Forward-Looking Statements

This Quarterly Report on Form 10-Q contains forward-looking statements. For this purpose, any statements contained herein that are not statements of historical fact may be deemed to be forward-looking statements. Without limiting the foregoing, the words "believes," "anticipates," "plans," "expects," and similar expressions are intended to identify forward-looking statements. There are a number of important factors that could cause the Company's actual results to differ materially from those indicated by such forward-looking statements. These factors include, without limitation, those set forth in the risk factors section included in the Company's Form 10-K for the year ended December 31, 2021, as filed with the SEC.

General and Business Overview

We offer technologically advanced, software-based security solutions that empower and protect the world's most security-conscious organizations against rapidly evolving, sophisticated and pervasive threats. Our portfolio of security products, services and expertise empower our customers with capabilities to reach new markets, serve their stakeholders more effectively, and successfully defend the nation or their enterprise. We protect our customers' people, information, and digital assets so they can pursue their corporate goals and conduct their global missions with confidence in their security and privacy.

Our mission is to protect our customers' people, systems, and vital information assets with offerings for cybersecurity, cloud security, and enterprise security. In the current global environment, our mission is more critical than ever. The emergence of each new information and communications technology introduces new vulnerabilities, as security is still too often overlooked in solution development. Networks and applications meant to enhance productivity and profitability often jeopardize an organization due to poor planning, misconfiguration, or an unknown gap in security. Ransomware, insider threats, cybercrime, and advanced persistent threats continue to menace public and private enterprises across all industries.

Cybersecurity, cloud security, and enterprise security of the modern organization share much in common, yet also call for a diverse range of skills, capabilities, and experience in order to meet the requirements of security-conscious customers. Decades of experience in developing, orchestrating, and delivering solutions across these three domains give us the vision and the confidence to provide solutions that empower and protect the enterprise at an integrated, holistic level. Our experience in addressing challenges in one area of an enterprise helps us meet requirements in others. We understand that a range of complementary capabilities may be needed to solve a single challenge, and we also recognize when a single solution might address multiple challenges. Our security solutions span across the following domains: cybersecurity, cloud security and enterprise security.

We refer to our cyber and cloud applications as Security Solutions, which includes Information Assurance / Xacta®, Secure Communications, and Telos ID. We refer to our offerings for enterprise security as Secure Networks.

Security Solutions

•Information Assurance / Xacta: a premier platform for enterprise cyber risk management and security compliance automation, delivering security awareness for systems in the cloud, on-premises, and in hybrid and multi-cloud environments. Xacta delivers automated cyber risk and compliance management solutions to large commercial and government enterprises. Across the U.S. federal government, Xacta is the de facto commercial cyber risk and compliance management solution.

•Secure Communications:

•Telos Ghost: a virtual obfuscation network-as-a-service with encryption and managed attribution capabilities to ensure the safety and privacy of people, information, and resources on the network. Telos Ghost seeks to eliminate cyberattack surfaces by obfuscating and encrypting data, masking user identity and location, and hiding network resources. It provides the additional layers of security and privacy needed for intelligence gathering, cyber threat protection, securing critical infrastructure, and protecting communications and applications when operations, property, and even lives can be jeopardized by a single error in security.

•Telos Automated Message Handling System ("AMHS"): web-based organizational message distribution and management for mission-critical communications; the recognized gold standard for organizational messaging in the U.S. government. Telos AMHS is used by military field operatives for critical communications on the battlefield and is the only web-based solution for assured messaging and directory services using the Defense Information System Agency's Organizational Messaging Service and its specialized communications protocols.


                                       25

--------------------------------------------------------------------------------

Table of Contents

•Telos ID: offering identity trust and digital services through IDTrust360® - an enterprise-class digital identity risk platform for extending flexible hybrid cloud identity services enabled for mobile and enterprise environments and custom digital identity services that mitigate threats through the integration of advanced technologies that fuse biometrics, credentials, and other identity-centric data used to continuously monitor trust. In April 2021, we announced the acquisition of the assets of DFT, whose ONYX® touchless mobile fingerprint software is being integrated with the IDTrust 360 platform. We maintain government certifications and designations that distinguish Telos ID, including TSA PreCheck® enrollment provider, Designated Aviation Channeling provider, FBI-approved Channeler, and Financial Industry Regulatory Authority Electronic Fingerprint Submission provider.

Secure Networks

•Secure Mobility: solutions for business and government that enable remote work and minimize operational and security concerns across and beyond the enterprise. Our secure mobility team brings credentials to every engagement, supplying deep expertise and experience as well as highly desirable clearances and industry-recognized certifications for network engineering, mobility, and security.

