of Contents

Sales of Equity Securities and Use of Proceeds There were no sales of unregistered equity securities during the three months ended December 31, 2023, that were not registered under the Securities Act and were not previously disclosed on a Quarterly Report on Form 10-Q or a Current Report on Form 8-K.

Sales of Equity Securities and Use of Proceeds There were no sales of unregistered equity securities during the three months ended December 31, 2024, that were not registered under the Securities Act and were not previously disclosed on a Quarterly Report on Form 10-Q or a Current Report on Form 8-K.

Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Our common stock is traded on the Nasdaq Global Market under the symbol "TLS." As of March 8, 2024, there were approximately 152 holders of record of Telos common stock, par value $0.001 par value.

Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Our common stock is traded on the Nasdaq Global Market under the symbol "TLS." As of March 3, 2025, there were approximately 156 holders of record of Telos common stock, par value $0.001 par value.

Removed

For information regarding securities authorized for issuance under our stock-based compensation plan, see N ote 1 2 – Stock-Base d Compensation to the Consolidated Financial Statements contained in Item 8.

Item 6. [Reserved]

Selected Financial Data — reserved (removed by SEC in 2021)

5 edited+0 added−0 removed0 unchanged

2023 filing

2024 filing

Biggest changeLeases 64 1 4 . Employee Benefit Plan 65 1 5 . Income Taxes 66 1 6 . (Loss)/Earnings Per Share 68 1 7 . Related Party Transactions 68 1 8 . Segment Information 69 19 . Commitments and Contingencies 70 2 0 . Supplemental Cash F low Information 70

Biggest changeIncome Taxes 68 16. Loss Per Share 70 17. Related Party Transactions 70 18. Segment Information 71 19. Commitments and Contingencies 72 20. Supplemental Cash Flow Information 72

Consolidated Financial Statements and Supplementary Data 40 Report of Independent Registered Public Accounting Firm (PCAOB ID No. 238) 40 Consolidated Statements of Operations 42 Consolidated Statements of Comprehensive Loss 43 Consolidated Balance Sheets 44 Consolidated Statements of Cash Flows 45 Consolidated Statements of Changes in Stockholders' Equity 46 Notes to the Consolidated Financial Statements 47 1. Organization 47 2.

Consolidated Financial Statements and Supplementary Data 41 Report of Independent Registered Public Accounting Firm (PCAOB ID No. 238) 41 Consolidated Statements of Operations 43 Consolidated Statements of Comprehensive Loss 44 Consolidated Balance Sheets 45 Consolidated Statements of Cash Flows 46 Consolidated Statements of Changes in Stockholders' Equity 47 Notes to the Consolidated Financial Statements 48 1. Organization 48 2.

Item 6. [Reserved] 28 Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations 29 Business Overview 29 Business Environment 29 Backlog 31 Financial Hig hlights 31 Results of Operations 32 Key Performance Measure 33 Non-GAAP Financial Measures 33 Liquidity and Capital Resources 36 Critical Accounting Policies and Estimates 37 Item 7A.

Item 6. [Reserved] 28 Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations 29 Overview 29 Business Environment 29 Key Performance Measure 31 Backlog 31 Financial Highlights 32 Results of Operations 32 Non-GAAP Financial Measures 33 Liquidity and Capital Resources 36 Critical Accounting Policies and Estimates 38 Item 7A.

Quantitative and Qualitative Disclosures about Market Risk 39 Item 8.

Quantitative and Qualitative Disclosures about Market Risk 40 Item 8.

Significant Accounting Policies 47 3. Revenue Recognition 55 4. Accounts Receivable, Net 58 5. Inventories, Net 58 6. Property and Equipment, Net 58 7. Goodwill 59 8. Intangible Assets, Net 59 9. Other Balance Sheet Components 60 1 0 . Debt and Other Obligations 61 1 1 . Stockholders' Equity 62 1 2 . Stock-Based Compensation 62 1 3 .

Significant Accounting Policies 48 3. Revenue Recognition 56 4. Accounts Receivable, Net 60 5. Inventories, Net 60 6. Property and Equipment, Net 60 7. Goodwill 61 8. Intangible Assets, Net 61 9. Other Balance Sheet Components 62 10. Debt and Other Obligations 63 11. Stockholders' Equity 64 12. Stock-Based Compensation 64 13. Leases 67 14. Employee Benefit Plan 68 15.

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

79 edited+35 added−25 removed39 unchanged

2023 filing

2024 filing

Biggest changeMore details on these changes are presented below within our "Results of Operations" section. • The successful completion of certain programs, lower revenue on ongoing major programs and the loss of a program resulted in a decline in fiscal year 2023 compared with 2022 results, partially offset by some new program wins across the portfolio and the ramp of TSA PreCheck. • TSA announced Telos Corporation as TSA's second official TSA PreCheck enrollment and renewal provider in August 2023. • Operating costs were lower, in part, as a result of the restructuring plan announced in the first quarter of 2023. • Lower operating costs resulted in an improvement in profitability and earnings per share. 31 Table of Contents Results of Operations Consolidated Results Table MD&A 2: Consolidated Financial Results Comparison For the Year Ended December 31, 2023 2022 (dollars in thousands) Revenue $ 145,378 $ 216,887 Cost of sales (excluding depreciation and amortization) 88,892 137,051 Depreciation and amortization 3,544 793 Total cost of sales 92,436 137,844 Gross profit 52,942 79,043 Gross margin 36.4 % 36.4 % Selling, general and administrative expenses 93,257 132,893 Selling, general and administrative expense as percentage of revenue 64.1 % 61.3 % Operating loss (40,315) (53,850) Other income 6,715 1,350 Interest expense (786) (874) Loss before income taxes (34,386) (53,374) Provision for income taxes (36) (54) Net loss $ (34,422) $ (53,428) Our business segments have different factors driving revenue fluctuations and profitability.

Biggest changeResults of Operations Consolidated Results Table MD&A 2: Consolidated Financial Results Comparison For the Year Ended December 31, 2024 2023 Dollar Change (dollars in thousands) Revenue $ 108,272 $ 145,378 $ (37,106) Cost of sales 73,843 92,436 (18,593) Gross profit 34,429 52,942 (18,513) Gross margin 31.8 % 36.4 % Operating expenses 90,302 93,257 (2,955) Operating expenses as percentage of revenue 83.4 % 64.1 % Operating loss (55,873) (40,315) (15,558) Other income 4,023 6,715 (2,692) Interest expense (644) (786) 142 Loss before income taxes (52,494) (34,386) (18,108) Provision for income taxes (26) (36) 10 Net loss $ (52,520) $ (34,422) $ (18,098) Our business segments have different factors driving revenue fluctuations and profitability.

The other source of stock-based compensation consists of accrued compensation, which the Company intends to settle in shares of the Company's common stock. However, it is the Company's discretion whether this compensation will ultimately be paid in stock or cash.

