| Follow Us: Facebook Twitter LinkedIn RSS Feed


The Cyber Beltway: the startups tackling 2015's biggest challenge

Jonathan Aberman, left, founded a public-private partnership designed to get innovative startup technology into the hands of the federal government. He believes that by doing so, the D.C. region can gain "unbelievable opportunities" in cybersecurity.

Thanks to the recent hacking scandal at Sony, cybersecurity has been front and center in the news lately. In President Barack Obama’s State of the Union, he urged Congress to pass cybersecurity reforms. “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” he said.

Here in the DMV, thanks in part to the area's proximity to national defense agencies, cybersecurity is a lot more than a headline. It is a growing industry that generated roughly $65.7 million in venture funding in the D.C. area (D.C., Maryland, Virginia, and West Virginia) in 2014, according to the PricewaterhouseCoopers/National Venture Capital Association MoneyTree™ Report, based on data from Thomson Reuters. "Cyber" has its own accelerators, think tanks and public-private partnerships. Today, we shine the light on cyber and look at some companies and initiatives within our region that are making a play for some of the capital circulating in the cyber vertical. We'll also take the pulse of some proposed partnerships that are designed to get private cyber solutions into government hands at an accelerated pace.

"We're attracting entrepreneurs from all over the world," says Rick Gordon, managing director of Mach37, a cybersecurity accelerator based in Herndon. "This is the place to be. We have the domain experts to start cybersecurity companies here."

Growing cybersecurity startups in the DMV
There are too many startups in cybersecurity in the region to name them all, which only underscores how important this industry is for our local tech sector. Among the growing companies are Endgame, an Arlington-based security intelligence and analytics company that recently raised $26.3 million in venture funding, Triumfant Inc., a Rockville-based startup that looks for malware on systems and secured $2.75 million in venture funding this year, and distil networks, based in Arlington, a bot- and spam-blocker that raised roughly $11.4 million in early stage venture funding earlier this year.

One of the region's biggest success stories of late is ThreatConnect. The company was founded in 2011 by a team of former security analysts, several of whom came from government agencies. ThreatConnect sells a product that helps security professionals analyze data faster and thus make security decisions faster; the company recently raised $4 million in venture funding and is moving to bigger digs in Arlington to make room for its team of 42, which CEO Adam Vincent expects to more than double in size by the end of 2015.  
"We're attracting entrepreneurs from all over the world. This is the place to be."

Vincent says that when he and his cofounders first got together to compare notes about how their agencies were tackling security, he was astonished. "People were spending half their day processing data by hand. I said, 'Are you kidding me? That's how you defend your organization?' No one had any plans of fixing the problem. I said, 'I'm going to fix it.'"

Fast-forward four years. ThreatConnect has clients in 750 organizations around the world. "We're in over 40 of the Fortune 100 companies," Vincent says. "Fortune 500 companies realize that they need to organize their data and [security] processes. Threats are moving more quickly than they can."

Vincent says 15 to 20 percent of the company's sales are to the government; the rest are all to private enterprise. "The government is still on our shortlist [for sales opportunities]," he says. "[Government] agencies value people over information, though. As government budgets decrease, job [scope] increases. They're going to have to find ways for people to their job better." He hopes that ThreatConnect can help with that.

Bridging the public-private gap: TandemNSI
When President Obama visited the National Cybersecurity and Communications Integration Center in Arlington January 14, he acknowledged that the public and private sectors don't always play nicely together in the world of cybersecurity:

"The problem is that government and the private sector are still not always working as closely together as we should," he said. 

Jonathan Aberman, managing director of investment fund Amplifier Ventures, has long held a similar view. "Nontraditional sources of innovation aren't reached by the Pentagon," he says. "Entrepreneurs aren't interested in SBIR grants [federal government grants for small businesses working on innovative research]." Aberman says the process "takes too long or is too complex."
In February 2014, Aberman founded TandemNSI, a public-private partnership in Arlington, Va., to bring national security agencies and entrepreneurs to the same table to work on solving issues of national security. Since its founding, TandemNSI has held educational and pitch events and has succeeded in breaking down some of the public and private silos that inhibit innovation.
"[We] have been hugely successful," Aberman says. "We've gotten the DIA [Defense Intelligence Agency] and DARPA out into the world. Entrepreneurs will meet them halfway. This year, [we're working on] one or more contract vehicles [to make] it easier [to get] science and tech funding for entrepreneurs, and [to make sure] the right people get that funding. One year from now, those structures will exist."
Aberman cannot disclose which startups in the private sector have found government partners. "Those meetings are confidential due to government restrictions," he says. "But [at a recent] event, a DARPA PM told a story about a company that he found at a TandemNSI event. He has subsequently engaged in whiteboard sessions [with this company] at his office. I also know of specific companies that have called on DIA and DHS due to meeting representatives at Tandem events."
"We gotta close the deal. If we're successful, this region's going to have unbelievable opportunities."