•Network Management and Defense: services for operating, administrating, and defending complex enterprise networks and defensive cyber operations. Our diverse portfolio of capabilities addresses common and uncommon requirements in many industries and disciplines, ranging from the military and government agencies to Fortune 500 companies.

Business Environment

Our business performance continues to be heavily affected by the overall level of U.S. government spending and the alignment of our solutions with the priorities of the U.S. government. U.S. government spending and contracts continue to be affected by the federal budget and appropriations process and related legislation.

Congress reached an agreement in March 2022 on fiscal year ("FY") 2022 appropriations legislation, which allows our federal customers to finally operate under more normal conditions and with updated funding levels through the remainder of FY 2022. Of note, the final FY 2022 appropriations bill provided $728.5 billion for the DoD and related activities. This amount is $32.5 billion more than the FY 2021 enacted level, and is an increase above the level proposed last spring by President Biden for FY 2022.

This delay in enacting final FY 2022 appropriations legislation postponed submission to Congress of the President's FY 2023 budget request, and could ultimately delay the congressional budget and appropriations process for the next fiscal year. These delays could, in turn, impact future planning by Telos and its government customers.

The President's FY 2023 budget request, which was released on March 25, 2022, calls for approximately 4% more in defense spending than was ultimately provided for FY 2022. However, this FY 2023 budget was developed prior to Russia's invasion of Ukraine and did not include expenditures related to that ongoing event. The proposed FY 2023 budget also assumes an inflation rate for DoD of 2.2%, which Pentagon officials have subsequently admitted will need to be adjusted higher. As such, there will be significant pressure in Congress to boost defense spending further to account for these factors and other needs.

The proposed FY 2023 budget also calls for an increase in federal civilian agency (non-defense) cybersecurity funding of nearly 10.7%. The Biden Administration says it is seeking to increase investments across the various civilian federal agencies to help align them to the cybersecurity practices and priorities outlined in the President's Executive Order 14028, "Improving the Nation's Cybersecurity." The proposed budget says this specifically includes providing funding to facilitate the ongoing transition to a "zero trust" approach to cybersecurity, per the direction of President Biden's May 12, 2021 Executive Order on "Improving the Nation's Cybersecurity." Also in accordance with that order, various federal departments and agencies have been taking steps to enhance public sector and critical infrastructure cybersecurity and to accelerate adoption of zero trust architecture throughout government, and the proposed budget would further support those efforts.

Cybersecurity Landscape

Over the past few years, continued and increasingly damaging ransomware and other cyberattacks against federal, state and local governments, the K-12 and higher education sectors, and private sector enterprises have resulted in intensified efforts to better defend against such attacks. The growing demand for these solutions continues to provide Telos with the privilege of offering our expertise to protect these vitally important organizations.


                                       26

--------------------------------------------------------------------------------

Table of Contents

Ransomware remains arguably the most severe cyber threat to enterprises in the commercial and state, local government and education sectors. Our Xacta offering empowers these organizations and institutions to maintain a strong cyber risk posture to minimize the risk of ransomware gaining a foothold in their IT environment. Should ransomware get loose in the enterprise network, Telos Ghost, our virtual obfuscation network offering, can hide vital resources from view to prevent the payload from reaching them.

Critical infrastructure and industrial internet of things ("IoT") are among the categories at greatest risk of cyberattacks. Energy, utilities, transportation, and food supply were among the critical infrastructure sectors that experienced high-profile breaches or ransomware attacks over the past year. Telos Ghost can hide critical IoT and industrial control systems from the public internet to keep them from being compromised. Telos Ghost can also cordon off financial data, medical records, intellectual property, and other crown-jewel assets from visibility or accessibility by adversaries.

Telos Ghost complements zero trust security, creating an additional layer of defense against intruders by hiding critical resources and users in an anonymous undiscoverable network. As noted above, it protects the crown-jewel assets of critical infrastructure from unauthorized access. Xacta streamlines and automates the critical processes of the leading cybersecurity standards and frameworks, particularly Federal Risk and Authorization Management Program ("FedRAMP"), allowing all process participants to collaborate within the same Xacta application to attain a FedRAMP Authority to Operate. Xacta is also a trailblazer in adopting the Open Security Controls Assessment Language, a multi-format framework adopted by FedRAMP to allow security professionals to automate security assessment, auditing, and continuous monitoring processes.

The Cyber Incident Reporting for Critical Infrastructure Act of 2022, which was signed into law on March 15, 2022 will require critical infrastructure owners and operators as well as federal agencies to report to Cybersecurity & Infrastructure Security Agency significant cyber incidents within 72 hours and any ransomware payments made within 24 hours. Telos believes that having to make such disclosures will make organizations even more sensitive to boosting their cybersecurity posture, and that our Xacta solution will help illuminate their risk profile so that they can better understand the issues and address those issues proactively.