Among other limitations, each of EBITDA, Adjusted EBITDA, EBITDA Margin, Adjusted EBITDA Margin, Adjusted Net (Loss)/Income, Adjusted EPS, Cash Gross Profit, Cash Gross Margin and Free Cash Flow does not reflect our cash expenditures, or future requirements, for capital expenditures or contractual commitments, does not reflect the impact of certain cash and non-cash charges resulting from matters we consider not to be indicative of our ongoing operations, and does not reflect income tax expense or benefit.

Among other limitations, each of EBITDA, Adjusted EBITDA, EBITDA Margin, Adjusted EBITDA Margin, Adjusted Net Loss, Adjusted EPS, Adjusted Gross Profit, Adjusted Gross Margin, Cash Gross Profit, Cash Gross Margin and Free Cash Flow does not reflect our cash expenditures, or future requirements, for capital expenditures or contractual commitments, does not reflect the impact of certain cash and non-cash charges resulting from matters we consider not to be indicative of our ongoing operations, and does not reflect income tax expense or benefit.

Because of these limitations, neither EBITDA, Adjusted EBITDA, EBITDA Margin, Adjusted EBITDA Margin, Adjusted Net (Loss)/Income, Adjusted EPS, Cash Gross Profit, Cash Gross Margin nor Free Cash Flow should be considered as a replacement for gross profit, gross margin, net (loss)/income, earnings per share or net cash flows (used in)/provided by operating activities, as determined by GAAP, or as a measure of our profitability.

Because of these limitations, neither EBITDA, Adjusted EBITDA, EBITDA Margin, Adjusted EBITDA Margin, Adjusted Net Loss, Adjusted EPS, Adjusted Gross Profit, Adjusted Gross Margin, Cash Gross Profit, Cash Gross Margin nor Free Cash Flow should be considered as a replacement for gross profit, gross margin, net (loss) income, earnings per share or net cash flows (used in) provided by operating activities, as determined by GAAP, or as a measure of our profitability.

For contracts where revenue is recognized over time, we recognize revenue based on progress towards completion of the performance obligation, using costs incurred to date relative to total estimated cost at completion to measure progress on a proportional performance basis for our contracts.

For contracts where revenue is recognized over time, we recognize revenue based on progress towards completion of the performance obligation, using costs incurred to date relative to the total estimated cost at completion to measure progress on a proportional performance basis for our contracts.

We amortize intangible assets over their respective estimated useful lives, and review them for impairment whenever events or changes in business circumstances indicate the carrying value may not be recoverable. Likewise, we evaluated our intangible assets for potential impairment. As a result of the assessment, we identified conditions demonstrating an impairment of certain software development costs.

We amortize intangible assets over their respective estimated useful lives, and review them for impairment whenever events or changes in business circumstances indicate the carrying value may not be recoverable. We evaluated our intangible assets for potential impairment. As a result of the assessment, we identified conditions demonstrating an impairment of certain software development costs.

On February 9, 2023, when the third-party buyer notified us that it would not exercise the option period, we transferred all the rights, title and interest in the underlying licenses in exchange for the extinguishment of the outstanding financing obligations. The extinguishment of the other financing obligations resulted to a gain of $1.4 million.

We believe that EBITDA, EBITDA Margin, Adjusted EBITDA and Adjusted EBITDA Margin provide the Board, management and investors with clear representation of our core operating performance and trends, provide greater visibility into the long-term financial performance of the Company, and eliminate the impact of items that do not relate to the ongoing operating performance of the business.

We believe that EBITDA, EBITDA Margin, Adjusted EBITDA and Adjusted EBITDA Margin provide the Board of Directors, management and investors with clear representation of our core operating performance and trends, provide greater visibility into the long-term financial performance of the Company, and eliminate the impact of items that do not relate to the ongoing operating performance of the business.

The Company has the right to dictate the form of these payments up until the date at which they are paid. Any change to the expected payment form would result in a change in estimate that would add back to Adjusted Net (Loss)/Income.

GAAP, we believe the non-GAAP financial measures of EBITDA, Adjusted EBITDA, EBITDA Margin, Adjusted EBITDA Margin, Adjusted Net (Loss)/Income, Adjusted Earnings Per Share ("EPS"), Cash Gross Profit, Cash Gross Margin and Free Cash Flow are useful in evaluating our operating performance.

GAAP, we believe the non-GAAP financial measures of EBITDA, Adjusted EBITDA, EBITDA Margin, Adjusted EBITDA Margin, Adjusted Net Loss, Adjusted Earnings Per Share ("EPS"), Adjusted Gross Profit, Adjusted Gross Margin, Cash Gross Profit, Cash Gross Margin and Free Cash Flow are useful in evaluating our operating and cash flow performance.

Other companies in our industry may calculate Adjusted EBITDA, Adjusted EBITDA Margin, Adjusted Net (Loss)/Income, Adjusted EPS, Cash Gross Profit, Cash Gross Margin and Free Cash Flow differently than we do, which limits their usefulness as comparative measures.

Other companies in our industry may calculate Adjusted EBITDA, Adjusted EBITDA Margin, Adjusted Net Loss, Adjusted EPS, Adjusted Gross Profit, Adjusted Gross Margin, Cash Gross Profit, Cash Gross Margin and Free Cash Flow differently than we do, which limits their usefulness as comparative measures.

The critical accounting policies requiring estimates, assumptions, and judgments that we believe have the most significant impact on our consolidated financial statements in fiscal year 2023 are described below. This is not intended to be a comprehensive list of all significant accounting policies that are more fully described in the notes to consolidated financial statements contained within this report.

The critical accounting policies requiring estimates, assumptions, and judgments that we believe have the most significant impact on our consolidated financial statements in fiscal year 2024 are described below. This is not intended to be a comprehensive list of all significant accounting policies that are more fully described in the notes to consolidated financial statements contained within this report.

Identity Assurance and Privacy Protection are Essential for Today's Enterprises: Identity and access management continues to be a major cybersecurity concern for organizations and individuals that need to ensure their security and protect their privacy. Trusted identities are essential to confidence in IT and physical security strategies and to the success of Zero Trust security models and architectures.

Identity Assurance and Privacy Protection are Essential for Today's Enterprises: Identity and access management continue to be a major cybersecurity concern for organizations and individuals that need to ensure their security and protect their privacy. Trusted identities are essential to confidence in IT and physical security strategies and to the success of Zero Trust security models and architectures.

The discussion of the changes in our net revenue and profitability are covered in greater detail under the section that follows: "Segment Results." We generate revenue from the delivery of products and services to our customers. Cost of sales, for both products and services, consists of labor, materials, subcontracting costs and an allocation of indirect costs.

The discussion of the changes in our net revenue and profitability is covered in greater detail under the section that follows: "Segment Results." We generate revenue from the delivery of products and services to our customers. Cost of sales, for both products and services, consists of labor, materials, subcontracting costs and an allocation of indirect costs.

