AI assistant
WHITEHAWK LIMITED AGM Information 2026
66062_rns_2026-05-28_cc02b1a9-d220-414e-a0b6-5f765995f625.pdf
AGM Information
Open in viewerOpens in your device viewer
EMPOWERING A FEARLESS INTERNET
WHITEHAWK
Next Generation Cyber Risk to AI-Attack Resilience
Across all Federal, S&L Government, Critical Infrastructure & Their Supply Chains
Validated 79.5% Vulnerability & 60% Compliance Visibility at Scale
AGM 29MAY26
www.whitehawk.com
© 2024 WHITEHAWK LIMITED
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
2025 U.S. Critical Infrastructure (CI) Threat Landscape
FBI IC3 Report on 2025 – Reported U.S. Losses, to include:
- Business Email Compromise – $3.05 B
- Phishing/Spoofing Victims – 191,561
- Personal Data Breach – 67,456
- 3,611 reported ransomware, losses $32M
- The 2025 IC3 report does not provide a single aggregate loss or complaint total for critical infrastructure, but highlights ransomware as a primary threat, with over 3,600 complaints and more than $32M in reported losses.
FBI Report:
Internet Crime Report 2025
I ANNUAL GENERAL MEETING
EMPOWERING A FEARLESS INTERNET
Open-Source Cyber Risk & Threat Intelligence (OSINT)
Easy to Implement, Non-Intrusive (Legal Name/URL), Cost-Effective, AI-Based Automation
Software
Physical Security
Publicly Available Data Sets
AI and Machine Learning
Cyber SaaS and PaaS
Cutting-edge AI tools sift through vast global datasets to bring the most relevant analytics tailored to your Digital Risk to Resilience Needs & Priorities – 100% Automated
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Proven Software as a Service (SaaS) Solutions – Annual Subscriptions: Cyber Risk Program, Radar & Analyst Platform as a Service (PaaS)
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
2026/27 Strategy, Pipeline & Projections
Revenue Projections
2026 revenue projections now on track with current contracts, active, broad Commercial Pipeline and Federal, State, Local Government RFPs
New Sales Bookings
US$20M+ Pipeline to achieve growth benchmark $5.5M
- Cyber Risk Radar US$10.5M || Cyber Risk PaaS US$6M
- U.S. Government RFP Awards WHK US$4M
Existing Customer Upsell/Cross-sell
- Top 10 US City US$200K
- Investment Firm US$150K
- Two US Federal System Integrators US$2.2M
Cyber Sales/Marketing Channels
- Carahsoft and Evolver and Armis
- Cyber Firms – Adisyn Services & The Empire Cyber Group
- Novera Joint Venture new solution RiskWise
Customer Renewal
- 75%
- Retaining Clients on average for 2-3years
Employee Retention
- Maintain current excellent employee retention of 80%-90%
- Conversion of proven Interns to Full-Time
- Recruiting of new Cyber Interns
Product Roadmap Delivery
- Advancing AI-Roadmap with automation and scalability
- Novera RiskWise
- Automated AU E 8 Compliance Mapping into Action Plans
Customer Needs Alignment
- Tailoring of platforms to meet evolving requirements
- Continuous advancement of platform features and new product lines: CMMC, M365, Global Entity Illumination
WHK Business Strategy Priorities 2026-2027
| Grow Client Base across advanced product lines: 1- AI-Based Critical Infrastructure Global & Regional Entity Illumination 2- Cyber Analyst Platform as a Service + CMMC | In Partnership with Carahsoft, Evolver, Leidos, Novera, Adisyn Services & Armis respond to AUKUS Defence, Public, Private Sector Cyber Resilience & SCRM Opportunities | Continue to advance Consulting Firm Partnerships – Adisyn Services, Novera, The Empire Cyber Group – providing all product lines remotely | Sign next phase of Cyber Resilience Moonshot Contracts via Corporate or Government Sponsorship in the U.S. and AU |
|---|---|---|---|
Retain, advance & grow current Cyber Risk Radar, Cyber Risk Program, Cyber Analyst as a Platform contracts for recurring revenue & product advancement
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Corporate Snapshot
ASX Ticker
WHK
Shares on issue
1.133 bn
Last share price
A$0.005
Undiluted Market cap
A$5.66m
Listing Date
24 Jan 2018
All figures are as of 27 May 2026 unless otherwise noted.
