Surge in Cybersecurity Revs Up Startups
By David Hodes
Cybersecurity firms flock to locations where they can find the talent to develop solutions to combat cyber threats.
Cybersecurity has broadened out to include more than just protecting data between and among governments regarding their military operations. Now commerce needs help — and fast. And that, in turn, has created new opportunities for one of the fastest growing industries in the United States right now.
According to a new report on the U.S. cybersecurity market, the market already is valued at $65.5 billion and will grow steadily at a pace of more than 6 percent per year during the next six years. And it’s the mid-Atlantic corridor that stands to benefit.
Gov. Martin O’Malley announced in January 2013, that Maryland ranks among the nation’s leaders in cybersecurity jobs, according to the Cyber Jobs Report, released in 2013 by the Abell Foundation & CyberPoint International LLC. That study searched approximately 340,000 cybersecurity jobs offered by more than 18,000 companies across the country and found that Maryland had 19,413 job openings in the industry, with more than 13,000 of these job openings located in Baltimore City.
Simply stated, cybersecurity has now evolved into protecting data and processes and systems that exist on a microchip that is powered by electricity. But there’s more. “Cybersecurity is really about people, a human issue that uses technology to solve problems … or raise other problems that need to be solved. And those technologies change daily.”
That is the opinion of cybersecurity offered by Jeffrey Wells, executive director of cyber development at the Maryland Department of Business and Economic Development, adding that it’s no argument that Maryland is the epicenter for cybersecurity in the nation … if not the world. “And that is probably due to the DNA that we have here,” Wells says, referring to the National Security Agency at Fort Meade and the 16 institutions of higher learning in the state.
Cybersecurity has gained a strong and steadily growing foothold in the entire mid-Atlantic area, fanning out from Maryland and now growing into a larger industry as commerce begins to understand the threats that are facing it, Wells says.
The state’s cybersecurity network includes 12 major military installations, 400 federal, academic and private research centers, and 50 federal agencies with research and development functions.
In May 2013, the NSA broke ground on the High Performance Computing Center-2, an NSA-run facility that will be located at Fort Meade.
“We are headquartered in Maryland because of the government technologies that go into our products. But our other company is in San Mateo because we need state-of-the-art commercial technologies as well. We can get some of the government know-how and add that to our commercial technology, like for managing and protecting big data.”-Chris Fedde, executive v.p., KEYW Corp.
“But cybersecurity is not just national security. It’s not just espionage. It’s economic stability, it’s individual privacy,” Wells says. “And it really is protecting the global way of life and doing business as usual here in the U.S.”
Chris Fedde, executive vice president of startup KEYW in Hanover, Md., founded in 2008 with 60 employees, says the startup has grown quickly by acquiring a number of other intelligence community-related cyber companies during the last six years. “We are headquartered in Maryland because of the government technologies that go into our products,” he says. “But our other company is in San Mateo because we need state-of-the-art commercial technologies as well. We can get some of the government know-how and add that to our commercial technology, like for managing and protecting big data.”
Fedde is also the president of Hexis Cyber Solutions, a company formed by KEYW to develop and market their Hawkeye family of products for business IT infrastructure protection more along the lines of helping deal with the issue of cyber threats that have already found their way into the network. “You do what you can on the perimeter, then do what you can inside the network,” Fedde says. “But then the question as a result of the really advanced threat is what are you supposed to do once it gets inside your network?”
KEYW is one of the many new startups following the new directions — and a growth strategy that many startups are embracing — in commerce cybersecurity and not just military cybersecurity needs today.
And that is a very good thing, Wells says. “In the post-Snowden world, one of the more interesting things we have seen is a rise in the startups that are focused on providing privacy and information security to the general consumer,” Wells says. “So I think that the free market is much better suited to move at the speed to meet the ever-changing threats and customer demands than legislation will ever be able to catch up with.”
Fedde says that there has been a sort of “tectonic shift” over the last year understanding how vulnerable everybody is. He says that government organizations and other industries like banking and insurance have known for years that the threat can get inside. “It’s not news to them.”
But, Fedde says companies like Target and Neiman Marcus didn’t understand that the threat can get inside. “If it wants to get inside it will find a way to get inside,” he says.