We believe these non-GAAP financial measures facilitate comparison of our operating performance on a consistent basis between periods by excluding certain items that may, or could, have a disproportionately positive or negative impact on our results of operations in any particular period.

We believe these non-GAAP financial measures facilitate comparison of our operating and cash performance on a consistent basis between periods by excluding certain items that may, or could, have a disproportionately positive or negative impact on our results of operations in any particular period.

When viewed in combination with our results prepared in accordance with GAAP, these non-GAAP financial measures help provide a broader picture of factors and trends affecting our results of operations. 33 Table of Contents EBITDA, Adjusted EBITDA, EBITDA Margin and Adjusted EBITDA Margin EBITDA, Adjusted EBITDA, EBITDA Margin and Adjusted EBITDA Margin are supplemental measures of operating performance that are not made under GAAP and do not represent, and should not be considered as, an alternative to net loss as determined by GAAP.

When viewed in combination with our results prepared in accordance with GAAP, these non-GAAP financial measures help provide a broader picture of factors and trends affecting our results of operations. 33 Table of Contents EBITDA, Adjusted EBITDA, EBITDA Margin and Adjusted EBITDA Margin EBITDA, Adjusted EBITDA, EBITDA Margin and Adjusted EBITDA Margin are supplemental measures of operating and cash flow performance that are not made under GAAP and do not represent, and should not be considered as an alternative to net (loss) income as determined by GAAP.

The required reporting of this information will lead many companies to proactively establish policies that will improve their cyber risk management posture and enable them to better withstand heightened public and regulatory scrutiny.

The required reporting of this information leads many companies to proactively establish policies that will improve their cyber risk management posture and enable them to better withstand heightened public and regulatory scrutiny.

Cash Gross Profit and Cash Gross Margin Cash Gross Profit and Cash Gross Margin are supplemental measures of operating performance that are not made under GAAP and do not represent, and should not be considered as, alternatives to gross profit and gross margin as determined by GAAP.

Adjusted Gross Profit, Cash Gross Profit, Adjusted Gross Margin and Cash Gross Margin Adjusted Gross Profit, Cash Gross Profit, Adjusted Gross Margin and Cash Gross Margin are supplemental measures of operating and cash flow performance that are not made under GAAP and do not represent, and should not be considered as alternatives to gross profit and gross margin as determined by GAAP.

Due to the nature of our business and other factors described in Item 1A , " R isk Factors ", of this Annual Report on Form 10-K, the profitability of our individual reporting units may periodically be affected by downturns in customer demand, operational challenges, and other factors.

Due to the nature of our business and other factors described in Item 1A, "Risk Factors ," of this Annual Report on Form 10-K, the profitability of our individual reporting units may periodically be affected by downturns in customer demand, operational challenges, and other factors.

In this section, we discuss our financial condition, changes in financial condition and results of operations for the year ended December 31, 2023, compared to the year ended December 31, 2022.

In this section, we discuss our financial condition, changes in financial condition and results of operations for the year ended December 31, 2024, compared to the year ended December 31, 2023.

In addition to historical financial information, the following discussion and analysis contains forward-looking statements that involve risks, uncertainties and assumptions.

In addition to historical financial information, the following discussion and analysis contain forward-looking statements that involve risks, uncertainties and assumptions.

Reductions in backlog arises from the completion or the early termination of contracts. See the relevant industry, legal and regulatory risks under Item 1A, "Risk Factors", of this Annual Report on Form 10-K. We believe that comparisons of backlog period-to-period are difficult. We also believe that it is difficult to predict future revenue solely based on analysis of backlog.

Reductions in backlog arise from the completion or the early termination of contracts. See the relevant industry, legal and regulatory risks under Item 1A, "Risk Factors , " of this 10-K. We believe that comparisons of backlog period-to-period are difficult. We also believe that it is difficult to predict future revenue solely based on analysis of backlog.

We have various lease agreements pursuant to ASC 842, "Leases" that require us to record the present value of the minimum lease payments for such lease properties. In addition, there were no outstanding commitments that were considered material for capital expenditures on December 31, 2023.

We have various lease agreements pursuant to ASC 842, "Leases" that require us to record the present value of the minimum lease payments for such lease properties. There were no outstanding commitments that were considered material for capital expenditures on December 31, 2024.

Further, Adjusted EBITDA is used by the Board and management to prepare and approve our annual budget, and to evaluate the performance of certain management personnel when determining incentive compensation.

Further, Adjusted EBITDA is used by the Board of Directors and management to prepare and approve our annual budget, and from time to time, to evaluate the performance of certain management personnel when determining incentive compensation.

The cash flow from operating activities is primarily driven by the Company's operating losses, the timing of receipts of customer payments, the timing of payments to vendors and employees, and the timing of inventory turnover, adjusted for certain non-cash items that do not impact cash flows from operating activities.

The change in cash flow from operating activities is primarily driven by the Company's operating losses, the timing of receipts of customer payments, and the timing of payments to vendors and employees, adjusted for certain non-cash items that do not impact cash flows from operating activities.

For further discussion of the methods used and factors considered in our estimates as part of the impairment testing for goodwill and intangible assets, see Note 2 - Significant Accounting Policies on Goodwill and Intangible Assets, Note 7 - Goodwill and Note 8 - Intangible Assets, Net to the consolidated financial statements.

We define EBITDA as net (loss)/income, adjusted for non-operating (income)/expense, interest expense, provision for/(benefit from) income taxes, and depreciation and amortization. We define Adjusted EBITDA as EBITDA, adjusted for stock-based compensation expense and restructuring expenses. We define EBITDA Margin as EBITDA as a percentage of total revenue.

We define EBITDA as net (loss) income, adjusted for non-operating (income) expense, interest expense, provision for (benefit from) income taxes, and depreciation and amortization. We define Adjusted EBITDA as EBITDA, adjusted for stock-based compensation expense, impairment loss on intangible assets, and restructuring expenses (adjustments). We define EBITDA Margin as EBITDA as a percentage of total revenue.

The actual timing of revenue from projects included in backlog will vary. Financial Highlights A number of factors have affected our fiscal year 2023 results, the most significant of which we have listed below.

The actual timing of revenue from projects included in backlog will vary. 31 Table of Contents Financial Highlights A number of factors have affected our fiscal year 2024 results, the most significant of which we have listed below.

On April 12, 2023, we amended our Credit Agreement and revised certain provision on the terms of the covered collateral. See Note 1 0 - Debt and Other Obligatio ns to the consolidated financial statements contained within this Annual Report for additional information. The Credit Agreement contains customary terms and conditions, including certain covenant requirements.

On April 12, 2023, we amended our Credit Agreement and revised certain provisions on the terms of the covered collateral. See Note 10 - Debt and Other Obligations to the consolidated financial statements contained within this Annual Report for additional information. The Credit Agreement contains customary terms and conditions, including certain covenant requirements.