| Top 5 Shareholders | % Shares |
|---|---|
| Mr Giuseppe Porcelli & Associates | 7.17 |
| Lavya Pty Ltd | 5.91% |
| Mr Aslam Mohammad | 4.26% |
| Terry Roberts | 3.31% |
| Mr Antanas Guoga | 2.70% |
| Top 5 Shareholders | 19.98% |
| Top 20 Shareholders | 37.81% |
| Directors & Associates | 10.92% |
ANNUAL GENERAL MEETING
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
2026 Bids, Quotes & Wins
| Account Name | $USD | Award Date | Stage | PWIN |
|---|---|---|---|---|
| U.S. State Cyber Clinic Grants | $31.6K | |||
| $75K | 16FEB26 | |||
| MAY26 | Contracted | Won | ||
| Georgetown University – Cyber Risk Program Renewal w/ CMMC 1 | ||||
| R&D Enclave CMMC 2 & Vendor Risk Baseline | ||||
| Request for VRM Program | $42K | |||
| $50K | MAR26 | PO Received | Won | |
| Cyber Risk Radar C-SCRM | $50K | JUL26 | Under Review | 75% |
| Top 10 U.S. City Cyber Risk Radar | ||||
| ServiceNow Integration Services Renewal | $87K | |||
| $58K | MAY/JUN26 | Contract in Process | 99% | |
| OSD/DOW A&S Critical Infrastructure Resilience 6 Month Pilot | $975K | JUL26 | Under Review | 50% |
| State of Florida & Texas Cyber Resilience Initiatives | $2.2M | JUL/AUG26 | Under Review | 50% |
| U.S. Investment Firm Cyber Risk Radar & Pen Tests | $78K | |||
| $24K | 05/26 | PO in Process | 99% | |
| SOCOM APOLLO TA w/ LEIDOS – 5YR Contract $2B YR | $1-2M YR | RFP MAR26 | Award AUG26 | 50% |
| Top 10 U.S. Federal System Integrator Cyber Risk Intelligence Pilot | $250K | 05/26 | Contracted | Won |
| Home Affairs for Critical Infrastructure Cyber Risk Radar | $85k-150k | |||
| $2.2m | JUN | |||
| JUL/AUG26 | Proposal Under Review | 50% | ||
| Adisyn / Reach Subsea E8 Enclave | $8k | May | PO Received | Won |
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
U.S. Federal State/Local Pipeline
- GSA SCRIPTS BAA (Supply Chain Illumination Program, Tools & Services) 10 Year Contract Vehicle, $99M a year for 10 Years 16SEP24 Submission - 2 Task Orders Released in OCT25:
- Dept of Navy Sole Source to Interos, Special Ops Command 50 Licenses, NCIS C-SRCM Sources Sought
- New FBI C-SCRM RFI – Submissions APR26
- DOE CIO C-SCRM Upcoming RFP – Shaping
- NNSA C-SCRM Shaping – meeting 27MAY
- Federal System Integrator DON NGEN ongoing Contract – Won 90 Day Pilot $250K
- TA w/ LEIDOS - FEB26 RFP, MAR26 Orals, AUG26 Award $1.9B: APOLLO W/ PMESII - Teaming Agreement signed w/ WhiteHawk
- Grist Mill Exchange Registration - Federal IC Clients OSINT datasets via API purchasing
- FAA 2025-2028 $21B Contract – WHK Phase 1 Proposal $700K
- DARPA BAA’s: Responded to U.S. Defense Advanced Research Projects Agency (DARPA) Open BAA 10MAY25: The Information Innovation Office (I2O)
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Quixxi Potential Acquisition
- Quixxi brings a proven cybersecurity technology heritage, in API security, mobile and application protection, threat detection, digital asset resilience, and cyber breach monitoring - directly aligned to the layer of the digital stack were most modern attacks occur.