Government mandates and initiatives to assure stronger security in highly regulated industries, as noted above, also lead to opportunities for Xacta. An update to the research study Telos conducted last year reveals that audit fatigue continues to burden these organizations, with automation solutions being recognized as the most effective remedy for the many repetitive and redundant tasks that security compliance requires. Xacta streamlines, harmonizes, and automates the security controls and processes that comprise the leading cybersecurity standards and frameworks, in on-premises, cloud, hybrid, and multi-cloud environments.

The Securities and Exchange Commission has also recently proposed new, mandatory cyber risk management and cybersecurity incident reporting requirements for publicly traded companies. Telos believes this will ensure companies have a sound cyber risk management strategy based on recognized best practices, such as the National Institute of Standards and Technology Cybersecurity Framework, and Telos solutions will support this.

Finally, as a whole, the COVID-19 pandemic has resulted in the acceleration of digital transformation and cloud adoption within the government and beyond, which could increase demand for Xacta and Telos Ghost. Xacta is engineered to manage risk and compliance of complex cloud and multi-cloud environments, a key capability for federal agencies and regulated industries that need to gain and maintain compliance with cloud-specific security regulations. Telos Ghost is a cloud-native, as-as-service offering that delivers network obfuscation and managed attribution capabilities on a global scale to support the cloud-enabled enterprise.

COVID-19 Pandemic

Despite the pandemic's resultant massive shift to teleworking by federal employees and contractors, the government successfully maintained the continuity of services, as did Telos. As the government has developed and implemented its reopening process, and made adjustments based on changing circumstances, officials have said they will seek to continue to maximize the use of teleworking by federal employees. This stance continued during the most recent, renewed surge of COVID-19 variant transmission. As such, with much of the business of government still being conducted by federal employees working remotely through the use of information technology systems, we believe there will continue to be a need on the part of the government for the types of solutions and services provided by Telos.


                                       27

--------------------------------------------------------------------------------

Table of Contents

Reportable Segment

During the fourth quarter of 2021, we revised our reportable segments to reflect changes to our organization and leadership structure. As a result, we established and operate in two reportable segments - Security Solutions and Secure Networks. Prior to the fourth quarter of 2021, the Company had one operating and reportable segment. We updated the results for the prior period to conform to the current period presentation.

•Security Solutions focuses on cybersecurity, cloud and identity solutions. Cybersecurity solutions help our customers ensure the ongoing security, integrity, and compliance of their on-premises and related cloud-based systems by reducing threats and vulnerabilities to foil cyber adversaries before they can attack. Our security engineers and subject matter experts assess our customers' cybersecurity environments and design, engineer, and operate systems needed to strengthen their cybersecurity posture. Our cloud solutions leverage the specialized skills and experience needed to help our customers plan, engineer, execute and accelerate secure cloud migrations while assuring ongoing management and security of enterprise cloud technology environments. Our identity solutions deliver digital identity, biometric, and nationwide enrollment services and address Know Your Customer ("KYC") and identity management challenges for enterprises working within regulated and critical infrastructure environments.

•Secure Networks provides secure networking architectures and solutions to the DoD, IC and other federal government agencies. Our net-centric solutions enable collaboration and connectivity in order to increase efficiency, reduce costs, and improve mission outcomes. We provide an extensive range of wired and wireless, fixed and deployable, classified and unclassified voice, data, and video secure network solutions and services to support defense and civilian missions. Capabilities include network design, operations and sustainment; system integration and engineering; network security and compliance; deployable comms; innovation and digital transformation; service desk; defensive cyber operations; and program management.

Backlog

We develop our annual budgeted revenue by estimating for the upcoming year our continuing business from existing customers and active contracts. We consider backlog, both funded and unfunded (as explained below), other expected annual renewals, and expansion planned by our current customers.

Total backlog consists of the aggregate contract revenues remaining to be earned by us at a given time over the life of our contracts, whether funded or unfunded. Funded backlog consists of the aggregate contract revenues remaining to be earned at a given time, which, in the case of U.S. government contracts, means that they have been funded by the procuring agency. Unfunded backlog is the difference between total backlog and funded backlog and includes potential revenues that may be earned if customers exercise delivery orders and/or renewal options to continue these contracts. Based on historical experience, we generally assume option year renewals to be exercised. Most of our customers fund contracts on a basis of one year or less and, as a result, funded backlog is generally expected to be earned within one year from any point in time, whereas unfunded backlog is expected to be earned over a longer period.

© Edgar Online, source Glimpses