As of December 31, 2023, we had cash and cash equivalents of $99.3 million and our working capital was $100.8 million. We place a strong emphasis on liquidity management. This focus gives us the flexibility for capital deployment while preserving a strong balance sheet to position us for future opportunities.

As of December 31, 2024, we had cash and cash equivalents of $54.6 million and our working capital was $69.3 million. We place a strong emphasis on liquidity management. This focus gives us the flexibility for capital deployment while preserving a strong balance sheet to position us for future opportunities.

In testing goodwill for impairment, we first assess the qualitative factors to determine whether the existence of events or circumstances leads to a determination that it is more-likely-than-not that the fair value of a reporting unit is less than its carrying value. If after the assessment, we determine that an impairment indicator exists, we perform the quantitative goodwill impairment test.

Stock-based compensation expense for the awarded RSUs, PSUs and stock options was $22.9 million and $62.5 million for fiscal year 2023 and 2022, respectively. Stock-based compensation expense from other sources was $1.5 million and $2.1 million for the fiscal year 2023 and 2022, respectively.

Stock-based compensation expense for the awarded RSUs, PSUs and stock options was $19.4 million and $22.9 million for fiscal years 2024 and 2023, respectively. Stock-based compensation expense from other sources was $2.1 million and $1.5 million for the fiscal years 2024 and 2023, respectively.

Cash Gross Profit and Cash Gross Margin provide management and investors a clear representation of the core economics of gross profit and gross margin without the impact of non-cash expenses and sunk costs expended.

We define Cash Gross Margin as Cash Gross Profit as a percentage of total revenue. Adjusted Gross Profit, Cash Gross Profit, Adjusted Gross Margin and Cash Gross Margin provide management and investors with a clear representation of the core economics of gross profit and gross margin without the impact of non-cash expenses and sunk costs expended.

An impairment charge of $0.5 million was recorded in the consolidated statements of operations for the year ended December 31, 2023.

An impairment charge of $11.7 million and $0.5 million was recorded in the consolidated statements of operations for the years ended December 31, 2024, and 2023, respectively.

If the fair value is less than the carrying value, the amount of impairment expense is equal to the difference between the reporting unit's fair value and the reporting unit's carrying value. 38 Table of Contents Determining the fair value of a reporting unit requires management's judgment and involves the use of significant estimates and assumptions, including forecasted revenue, operating margins, capital expenditures, and selection and use of an appropriate discount rate commensurate with the risk inherent in each of our reporting units' current business models.

Determining the fair value of a reporting unit requires management's judgment and involves the use of significant estimates and assumptions, including forecasted revenue, operating margins, capital expenditures, and selection and use of an appropriate discount rate commensurate with the risk inherent in each of our reporting units' current business models.

Adjusted Net (Loss)/Income and Adjusted EPS provide the Board, management and investors with clear representation of our core operating performance and trends, provide greater visibility into the long-term financial performance of the Company, and eliminate the impact of items that do not relate to the ongoing operating performance of the business. 34 Table of Contents Table MD&A 6: Reconciliation of Net Loss and GAAP EPS to Non-GAAP Adjusted Net Income and Adjusted EPS For the Year Ended December 31, 2023 2022 Adjusted Net Income/(Loss) Adjusted Earnings Per Share Adjusted Net Income/(Loss) Adjusted Earnings Per Share (in thousands, except per share data) Net loss $ (34,422) $ (0.50) $ (53,428) $ (0.79) Adjustments: Other income (6,715) (0.10) (1,350) (0.02) Stock-based compensation expense (1) 24,396 0.35 64,660 0.96 Restructuring expenses (2) 1,132 0.02 2,767 0.04 Adjusted net (loss)/income (Non-GAAP) $ (15,609) $ (0.23) $ 12,649 $ 0.19 Weighted-average shares of common stock outstanding, basic 69,256 67,559 (1) The stock-based compensation adjustment to EBITDA is made up of stock-based compensation expense for the awarded service-based restricted stock units ("RSUs"), performance-based restricted stock units ("PSUs"), stock options, and other sources.

Adjusted Net (Loss) Income and Adjusted EPS provide the Board of Directors, management and investors with clear representation of our core operating performance and trends, provide greater visibility into the long-term financial performance of the Company, and eliminate the impact of items that do not relate to the ongoing operating performance of the business. 34 Table of Contents Table MD&A 6: Reconciliation of Net Loss and GAAP EPS to Non-GAAP Adjusted Net Loss and Adjusted EPS For the Year Ended December 31, 2024 2023 Adjusted Net Loss Adjusted Earnings Per Share Adjusted Net Loss Adjusted Earnings Per Share (in thousands, except per share data) Net loss $ (52,520) $ (0.73) $ (34,422) $ (0.50) Adjustments: Other income (4,023) (0.06) (6,715) (0.10) Stock-based compensation expense (1) 21,411 0.30 24,396 0.35 Impairment loss on intangible assets (2) 11,706 0.16 — — Restructuring expenses (3) 1,270 0.02 1,132 0.02 Adjusted net loss (Non-GAAP) $ (22,156) $ (0.31) $ (15,609) $ (0.23) Weighted-average shares of common stock outstanding, basic 71,850 69,256 (1) The stock-based compensation adjustment to EBITDA is made up of stock-based compensation expense for the awarded service-based RSUs, PSUs, stock options, and other sources.

The Company performs the quantitative goodwill impairment test by calculating the fair value of the reporting unit and comparing it to its respective carrying value including goodwill.

If, after the assessment, we determine that an impairment indicator exists, we perform the quantitative goodwill impairment test. The Company performs the quantitative goodwill impairment test by calculating the fair value of the reporting unit and comparing it to its respective carrying value including goodwill.

Table MD&A 5: Reconciliation of Net Loss to EBITDA, Adjusted EBITDA and Adjusted EBITDA Margin For the Year Ended December 31, 2023 2022 Amount Margin Amount Margin (dollars in thousands) Net loss $ (34,422) (23.7) % $ (53,428) (24.6) % Other income (6,715) (4.6) % (1,350) (0.6) % Interest expense 786 0.5 % 874 0.4 % Provision for income taxes 36 — % 54 — % Depreciation and amortization 9,429 6.5 % 5,890 2.7 % EBITDA (Non-GAAP) (30,886) (21.3) % (47,960) (22.1) % Stock-based compensation expense (1) 24,396 16.8 % 64,660 29.8 % Restructuring expenses (2) 1,132 0.8 % 2,767 1.3 % Adjusted EBITDA (Non-GAAP) $ (5,358) (3.7) % $ 19,467 9.0 % (1) The stock-based compensation adjustment to EBITDA is made up of stock-based compensation expense for the awarded service-based restricted stock units ("RSUs"), performance-based restricted stock units ("PSUs"), stock options, and other sources.