- Built upon this foundation, Clarity AI SaaS Solution extends Quixxi's cybersecurity lineage into a new strategic domain: AI systems operational risk management. The solution assesses AI model governance, data protection, model safety, ethical safeguards, and compliance requirements across an organization's rapidly deploying AI capabilities.
- 30 April 2026 APRA Letter to 320 APRA-regulated entities (banks, insurers, super funds) - buying capacity concentrated in the top 50 by AUM https://www.apra.gov.au/apra-letter-to-industry-on-artificial-intelligence-ai
- ClarityAI is the only Australian-built platform delivering the full APRA-aligned governance stack, with Atturra as the contracted channel.
- IER currently being finalized, in preparation for an EGM for WHK Shareholders to vote on the Resolution.
EMPOWERING A FEARLESS INTERNET
WHITEHAWK
Unlocking Cyber Risk Visibility
Cyber Risk Intelligence vs. Validated Cyber Security Reality
Fortune 500 Manufacturer | 7 Business Units | 4-Year Analysis
31MAR26
www.whitehawk.com
© 2024 WHITEHAWK LIMITED
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Inside Team vs OSINT View – Global Manufacturer Client:
Cyber Vulnerabilities Identified:
Cyber OSINT Validated Findings Rate: 79.5%
Client Internal Validated Findings Rate: 91.4%
IT Assets Identified:
KEY RISKS: Misattributed Assets | Shadow IT | Weak Encryption | Plaintext Data
Cyber Open-Source Risk Intelligence
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Key Cyber Risk Open-Source Intelligence Findings Not Identified by Global Manufacturer-Fortune 500 Cybersecurity Team
| Asset Visibility Gaps | Application Risk | Configuration Weaknesses | Encryption & Protocol Failures |
|---|---|---|---|
| • Misattributed or unknown assets | |||
| • Unmanaged / orphaned systems | |||
| • End-of-life infrastructure | • Unencrypted sensitive data | ||
| • Rogue or unmanaged apps | |||
| • Third-party dependency exposure | • Insecure patching or default settings | ||
| • Internet-exposed internal systems | |||
| • Shadow IT bypassing controls | • Weak or outdated encryption | ||
| • Unmanaged certificates | |||
| • Plaintext communications |
Cyber Open-Source Risk Intelligence
WHITEHAWK
14
riskwise
Sign in
RiskWise Cyber Risk Snapshot:
Novera & WHK Joint Venture
Know Your Cyber Risk Before It Knows You
Get a clear, actionable snapshot of your organisation's cybersecurity posture in minutes, not months.
[Get started] [Learn more]
CYBER RISK SNAPSHOT
Understand Your Risk in Minutes
The RiskWise Cyber Risk Snapshot provides your organisation a with a clear, concise picture of your cybersecurity posture — identifying vulnerabilities, quantifying risk, and delivering an actionable roadmap for improvement in minutes.
Quick Assessment
Get a comprehensive overview of your cybersecurity posture in minutes, not months.
Professional Report
Receive a detailed, executive-ready report with clear risk ratings and benchmarks.
Actionable Insights
Walk away with prioritized, practical recommendations that you can implement immediately.