There are a number of studies about dealing with cyber threats now for business today. One from Verizon, the 2014 Data Breach Investigations Report, says that it typically takes a few hours for the threat to compromise a network, but weeks or months before evidence of the compromise is seen. “And then it takes weeks or even months to get rid of it,” Fedde says.
Fedde notes his flagship software is designed to get the human out of the loop, and instead focus on the ability of the computer to solve the problem. “Any time you have human speed involved, you are going to lose,” he says. “You need computer speed to detect the threat, determine what the threat is and then remove it. You can do all of those at computer speed, and remove the threat before it has had time to compromise the network.”
Jon Iadonisi is a former Navy Seal, a cyber-expert for the U.S. Department of Defense and the U.S. government and the founder of Alexandria, Va.-based White Canvas Group, a company that specializes in cultivating alternative and disruptive strategies in cybersecurity.
He says that anybody who knows anything about cybersecurity will tell you that it’s not just about a firewall or a tool. “It’s about a mindset,” Iadonisi says. “It’s about scholarship. It’s about ingenuity. I look at criminals that are inherently creative and so if we want to beat them we are going to need people that are even more creative than they are. This should be somebody with a background in encryption and software development who should meet the foreign policy person and they should meet the molecular scientist. Because when you put talent and brains together you get a sum that is greater than the parts.”
Iadonisi adds that one of the things he saw operationally in the field of combat is that the bad guys they were going after were operating on a sort of innovation line that really didn’t have any limits because they were forced to innovate in order to effectively operate in their environment.
“So mobile cybersecurity and all that stuff has been tested, developed and successfully used and improved at the federal government level and for the first time, those kinds of capabilities are now in very high demand in the commercial businesses.”-Andrew Lustig, organizing board member, MissionLink and attorney for Cooley LLP
“So they take off-the-shelf products like iPhones and Androids and online chat systems and they reconfigure them for operational use,” Iadonisi says. From the U.S. military side they were using giant satellite backpack radios. “So looking at the disparities between them and us, my reaction was this is not only untenable but its borderline ridiculous,” Iadonisi says. “It’s not really the way to fight. You have to fight like the enemies are fighting. So why don’t we start building technologies that resemble ad-hoc pure innovation from the benches of people who actually used these technologies and design them that way. That was the inception of how we started creating stuff.”
The collaborative environment and the intellectual meeting of the minds that cybersecurity needs for faster and more efficient development was at the root of MissionLink, a non-profit executive-level forum designed to foster collaboration and innovation among a network of business leaders, CEOs, decision makers, critical thinkers and pacesetters from the most promising companies dedicated to or interested in defense, intelligence and national security.
Attorney Andrew Lustig, a member of the organizing board member for MissionLink, and a partner at Cooley LLP and head of the mid-Atlantic business and finance group for that Reston, Va.-based firm, says that the idea for MissionLink came about when he had a client that was trying to solve a problem that another client also had. “So we just floated the idea that ‘Hey, if we could get a group of CEOs together, a lot of the problems you guys are trying to solve are things everyone else is trying to solve,’” Lustig says. “So hands-down everyone was extremely interested.”
The MissionLink goal is to accelerate the delivery of what they call innovative solutions from the private sector to the federal sector. Another part of MissionLink’s goal was connecting CEOs from high growth cybersecurity companies — some growing by 200 percent and 300 percent — to understand growth strategies because many of them were just good engineers and not necessarily good business managers.
“There is no question right now that there is a key crossover between all these solutions that are being delivered by the federal market that are equally and even more so in demand in the commercial market,” Lustig says. “So mobile cybersecurity and all that stuff has been tested, developed and successfully used and improved at the federal government level and for the first time, those kinds of capabilities are now in very high demand in the commercial businesses.”
But as it evolves, Iadonisi says that the future of the cybersecurity business is not just about understanding the technological tradecraft but inherently the human psychology that goes into it. “In 90 percent of the breaches, including credit card breaches, somewhere a guy opened a door at the back end,” he says. “Some of our training explicitly addresses that. So we view security as intrinsically holistic and human-centered but augmented by tools.”
For more information about the organizations featured in this article, contact:
Maryland Department of Business and Economic Development
White Canvas Group
Illustration by khunaspix at Free Digital Photos.net