Table MD&A 5: Reconciliation of Net Loss to EBITDA and Adjusted EBITDA; Net Loss Margin to EBITDA Margin and Adjusted EBITDA Margin For the Year Ended December 31, 2024 2023 Amount Margin Amount Margin (dollars in thousands) Net loss $ (52,520) (48.5)% $ (34,422) (23.7)% Other income (4,023) (3.7)% (6,715) (4.6)% Interest expense 644 0.6% 786 0.5% Provision for income taxes 26 —% 36 —% Depreciation and amortization (2) 11,867 11.0% 9,429 6.5% EBITDA (Non-GAAP) (44,006) (40.6)% (30,886) (21.3)% Stock-based compensation expense (1) 21,411 19.8% 24,396 16.8% Impairment loss on intangible assets (2) 11,706 10.8% — —% Restructuring expenses (3) 1,270 1.1% 1,132 0.8% Adjusted EBITDA (Non-GAAP) $ (9,619) (8.9)% $ (5,358) (3.7)% (1) The stock-based compensation adjustment to EBITDA is made up of stock-based compensation expense for the awarded service-based restricted stock units ("RSUs"), performance-based restricted stock units ("PSUs"), stock options, and other sources.

We expect that a majority of the business that we seek in the foreseeable future will be awarded through a competitive bidding process. Over the past several years we sought to diversify and improve our operating margins through an evolution of our business from an emphasis on product reselling to that of an advanced solutions technologies provider.

Over the past several years we have sought to diversify and improve our operating margins through the evolution of our business from an emphasis on product reselling to that of an advanced solutions technologies provider.

We regularly review our deferred tax assets for recoverability and establish a valuation allowance when management believes it is more likely than not such asset will not be recovered, taking into consideration historical operating results, expectations of future earnings, tax planning strategies and the expected timing of the reversals of existing temporary differences.

We regularly review our deferred tax assets for recoverability and establish a valuation allowance when management believes it is more likely than not that such asset will not be recovered, taking into consideration historical operating results, expectations of future earnings, tax planning strategies and the expected timing of the reversals of existing temporary differences. 39 Table of Contents Recent Accounting Pronouncements See Note 2 - Significant Accounting Policies of the consolidated financial statements contained within this Annual Report for a discussion of recently issued accounting pronouncements.

Adjusted Net (Loss)/Income and Adjusted EPS Adjusted Net (Loss)/Income and Adjusted EPS are supplemental measures of operating performance that are not made under GAAP and do not represent, and should not be considered as, alternatives to net (loss)/income as determined by GAAP. We define Adjusted Net (Loss)/Income as net loss, adjusted for non-operating (income)/expense, stock-based compensation expense and restructuring expense.

Adjusted Net Loss and Adjusted EPS Adjusted Net (Loss) Income and Adjusted EPS are supplemental measures of operating and cash flow performance that are not made under GAAP and do not represent, and should not be considered as alternatives to, net (loss) income and earnings per share as determined by GAAP.

We define Cash Gross Profit as gross profit, plus noncash charges for stock-based compensation expense, depreciation and amortization, as well as non-recurring items (such as restructuring expenses) charged under cost of sales. We define Cash Gross Margin as Cash Gross Profit as a percentage of total revenue.

We define Adjusted Gross Profit as gross profit, plus stock-based compensation expense, impairment loss on intangible assets, and restructuring expenses charged under cost of sales. We define Adjusted Gross Margin as Adjusted Gross Profit as a percentage of total revenue. We define Cash Gross Profit as Adjusted Gross Profit, plus depreciation and amortization.

Further, Free Cash Flow may be useful to management and investors in evaluating the Company's operating performance and liquidity. 35 Table of Contents Table MD&A 7: Free Cash Flow For the Year Ended December 31, 2023 2022 (in thousands) Net cash flows provided by operating activities $ 1,587 $ 16,508 Adjustments: Purchases of property and equipment (926) (1,009) Capitalized software development costs (14,552) (12,708) Net cash proceeds from resale of software — 8,457 Free cash flow (Non-GAAP) $ (13,891) $ 11,248 Each of EBITDA, Adjusted EBITDA, EBITDA Margin, Adjusted EBITDA Margin, Adjusted Net (Loss)/Income, Adjusted EPS, Cash Gross Profit, Cash Gross Margin and Free Cash Flow has limitations as an analytical tool, and you should not consider any of them in isolation, or as a substitute for analysis of our results as reported under GAAP.

Table MD&A 8: Reconciliation of Net Cash (Used in) Provided by Operating Activities to Free Cash Flow For the Year Ended December 31, 2024 2023 (in thousands) Net cash (used in) provided by operating activities $ (25,938) $ 1,587 Adjustments: Purchases of property and equipment, net (2,252) (926) Capitalized software development costs (11,505) (14,552) Free cash flow (Non-GAAP) $ (39,695) $ (13,891) EBITDA, Adjusted EBITDA, EBITDA Margin, Adjusted EBITDA Margin, Adjusted Net Loss, Adjusted EPS, Adjusted Gross Profit, Adjusted Gross Margin, Cash Gross Profit, Cash Gross Margin and Free Cash Flow each have limitations as an analytical tool, and you should not consider any of them in isolation, or as a substitute for analysis of our results as reported under GAAP.

Goodwill and Other Long-Lived Assets We evaluate the impairment of goodwill and other long-lived assets in accordance with Accounting Standards Codification ("ASC") 350, "Intangibles – Goodwill and Other." Management annually reviews goodwill and other long-lived assets for impairment or whenever events or changes in circumstances indicate the carrying amount may not be recoverable.

As a result of the changes in contract estimates, we recorded immaterial catch-up revenue adjustments during the year ended December 31, 2024, and 2023. 38 Table of Contents Goodwill and Other Long-Lived Assets We evaluate the impairment of goodwill and other long-lived assets in accordance with Accounting Standards Codification ("ASC") 350, "Intangibles – Goodwill and Other." Management annually reviews goodwill and other long-lived assets for impairment or whenever events or changes in circumstances indicate the carrying amount may not be recoverable.

One reason for the rise of ransomware attacks is that it is exceedingly profitable for cybercriminals, and ransomware victims generally settle the ransom rather than restoring the system from backups or dealing with the fallout from a data breach.

Modern phishing attacks have become adept at bypassing traditional security measures, using more personalized and technically advanced tactics to deceive users. One reason for the rise of ransomware attacks is that it is exceedingly profitable for cybercriminals, and ransomware victims generally settle the ransom rather than restoring the system from backups or dealing with the fallout from a data breach.

Despite the budget and competitive pressure affecting the industry, we believe we are well-positioned to expand existing customer relationships and benefit from opportunities that we have not previously pursued. Business Environment U.S. Budget Congress has been unable to complete action on all appropriations bills for Fiscal Year ("FY") 2024, which began on October 1, 2023.

Our revenues are generated from a number of contract vehicles and task orders. The U.S. government has increasingly relied on contracts that are subject to a competitive bidding process (including IDIQ, GSA schedules, OTA, and other multi-award contracts), which has resulted in greater competition and increased pricing pressure.