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Fast Track Cyber Compliance for 15 Frameworks (AU E8 & CMMC)
Reduce Time & Cost by 25-30% Across Enterprises & Their Supply Chains
Marketplace
- News & Insights
- About -
- Client Portal
WHITEHAWK
Client Portal
| Author: Plan | AU-E8 | CIS v6 | CMMC 2.0 | GDPR | NIST 500-171 | NIST 900-53 RS |
|---|---|---|---|---|---|---|
Cybersecurity Maturity Model Certification 2.0
The Cybersecurity Maturity Model Certification (CMMC) is a standard for implementing cybersecurity in the Defense Industrial Base (DIB) aimed at measuring the maturity of an organization's processes toward enhancing the protection of Federal Contract Information (FCI) and Contested Unclassified Information (CUI). The CMMC framework was developed in cooperation between States Department of Defense (DOD), DOD stakeholders, University Affiliated Research Centers (UARCs) Federally Funded Research and Development Centers (FPREDs), and the Defense (DIB) sector.
| Search Table |
|---|
| Applied Fillers |
| Per page: |
| Area |
| Access Control |
| Awareness and Training |
| Security |
CMMC Level 1 Practices
| All Practices (10) | Access Control (4) | Authentication (2) | Media Protection (1) | Physical Protection (2) | System Protection (2) | System Integrity (4) |
|---|---|---|---|---|---|---|
| All Practices | ||||||
| Overview of all CMMC Level 1 practices | % Impact by 2021 | |||||
| Practices Met | Not Met | Pending | Compliance | |||
| 15 | 0 | 0 | 100% | |||
| AC.L1-b.1.i | ||||||
| Authorized Access Control | NET | |||||
| --- | --- | |||||
| AC.L1-b.1.ii | ||||||
| Transaction & Function Control | NET | |||||
| AC.L1-b.1.iii | ||||||
| External Connections | NET | |||||
| AC.L1-b.1.iv | ||||||
| Control Public Information | NET | |||||
| IA.L1-b.1.v | ||||||
| Identification | NET | |||||
| IA.L1-b.1.vi | ||||||
| Authentication | NET | |||||
| MP.L1-b.1.vii | ||||||
| Media Disposal | NET | |||||
| PE.L1-b.1.viii | ||||||
| Limit Physical Access | NET | |||||
| PE.L1-b.1.ix | NET |
AC.L1-b.1.i: Authorized Access Control
Control Who Can Access Your Systems
Make sure only the right people can access your computers and data.
Just like you look your office door, you need to control who can access your digital information to protect government data.
Examples:
- Each employee has their own username and password
- Contractors get temporary accounts that expire when their work is done
- Old employee accounts are disabled when they leave the company
Common Mistakes:
- Sharing passwords between employees
- Not removing access when employees leave
- Using generic accounts like "admin" or "user"
Technical Description
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
Assessment Objectives
OBJECTIVE A
Are authorized users identified?
OBJECTIVE B
Are processes acting on behalf of authorized users identified?
OBJECTIVE C
Are devices (and other systems) authorized to connect to the system identified?
OBJECTIVE D
Is system access limited to authorized users?
OBJECTIVE E
Is system access limited to processes acting on behalf of authorized users?
OBJECTIVE F
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Cyber Security Maturity Model Certification (CMMC) CMMC Compliance Solution (M365)
- Automating end-to-end CMMC Level 1 and Level 2 compliance for Microsoft 365 environments.
- Traditional path is months of consulting with persistent gaps.
- A four-stage model: Assess, Deploy, Handover, and Assure - culminating in quarterly reports and risk monitoring.
- Configures M365-native controls and delivers the System Security Plan, POA&M, and evidence package
CMMC Compliance, Accelerated
WhiteHawk delivers end-to-end CMMC Level 1 and Level 2 compliance for Microsoft 365 environments, covering scoping, control deployment, and assessor-ready documentation.
THE CHALLENGE
For most defense contractors, CMMC compliance is a long, resource-intensive effort. Reaching and sustaining certification (whether Level 1 for FCI or Level 2 for CUI) means configuring, documenting, and continuously validating up to 110 NIST SP 800-171 controls across Entra, Intune, Exchange, and SharePoint. The cost, complexity, and timeline leave gaps while compliance teams are stretched thin, and for organizations handling FCI or CUI the stakes are too high for slow, ad-hoc approaches.
