For many years, technology startup activity in the metropolitan Washington D.C. area has been respectable but very narrowly focused. Most of these startups, including cybersecurity companies, have traditionally targeted the federal government as their primary customer because the government has always been a much easier sell than the broad commercial market.
This is rapidly changing, however, and the development is worth watching. Seed stage investments, in particular, have gotten bigger and more numerous, in part because more of them are focusing on developing cybersecurity and data science products for the commercial sector, wherein lies the real growth potential. Servicing the federal government is not a recipe for impressive growth.
Over the past three years, commercially-focused cybersecurity and data science startups have exploded in the greater Washington D.C. region, which includes parts of Maryland and Virginia. This is a noteworthy transition – one representing a budding cybersecurity and data science startup ecosystem. It is entrepreneurs who create most of the jobs in America. And technology companies overall grow faster and pay employees better than many other industries. If the Washington D.C. metroplex shows the way, it could become a guidepost for other areas and help catalyze the successful creation of additional cybersecurity and data science startup centers elsewhere.
Metro DC Cyber Startup Activity
According to PitchBook, 145 cyber startups in Washington D.C., Maryland and Virginia were financed in 2017, an increase of 15% over 126 in 2016 – and, most striking, an increase of 53% over 95 deals in 2013. The average investment per deal was $2.13 million – a respectable amount for seed-stage deals — and this figure is up from $1.5 million in 2016 and only $1 million in 2013.
A growing number of startup employees today come from the National Security Agency in Fort Meade, Maryland, which has roughly 130,000 employees who also work for entities such as the U.S. Cyber Command and the Defense Information Systems Agency. More of them are being tempted by the opportunity to start a cybersecurity business or join one on the ground floor with equity participation.
As a group, they also bring a substantial advantage to cybersecurity and data science startups: Unlike the case in Silicon Valley, many of these pros have experience in “offensive,” as well as “defensive” cybersecurity, and at the highest nation-state level. This reflects the reality that defensive measures alone are inadequate.
The region already has bragging rights as the home of successful cybersecurity startups. In 2013, Cisco bought Maryland-based Sourcefire for $2.7 billion. The same year, FireEye acquired Virginia-based Mandiant for $1 billion. Promising and mature startups in the area today include Tenable, Sonatype, Dragos, TaaSera, Cofense, Lookingglass Cyber Solutions, Enveil, Distil Networks, ThreatConnect and ReFirm Labs.
Other Regions Have Tried to Create Startup Ecosystems
The Washington D.C. metroplex is hardly the first region to try to become a startup job creation machine, epitomized by Silicon Valley and, to a lesser extent, Boston. Other cities that have pursued this goal include Austin, Chicago, New York, Seattle and Pittsburgh.
In addition, as cybersecurity has stepped to the forefront as one of the world’s fastest-growing industries, state governments and pro-business groups in Texas, Florida and elsewhere are positioning themselves to try to attract venture capital investment. Some are even commissioning impact studies, developing tax incentives to attract companies to their regions and in select cases investing in cyber startups with money from state coffers. They are also crafting academic programs for public universities in hopes of generating the next crop of skilled cyber pros poised to make a good living and stay local.
So far, however, only one city has truly developed a new technology-oriented startup ecosystem – Austin, where more than 200 technology startups last year attracted $1.2 billion in venture capital. The other cities have made some progress, but nothing like this, because it is a daunting task requiring the creation of a strong and multi-faceted startup ecosystem, mostly from scratch.
The Area’s Biggest Advantage
What Washington D.C., Maryland and Virginia have going for them — and other regions do not — is an unusually large bank of cyber talent The area has more than three times as many cyber-related engineers as the rest of the country combined, according to the U.S. Bureau of Labor Statistics. Increasingly, more young talent is leaving the government to help startups solely focused on the commercial market.
To be sure, ingredients are missing from the area’s cybersecurity ecosystem, including operating talent and what is known as “relevant capital.” Operating talent refers to entrepreneurs who have demonstrated expertise and leadership skills in the commercial cybersecurity and data science industry. Relevant capital refers to venture capital firms and other investors with experience in building cybersecurity startups focused on the commercial sector and the resources to do so again.
Nonetheless, the area has the tools to continue increasing its cybersecurity startup growth trajectory, at least for a while.
One bright spot is the University of Maryland, which boasts one of the best cybersecurity programs in the country.
BlueVoyant –- and Lavrock Ventures
In other recent developments, startup BlueVoyant – a provider of advanced threat intelligence and managed security services – has announced the establishment of a global cyber analytics center in College Park, Maryland, which will initially employ 25 analysts and data scientists. In addition, Washington. D.C.-based Lavrock Ventures has just announced the closing of its first $25 million fund to invest in early-stage startups at the intersection of enterprise software, cybersecurity and national security.
To develop a serious and self-sustaining cybersecurity ecosystem, the Washington D.C. metroplex needs more help from the government of Maryland and more capital. It needs more prominent cybersecurity startup winners as well. But things are moving in the right direction, and success begets success.
In addition, no small plus is that the global demand for cybersecurity goods and services keeps growing at a rapid pace in an industry in which change is the only constant. There is plenty of room for additional, high-value cyber startups, and metropolitan Washington D.C. hopes to be among the nation’s major contributors.
*** This is a Security Bloggers Network syndicated blog from RSA Conference Blog authored by Mike Janke. Read the original post at: http://www.rsaconference.com/blogs/can-the-washington-dc-metroplex-become-a-major-hub-for-cybersecurity-startups