The U.S. government has increasingly relied on contracts that are subject to a competitive bidding process (including IDIQ, GSA schedules, OTA, and other multi-award contracts), resulting in greater competition and increased pricing pressure. We expect that a majority of the business that we seek in the foreseeable future will be awarded through a competitive bidding process.

For 2023 and 2022, the Company's revenue derived from firm-fixed-price contracts was 78.5% and 82.9%, respectively; cost-plus contracts revenue was 12.1% and 11.1%, respectively; and time-and-material contracts was 9.3% and 6.0%, respectively.

For 2024 and 2023, the Company's revenue derived from firm-fixed-price contracts was 75% and 79%, respectively; time-and-material contracts was 15% and 9%, respectively; and cost-plus contracts revenue was 10% and 12%, respectively.

We define Adjusted EPS as Adjusted Net (Loss)/Income divided by the weighted-average number of common shares outstanding for the period.

We define Adjusted Net (Loss) Income as net (loss) income, adjusted for non-operating (income) expense, stock-based compensation expense, impairment loss on intangible assets, and restructuring expenses (adjustments). We define Adjusted EPS as Adjusted Net (Loss) Income divided by the weighted-average number of common shares outstanding for the period.

Our business performance is affected by the overall level of U.S. government spending and the alignment of our offerings and capabilities with the budget priorities of the U.S. government. Adverse changes in fiscal and economic conditions could materially impact our business. Some changes that could adversely impact our business include the implementation of future spending reductions and government shutdown.

Adverse changes in fiscal and economic conditions could materially impact our business. Some changes that could adversely impact our business include the implementation of future spending reductions, government shutdown and supply chain challenges.

These government initiatives and audit fatigue continue to burden highly regulated organizations, with automation solutions being recognized as the most effective remedy for the many repetitive and redundant tasks that security compliance requires. Additionally, the SEC has finalized and adopted new cybersecurity rules for publicly traded companies, which will require registrants to disclose additional cyber-related information in their regulatory filings.

These government initiatives and audit fatigue continue to burden highly regulated organizations, with automation solutions recognized as the most effective remedy for the many repetitive and redundant tasks that security compliance requires. Additionally, the SEC adopted new rules on cybersecurity risk management, strategy, governance and incident disclosure by public companies.

For fiscal year 2023, we performed a qualitative assessment on our reporting units and determined that it is "more-likely-than-not" that the estimated fair value of our Security Solutions reporting unit exceeded its carrying value.

For fiscal year 2024, we performed a qualitative assessment of our reporting units and determined that it is more likely than not that the estimated fair value of the reporting units exceeds their carrying value and thus, we did not proceed to the two-step goodwill impairment test.

Other Financing Obligations In November 2022, we entered into a Master Purchase Agreement with a third-party for $9.1 million relating to software licenses under a specific delivery order with a customer resulting in proceeds from other financing obligation.

As of December 31, 2024, there were no outstanding balances under the revolving credit facility and we were in compliance with all covenants contained in the Credit Agreement. 37 Table of Contents Other Financing Obligations In November 2022, we entered into a Master Purchase Agreement ("MPA") with a third party for $9.1 million relating to software licenses under a specific delivery order with a customer, resulting in proceeds from other financing obligations.

In preparing these financial statements, management has made its best estimates and judgments of certain amounts included in the consolidated financial statements, giving due consideration to materiality. Management evaluates these estimates and assumptions on an ongoing basis.

Critical Accounting Policies and Estimates The preparation of consolidated financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported. In preparing these financial statements, management has made its best estimates and judgments of certain amounts included in the consolidated financial statements, giving due consideration to materiality.

Table MD&A 1: Backlog by Segment As of December 31, 2023 2022 (in thousands) Security Solutions Funded backlog $ 24,538 $ 33,784 Unfunded backlog 41,398 47,509 Total Security Solutions backlog 65,936 81,293 Secure Networks Funded backlog 27,530 48,454 Unfunded backlog 24,636 82,296 Total Secure Networks backlog 52,166 130,750 Total Funded backlog 52,068 82,238 Unfunded backlog 66,034 129,805 Total backlog $ 118,102 $ 212,043 Increases in backlog is a result from the award of new contracts and the renewal or extension of existing contracts.

Table MD&A 1: Backlog by Segment As of December 31, 2024 2023 (in thousands) Security Solutions Funded $ 44,220 $ 24,538 Unfunded 21,373 41,398 Total Security Solutions backlog 65,593 65,936 Secured Networks Funded 6,977 27,530 Unfunded 3,919 24,636 Total Secure Networks backlog 10,896 52,166 Total Funded 51,197 52,068 Unfunded 25,292 66,034 Total backlog $ 76,489 $ 118,102 Increases in backlog is a result of the award of new contracts and the renewal or extension of existing contracts.

Our estimates and assumptions have been prepared on the basis of the most current reasonably available information, and may change in the future as more current information is available. 37 Table of Contents Management believes that our critical accounting policies are those that are both material to the presentation of our financial condition and results of operations and require management's most difficult, subjective and complex judgments.

Management believes that our critical accounting policies are those that are both material to the presentation of our financial condition and results of operations and require management's most difficult, subjective and complex judgments.

By contrast, in 2022, there was a cash inflow from the other financing obligations of $9.1 million. Commitments from Contractual Obligations The Company does not have any other material cash requirements from contractual obligations at December 31, 2023, except for the commitments on the existing lease obligations on various office space and equipment under non-cancelable operating and finance leases.

Commitments from Contractual Obligations The Company does not have any other material cash requirements from contractual obligations. As of December 31, 2024, we had contractual commitments to make payments under existing lease obligations on various office space and equipment under non-cancelable operating and finance leases, and an obligation under a service agreement.

Table MD&A 4: Secure Networks Segment - Financial Results Comparison For the Year Ended December 31, 2023 2022 (dollars in thousands) Revenues $ 67,962 $ 96,433 Cost of sales (excluding depreciation and amortization) 54,622 79,308 Depreciation and amortization 12 30 Total cost of sales 54,634 79,338 Gross profit $ 13,328 $ 17,095 Gross margin 19.6 % 17.7 % Our Secure Networks segment revenue decreased by $28.5 million, or 29.5%, in 2023, compared to 2022, primarily due to the successful completion of certain programs and lower revenues on ongoing programs as expected, partially offset by new program wins.

Table MD&A 4: Secure Networks Segment - Financial Results Comparison For the Year Ended December 31, 2024 2023 Dollar Change (dollars in thousands) Revenues $ 31,512 $ 67,962 $ (36,450) Cost of sales (excluding impairment loss, depreciation and amortization) 24,754 54,622 (29,868) Depreciation and amortization 8 12 (4) Total cost of sales 24,762 54,634 (29,872) Gross profit $ 6,750 $ 13,328 $ (6,578) Gross margin 21.4 % 19.6 % Secure Networks segment revenue decreased by 54% in 2024, compared to 2023, primarily due to the successful completion of certain programs and ramp-down of certain programs without corresponding new business wins to backfill completed programs.