THE ENGAGEMENT
01
Assess
Baseline your Microsoft 365 posture against NIST SP 800-171 and identify gaps at your target CMMC level.
02
Deploy
Automated configuration of CA policies, MFA, FIPS encryption, DLP, and audit logging, in hours rather than months.
03
Handover
Client-ready procedures, policy templates, and governance artifacts so your team owns the baseline from day one.
04
Assure
Quarterly compliance reports and control health monitoring to sustain your CMMC posture.
FULL COVERAGE OF CMMC
WHY WHITEHAWK
-
CMMC-RP expertise
Deep knowledge of NIST SP 800-171 and DFARS 7012 requirements, not generic Microsoft consulting -
Purpose-built methodology
CMMC365 automation tooling engineered specifically for CMMC, across Commercial, GCC, and GCC High environments -
Your team enabled
We hand over sustainable controls, documentation, and governance, ending the cycle of consultant dependency -
Speed
Deploy CMMC-aligned baselines in hours, not months, so projects finish in weeks rather than quarters -
Accuracy
Every control mapped directly to NIST SP 800-171 requirements, with no interpretation gaps -
Repeatability
The same validated, version-controlled control set, consistently applied across every customer enclave we deliver
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Global Critical Infrastructure Entity Illumination
Battlefield Mapping of the Digital Terrain
WhiteHawk's Approach for Adversary & Critical Infrastructure Mapping of the Digital Terrain.
Starting at $10 per Global Legal Entity by Region, Sector
Our approach, utilizes data markers and relevant characteristics of known entities such as regional commercial codes, business relationships, social media, marketing, and legal documents, enables Artificial Intelligence (AI) / Large Language Module (LLM) agents to comprehensively discover and illuminate unknown but knowable entities mapped to the eleven AU CI Sectors.
ARMIS FEDERAL
WHITEHAWK®
Armis Centrix™ & WhiteHawk
Smartly Retain DOD Contracts, Win New Work, While Being CMMC Cyber Resilient as Prime & Across All Suppliers/Partners
The Cyber Exposure Management Platforms for Federal Contractors
© 2025 Armis Federal LLC | 18
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Cyber Resilience Moonshot Business Case
When Sponsored by Government or Corporation working with Cyber Academic Centers of Excellence
- How many Critical Infrastructure (CI) entities across your City, State, Region?
- How many are SMB's w/ no full-time Cyber Team or large Cyber Budgets?
- How do you provide meaningful Cyber Risk Management and Mitigation with measures and metrics to your CI SMB's today?
-
How do you conduct meaningful Cyber Risk to Resilience R&D state-wide today – by Sector, Sub-Sector, Region, Size – driving focused policies, programs, and solutions?
-
How many Cyber Degree Graduates Per YR (across all specialties)?
- How many Cyber Related Internships are placed annually today?
- What is the cost of your Cyber Internship Program today?
- How many Cyber Graduates (all degree types) are placed in Cyber related Careers each year?
- Then you can calculate the ROI of implementing a Cyber Risk Analyst Internship Program
Assign a Collaborative Research Center Lead Private-Public Partnership
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Cyber Risk to Resilience Service of Common Concern
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
The Leadership Team
CHIEF EXECUTIVE OFFICER, PRESIDENT & FOUNDER
Terry Roberts
A global risk analytics, cyber intelligence and national security professional with over 20 years of Executive level experience across government, industry, and academia. Previously the Deputy Director of US Naval Intelligence, TASC VP for Intelligence and Cyber Engineering, and an Executive Director of Carnegie Mellon Software Engineering Institute (established the Emerging Tech Center now the AI Division) with an MSSI w/ AI concentration.