"TandemNSI can be a rapid source to turn federal government national security agencies into angel investors for entrepreneurs. I believe that we know how to do that. We gotta close the deal. If we're successful, this region's going to have unbelievable opportunities. If not, we gave it a good try."
Incubating cyber startups: Mach37 and Key Cybersecurity
For startups, landing a contract with a government agency can feel like an insurmountable, arduous task. One way to go about it is to get a job working for the government, or for a government contractor, and then spin off a startup after you become a trusted agency. That was the path Raphael Mudge, CEO of Strategic Cyber, took. In 2008, Mudge started his post-military career as a defense contractor and then founded his own company. Strategic Cyber’s flagship product, Cobalt Strike, simulates hackers’ attacks, letting “the good guys” test how secure their networks really are. He sells his software to the military, defense contractors, and private industry.
"The government is the world's biggest buyer for cybersecurity," says Gordon, the Mach37 director. "If you build it for commercial [markets], the government will buy it too." Mach37 graduated its latest class of cybersecurity startups, in areas like cloud security, encryption, and incident response, late last year. 
"Starting any technology company is hard—not just cyber," says Gordon. "And, honestly, cyber used to be a lot harder than it is today. However, compared to other technology sectors, cybersecurity can be more esoteric and is generally more capital intensive than, say, a parking application for a mobile device. This can discourage traditional angel investors who fill a critical seed stage funding role from participating.  That is one reason Mach37 exists - to fill the gap that many seed stage investors will not."
"We have talent from NSA and from defense contractors. You don't have to move to Silicon Valley to be successful."

Rose Wang, CEO of the Binary Group, a small business founded in 1996 that provides tech and data analytics solutions and contracts with federal government agencies, says that startups that want to work with the government have to have “stick-to-it-iveness…The federal government is a huge bureaucracy…with a long learning curve. A lot of product companies have to have a return on their investment fast, in three to six months."
Shawn Key, CEO of Key Cybersecurity, has been through Mach37 and is feeling the limitations that Gordon and Wang elucidate. "I have no hair," he laughs. "The government is slow and bureaucratic. If you go one direction [with an agency]," he says, "it's not favorable to submit to a different agency as well."  
"Getting noticed is 90 percent of the battle," Key says. His company makes CyberMerlin, a product that identifies illicit files and associated activities for Fortune 500, federal and other networks. "We find the existing threats that other programs cannot." CyberMerlin even helped track down two NoVa teens who had gone missing; the software found clues on the girls’ computers and ultimately tracked them to a library in New York.
Key is currently working with five "paid pilot" customers "to ensure our solution meets the scalability needs of the Fortune 500 enterprise network marketplace."
Key Cybersecurity is starting to get noticed. The company was selected to join the Dell Founders 50 Club, a two-year accelerator program for entrepreneurs. Key says that as a direct result of that program, he was able to get a meeting with the global chief security architect for Dell. "Our Dell Founders 50 Club incubator is … actively involved in our success. We also obtained additional funding this week from private sources who, simply stated, seem to be ahead of the curve and are willing to take calculated risks. If you want huge ROI, [you have to] get in the game early."

Key likes working in the cyber field, despite the challenges he has faced. "If it was easy, everyone would do it," he explains. "The potential ROI is great if the solution [your company offers] is widely accepted and adopted. For us, the added social impact value of our solution merits the effort and endeavor."
D.C., the Cyber Beltway
Between the public-private partnerships, the incubation efforts, the proliferating cyber startups and the deep industry knowledge, the D.C. region is becoming more focused on cyber as the minutes tick by.
"We're in one of the most security-focused areas of the world," says ThreatConnect’s Vincent. "We have talent from NSA and from defense contractors. You don't have to move to Silicon Valley to be successful."
Mach37’s Gordon echoes Vincent's thoughts about the DMV being the center of cybersecurity innovation. "The intellectual center of cyber operations is in this region," Gordon says. "Whether you are talking about offensive or defensive operations, more people per capita know how to penetrate a network or detect those who have. If you really want to understand the threat well, you need to have close ties to those who are dealing with it on a daily basis."

Read more articles by Allyson Jacob.

Allyson Jacob is a writer originally hailing from Cincinnati, Ohio, and is the Innovation and Job News editor for Elevation DC. Her work has been featured in The Cincinnati Enquirer and Cincinnati CityBeat. Have a tip about a small business or start-up making waves inside the Beltway? Tell her here.
Signup for Email Alerts
Signup for Email Alerts

Related Content