Other income increased by $5.4 million in 2023, compared to 2022, primarily due to an increase in dividend income from money market placements of $3.9 million, and a gain on early extinguishment of other financing obligation of $1.4 million in 2023, without a similar gain in 2022. Interest expense .

Other income : Other income decreased by 40% in 2024, compared to 2023, primarily due to the gain on early extinguishment of other financing obligation of $1.4 million in 2023, without a similar gain in 2024.

We evaluate significant trends and fluctuations in our contract portfolio over time due to contract awards and completions, changes in customer requirements and changes in the volume of product and software sales. Backlog Backlog is also a useful measure in developing our annual budgeted revenue by estimating for the upcoming year our continuing business from existing customers and active contracts.

Likewise, the segment gross profit decreased by $22.3 million or 36.1% in 2023, compared to 2022, primarily due to the decrease in revenue. Segment gross margin slightly decreased from 51.4% in 2022 to 51.2% in 2023 primarily due to higher amortization of software development costs, offset by high margin new program wins, mix within the portfolio and lower stock-based compensation.

Security Solutions segment gross profit decreased by 30% in 2024, compared to 2023, and gross margin decreased from 51.2% in 2023 to 36.1% in 2024, primarily due to the impairment loss on intangible assets in 2024, higher amortization of software development costs, and program mix within the portfolio.

The decrease in cash outflow from financing activities is primarily attributable to decreases in payments of tax withholding related to the net share settlement of equity awards of $3.7 million in 2023, compared with $5.7 million in 2022.

This is primarily attributable to decreases in payments of tax withholding related to the net share settlement of equity awards of $0.5 million in 2024, compared with $3.7 million in 2023, and a $0.6 million payment for the Diamond Fortress Technologies ("DFT") holdback in February 2023, with no similar payment in 2024.

(2) The restructuring expenses include severance and other related benefit costs (including outplacement services and continuing health insurance coverage), external consulting and advisory fees related to implementing the restructuring plan.

(2) Due to its immaterial amount, the impairment loss on intangible assets of $0.5 million for fiscal year 2023 was reported as part of depreciation and amortization in 2023. (3) The restructuring expenses include severance and other related benefit costs (including outplacement services and continuing health insurance coverage), external consulting and advisory fees related to implementing the restructuring plan.

Table MD&A 6: Reconciliation of Gross Profit to Cash Gross Profit; Gross Margin to Cash Gross Margin For the Year Ended December 31, 2023 2022 Amount Margin Amount Margin (dollars in thousands) Gross profit $ 52,942 36.4 % $ 79,043 36.4 % Adjustments: Stock-based compensation expense — cost of sales 900 0.6 % 3,497 1.6 % Depreciation and amortization — cost of sales 3,544 2.5 % 793 0.4 % Restructuring expenses — cost of sales — —% 578 0.3% Cash gross profit (Non-GAAP) $ 57,386 39.5% $ 83,911 38.7 % Free Cash Flow Free cash flow, as reconciled in the table below, is a non-GAAP financial measure defined as net cash provided by/(used in) operating activities, less purchases of property and equipment, and capitalized software development costs.

Table MD&A 7: Reconciliation of Gross Profit to Adjusted Gross Profit and Cash Gross Profit; Gross Margin to Adjusted Gross Margin and Cash Gross Margin For the Year Ended December 31, 2024 2023 Amount Margin Amount Margin (dollars in thousands) Gross profit $ 34,429 31.8 % $ 52,942 36.4 % Adjustments: Stock-based compensation expense — cost of sales 828 0.8 % 900 0.6 % Impairment loss on intangible assets – cost of sales 5,333 4.9% — —% Restructuring expenses — cost of sales 341 0.3% — —% Adjusted gross profit (Non-GAAP) 40,931 37.8% 53,842 37.0% Depreciation and amortization — cost of sales 6,404 5.9 % 3,544 2.5 % Cash gross profit (Non-GAAP) $ 47,335 43.7% $ 57,386 39.5% 35 Table of Contents Free Cash Flow Free Cash Flow is a supplemental measure of operating and cash flow performance that is not made under GAAP and does not represent, and should not be considered as an alternative to, net cash flow (used in) provided by operating activities, as determined by GAAP.

Business Overview For an overview of our business, including our business segments and discussion of our products and services we provide, see Item 1, " Business " of this Annual Report on Form 10-K.

Overview For an overview of our business, including our business segments and a discussion of the services and products we provide, see Item 1, " Business " of this 10-K. Additional information regarding our segments is also presented in Note 18 – Segment Information to the consolidated financial statements at Item 8 of this 10-K.

Although we continue to offer resold products through our contract vehicles, we have focused on selling solutions and outsourcing product sales, as well as designing and delivering Telos manufactured and branded technologies. We believe our contract portfolio is characterized as having low to moderate financial risk due to the limited number of long-term fixed-price development contracts.

We believe our contract portfolio is characterized as having low to moderate financial risk due to the limited number of long-term fixed-price development contracts. Our firm-fixed-price activities consist primarily of contracts for products and services at established contract prices.

See Note 19 - Commitment and Contingencies , to the consolidated financial statements within this Annual Report for further discussion of other commitment and contingencies. Revolving Credit Facility On December 30, 2022, we entered into a senior secured credit facility with JPMorgan Chase Bank, N.A.

Revolving Credit Facility On December 30, 2022, we entered into a senior secured credit facility with JPMorgan Chase Bank, N.A.

Table MD&A 3: Security Solutions Segment - Financial Results Comparison For the Year Ended December 31, 2023 2022 (dollars in thousands) Revenues $ 77,416 $ 120,454 Cost of sales (excluding depreciation and amortization) 34,270 57,743 Depreciation and amortization 3,532 763 Total cost of sales 37,802 58,506 Gross profit $ 39,614 $ 61,948 Gross margin 51.2 % 51.4 % 32 Table of Contents Our Security Solutions segment revenue decreased by $43.0 million or 35.7% in fiscal year 2023, compared to fiscal year 2022, primarily due to lower revenues on ongoing programs and the loss of a program, partially offset by some new program wins and the initial ramp of the TSA PreCheck program.

Table MD&A 3: Security Solutions Segment - Financial Results Comparison For the Year Ended December 31, 2024 2023 Dollar Change (dollars in thousands) Revenues $ 76,760 $ 77,416 $ (656) Cost of sales (excluding impairment loss, depreciation and amortization) 37,352 34,270 3,082 Impairment loss on intangible assets 5,333 — 5,333 Depreciation and amortization 6,396 3,532 2,864 Total cost of sales 49,081 37,802 11,279 Gross profit $ 27,679 $ 39,614 $ (11,935) Gross margin 36.1 % 51.2 % Security Solutions segment revenue decreased by 1% in 2024, compared to 2023, primarily due to the reduction in revenue from a long-term program, the completion of a short-term program in the prior year and the sale of a non-recurring perpetual license in the prior year, partially offset by the growth in the TSA PreCheck program.