CHIEF OPERATING OFFICER & CHIEF PRODUCT OFFICER
Soo Kim
Previously the cybersecurity, technology strategy expert at Accenture Federal Services, Hewlett Packard Federal and VP at TASC. Experience in technical and business leadership, tactical execution, business operation, and solutions delivery. Bachelor's degree in mathematics from Virginia Tech, a Certified Enterprise Architect and Scrum Master and AI/ML Solution Architect.
CHIEF INFORMATION OFFICER
Mike Ferris
Technology executive with nearly 20 years of experience in IT and cybersecurity. Previous roles include Director of IT Operations & Security, Director of Advisory Services, and Senior Cyber Analyst & Program Manager. Led cybersecurity initiatives for both government and commercial entities, managing multi-year contracts focused on cyber and business intelligence, and regulatory compliance. Began his career as a Technical Controller in the US Marine Corps before transitioning to the commercial sector in 2010.
CHIEF TECHNOLOGY OFFICER
Michael Good
A Technical Program Manager with over 30 years of experience in cyber operations and technology development for military, government, and commercial cybersecurity solutions. Previous assignments include Raytheon, Vencore, L3 Communications and the US Census Bureau. Before entering private industry, Michael was a US Army Ops Research and Cyber Warfare officer at US Cyber Command, leading cyber operations planning for NSA's IA Directorate, with an MS in Computer Network Operations.
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
The Board
Melissa King, Non-Executive Director
Melissa King brings more than 20 years global experience as a senior executive, including her roles as Chief Executive Officer for the Australian Veterinary Association, FIBA Women's Basketball World Cup 2022 Organising Committee and Surf Life Saving Australia (SLSA) and executive roles with Sydney Opera House, Department of the Prime Minister and Cabinet APEC Australia 2007 Taskforce and the Governance Institute. A strategic, agile and innovative leader with extensive transformation, commercial and communications experience, Melissa has advised Boards and Government Agencies on strategy, governance and fundraising, and mentors emerging leaders.
Brian Hibbeln, Non-Executive Director
Brian Hibbeln is currently a venture partner at Sinewave Venture Capital LLC, a venture capital firm with the mission of accelerating new technologies across the public and commercial sector. He was the Director of the US Remote Sensing Center- National Capital Region (Washington D.C.) for almost a decade, being instrumental in supporting the DoD and Intelligence Community with technology demonstrations and operational support to combatant commanders around the world. Brian Hibbeln has advised Boards and Government Agencies on Cyber Technologies, Intelligence Activities, Mergers and Acquisitions and the deep understanding of Government needs or requirements. Mr. Hibbeln's extensive global networks and experience will open new channels for Whitehawk into the Australian, British and other markets globally.
Giuseppe Porcelli, Chief Strategy Officer, Executive Director
Giuseppe Porcelli is the Founder, Chairman & Group CEO of Lakeba Group Limited. A visionary entrepreneur, investor, and business leader with a proven track record in building and scaling innovative technology ventures, leading a global enterprise dedicated to developing and commercializing AI-driven solutions that optimize business operations, drive automation, and enhance digital transformation. Giuseppe is also the Chairman of Assetora (ASX: AOH), where he plays a pivotal role in guiding the company's growth and market strategy in fractional property investment. His expertise in corporate governance, M&A, and capital markets has been instrumental in driving strategic initiatives, including cross-border expansions and high-profile partnerships.
WHITEHAWK
EMPOWERING A FEARLESS INTERNET
Proposed Board Structure*
The Board is considering the composition of its members in light of the current activities of the Company, regulatory requirements, and the Company's finances:
- AU-based Chair
- 1 AU Board Member
- 1 US Board Member
In accordance with, clause 15.3 of the Company's Constitution a Director may be elected at a General Meeting of Shareholders to fill a casual vacancy. Noting that two Directors had been put forward by Shareholders of the Company.
Any changes to the Board composition will be announced via the ASX.
*For Shareholder Reference Only – final structure to be determined by the Board
EMPOWERING A FEARLESS INTERNET
WHITEHAWK®