To protect against AI-powered cyberattacks, organizations must stay vigilant and adopt advanced cybersecurity tools and techniques that can detect and respond to these threats timely before they can cause damage. 30 Table of Contents Backlog Backlog is a useful measure in developing our annual budgeted revenue by estimating for the upcoming year our continuing business from existing customers and active contracts.

To protect against AI-powered cyberattacks, organizations must stay vigilant and adopt advanced cybersecurity tools and techniques that can detect and respond to these threats in a timely manner before they cause damage. The proposed FY2025 budget provides $455 million to extend the frontiers of AI for science and technology and to increase AI’s safety, security, and resilience.

Table MD&A 8: Cash Flows Information For the Year Ended December 31, 2023 2022 (in thousands) Net cash provided by operating activities $ 1,587 $ 16,508 Net cash used in investing activities (15,478) (13,717) Net cash used in financing activities (6,151) (9,915) Net change in cash, cash equivalents, and restricted cash $ (20,042) $ (7,124) Net cash provided by operating activities for the years ended December 31, 2023 and 2022 was $1.6 million and $16.5 million, respectively, a decrease in cash inflow of $14.9 million compared with prior year.

Although no assurances can be given, we believe the available cash balances and access to our revolving credit facility are sufficient to maintain the liquidity we require to meet our operating, investing and financing needs for the next 12 months. 36 Table of Contents Table MD&A 9: Cash Flows Information For the Year Ended December 31, 2024 2023 (in thousands) Net cash (used in) provided by operating activities $ (25,938) $ 1,587 Net cash used in investing activities (16,757) (15,478) Net cash used in financing activities (1,984) (6,151) Net change in cash, cash equivalents, and restricted cash $ (44,679) $ (20,042) For the year ended December 31, 2024, net cash used in operating activities was $25.9 million, compared with net cash provided by operating activities of $1.6 million in 2023, an increase in cash outflow of $27.5 million compared year over year.

Net cash used in investing activities for the years ended December 31, 2023, increased by $1.8 million in cash outflow compared to the same period in 2022, primarily due to higher investments in software development costs of $14.6 million and $12.7 million for the years ended December 31, 2023 and 2022, respectively. 36 Table of Contents For the year ended December 31, 2023, net cash used in financing activities was $6.2 million compared to $9.9 million in 2022.

Net cash used in investing activities for the years ended December 31, 2024, increased by $1.3 million in cash outflow compared to the same period in 2023, primarily due to the cash outflow from the purchase of an investment of $3.0 million in 2024, with no similar transaction in 2023.

Additional information regarding our segments is also presented in Note 1 8 – Segment Information to the consolidated financial statements at Item 8 of this Form 10-K. Opportunities, Challenges and Risks As discussed under Item 1A, " Risk Factor s ", we derive a substantial portion of our revenues from contracts and subcontracts with the U.S. government.

As discussed under Item 1A, " Risk Factors ," we derive a substantial portion of our revenues from contracts and subcontracts with the U.S. government. Our revenues are generated from a number of contract vehicles and task orders.

With this growing threat, below are some trends to consider when looking at the cybersecurity landscape: Rising Threats, Rising Liability: Ransomware remains arguably the most severe cyber threat to enterprises in the commercial, state, and local government and education sectors.

With this growing threat, below are some trends to consider when looking at the cybersecurity landscape: Emerging Cyber and Counterintelligence Threats: The proposed FY2025 budget expands the Department of Justice’s ("DOJ") ability to pursue threats through investments in the FBI’s cyber and counterintelligence investigative capabilities.

Table MD&A 9: Contractual Obligations Payments due by Period Total 2024 2025 - 2027 2028 - 2030 Thereafter (in thousands) Finance lease obligations (1) 12,915 2,258 7,116 3,541 — Operating lease obligations (1) (2) 241 105 111 25 — Total contract obligations $ 13,156 $ 2,363 $ 7,227 $ 3,566 $ — (1) Includes interest expense. $ 1,688 $ 536 $ 1,022 $ 130 $ — (2) Includes operating lease right-of-use obligations and short-term leases with terms of 12 months or less.

Table MD&A 10: Contractual Obligations Total Due within one year (in thousands) Finance lease obligations (1) $ 10,658 2,314 Operating lease obligations (1) (2) 692 248 Service agreement obligation 10,000 1,250 Total contract obligations $ 21,350 $ 3,812 (1) Represents interest expense included in this amount. $ 1,201 $ 473 (2) Amount includes operating lease right-of-use obligations and short-term leases with terms of 12 months or less.

Artificial Intelligence : Cybercriminals are using Artificial Intelligence ("AI") to launch more sophisticated attacks that can quickly adapt to changing environments, making detection harder.

Integrating biometrics with multi-factor authentication can provide a robust defense against unauthorized access. Artificial Intelligence : AI is set to play a critical role in cybersecurity. Cybercriminals are using AI to launch more sophisticated attacks that can quickly adapt to changing environments, making detection harder. AI's advanced data analysis capabilities are increasingly used for defensive measures over time.

The Nation's Critical Systems Are Still at Risk: Critical infrastructure and industrial IoT are among the categories at greatest risk of cyberattacks. The Challenging Complexity of Regulatory Compliance: Government mandates stronger security in highly regulated industries.

The Nation's Critical Systems Are Still at Risk: Critical infrastructure and industrial IoT are among the categories at greatest risk of cyberattacks. The IoT continues its rapid growth, interconnecting an increasing number of devices. However, this expansion brings with it a host of security challenges.

This failure to approve the FY2024 appropriations legislation in a timely manner and the resultant uncertainty about actual funding has impacted federal customers' ability to move forward on their planned expenditures in FY2024, and to adequately plan for FY2025.

While there is no clear path to approval of the FY2025 budget, failure to do so poses uncertainty about actual funding and will impact federal customers' ability to move forward on their planned expenditures in FY2025. Cybersecurity Landscape The scope of cybersecurity is on the cusp of transformative changes.

Removed

Our firm-fixed-price activities consist primarily of contracts for products and services at established contract prices. Our time-and-material contracts generally allow the pass-through of allowable costs plus a profit margin.

… 59 more changes not shown on this page.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market Risk — interest-rate, FX, commodity exposure

1 edited+0 added−0 removed2 unchanged

2023 filing

2024 filing

Biggest changeThe majority of our business is transacted in U.S. dollars, and the impact of the foreign currency fluctuation as we report for our foreign subsidiary upon translation of its financials into U.S. dollars was insignificant. Further, we do not enter into financial instruments for trading purposes. 39 Table of Contents

Top changes in TELOS CORP's 2024 10-K

Item 1. Business

Item 1A. Risk Factors

Item 1C. Cybersecurity

Item 2. Properties

Item 5. Market for Registrant's Common Equity

Item 6. [Reserved]

Item 7. Management's Discussion & Analysis

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Other TLS 10-K year-over-year comparisons