Please ensure Javascript is enabled for purposes of website accessibility
Colliers International
Clockwise from top right, Ryan Miller, an associate at Colliers International, George W. Santos II, managing director and principal at Colliers International, and business consultant Art Jacoby say the state’s growing cybersecurity industry needs to develop more private-sector business. (The Daily Record/Maximilian Franz)

Finding the key to the next stage

Cybersecurity industry has the buzz but is lacking commercial customers

It’s no secret that the cybersecurity industry exists in Maryland.

The state hosts the annual CyberMaryland conference. It offers a tax credit for qualified cybersecurity companies. It recently launched a cybersecurity roundtable to discuss the industry. The state’s claim to be the “epicenter for cybersecurity” has been thrown around. A lot.

“There are a million events going on,” said Art Jacoby, an experienced business growth consultant. “Everybody’s doing their own thing. Everybody wants to be in charge.”

Maryland’s cybersecurity businesses have plenty of conferences, discussions, panels and pep rallies, support from higher education institutions and state government entities. And they know how to get business through government contracts.

But to grow these companies from small startups to economic engines, they will need something else: commercial customers.

“We really need to start to hone the commercial side of the cyber enterprise,” said Tom Sadowski, CEO of the Economic Alliance of Greater Baltimore, at a recent Chesapeake Regional Technology Council event. “We can’t continue to be the recipients of all this money and not find commercial applications.”

More business, more jobs

Art Jacoby wanted to know what tech companies were thinking about all of these cyber-focused events. He went to eight different cyber events in three months and sought feedback from the businesses that make up the so-called epicenter. His conclusion: “They’re preaching to the choir.”

“I just got tired of listening to all the yacking,” said Jacoby. So the self-proclaimed “instigator” formulated a plan.

His goal: thousands of $100,000 jobs in Maryland.

The method: speed dating.

According to a report from the Economic Alliance of Greater Baltimore, Maryland’s cybersecurity industry currently has about 20,000 job openings. Those types of jobs in the Baltimore region paid about $94,000 a year on average in 2012, according to U.S. Bureau of Labor Statistics data. In the Washington, D.C., region, they paid nearly $105,000.

Jacoby sees the opportunity for more of those jobs by connecting large companies in the area with Maryland’s cybersecurity startups. All he asks of the larger player is one hour to meet with a few cyber companies, two to four times per year.

“Nothing happens until there’s a sale of something,” he said. “I want to spoon feed them.”

It just takes that first meeting, only 15 to 20 minutes per cyber startup, to get the conversation started. Jacoby said that in about 10 months the project has led to at least six serious partnerships between large companies and cybersecurity contractors, with more potentially in the works.

“We haven’t spent a penny,” he said. And once the commercial deals begin to flow in, the tech companies will need more employees to get the work done.

Jacoby hasn’t been working alone. He has garnered support from local economic development groups and the Maryland Chamber of Commerce. He also teamed up with George Santos and Ryan Miller at Colliers International to get in front of the larger companies.

Together, they’ve been hosting about six to eight meetings a month, Santos said. The “big guys” can be difficult to penetrate, he said, but “we know the secret handshake with them.”

And recent events have helped to perk their ears on the topic.

“We’re starting to see stories now every other week of a company being hacked,” said Santos. “That’s a wake-up call for CEOs of other companies.”

The answer to their problem is not always a big-name business, but often a small startup with a specific niche.

“Now everyone is aware there is a (cybersecurity) problem. Now it’s where do I go to solve it,” said Miller. “There’s a ton of smaller and midsize cybersecurity companies out there doing great cybersecurity work, but they’re not known because of the Northrop Grummans and the Booz Allen (Hamilton)s of the world.”

When government isn’t enough

Many of those small and midsize companies serve government entities. The nearby federal installations at Fort Meade are the reason for Maryland’s prominence in the industry, said Jacoby. But they may not be able to fuel the future.

“We’re going to continue to see growth in the military and government customers, but that’s going to plateau,” said Jeffrey Wells, executive director of cyber development for the Maryland Department of Business and Economic Development. “Government spending can only go so far.”

Government is not the only entity that needs to keep its digital systems secure. Dozens of companies need to keep their operations and information safe from malevolent hackers — banks, health care systems, retail stores, the list goes on. But these companies, as Santos said, want to work with those who know “the secret handshake,” with whom they have relationships.

“There’s a huge business-to-government relationship” in the state, said Jacoby. “But business-to-commercial sales are tiny.”

Rockville-based SilverRhino LLC stands as an example. The company has contracts in the public and private sectors, but no commercial clients in Maryland.

“What Art is doing is exceptionally important for that reason,” said Bill Webb, president of SilverRhino. “We have some of the best cyber capabilities here in the whole world. We have people and we have processes and technologies that they simply don’t have out in the commercial marketplace.”

And that space provides quicker opportunities for companies that can keep up with the pace of big business.

“There’s not as much red tape and regulation,” he said. “If someone has a problem and you have a solution and you come to an agreement, it can be done very quickly.”

SilverRhino plans to meet with the large businesses in the near future, said Webb. Jacoby recently introduced the company to what could be its first Maryland-based commercial client — a small business in the financial services sector.

The potential deal terms came together in a matter of weeks, said Webb, but in the public sector it might have taken years.

“The most important thing”

Baltimore-based Integrata Security has enjoyed support from the state, including investments from Maryland’s Technology Development Corp., or TEDCO. The company’s product, a Wireless Intrusion Detection System, was developed by the National Security Agency.

But that support alone is not enough, said CEO Mike Geppi.

“It’s not just about funding. It’s not just about talent. The most important thing, especially to a startup, is customers,” said Geppi. “Meeting with potential customers is the most important thing that can occur. Period.”

Jacoby and his team have helped Integrata to set up meetings with dozens of potential customers, said Geppi, and about 60 percent of those meetings move forward to the second stage.

“Large companies frankly need innovative startups because that’s an environment where innovation exists,” said Geppi. “We have some amazing companies here … these are some companies that are doing some very creative, technologically advanced problem solving.”

He mentioned ZeroFOX, which deals specifically with social media-related cybersecurity, and RedOwl Analytics, which uses statistics to help mitigate cyber risk, as examples. But there are many more.

Jacoby recently created the state’s first directory of cybersecurity companies, with recruiting help from the state Chamber of Commerce and others. It’s not comprehensive yet, but it already lists nearly 80 businesses.

Right space, right time

One of the companies in the directory, South River Technologies Inc. has the opposite story from many of the others. South River has long been in the commercial space for cybersecurity, but it has not crossed to the government side.

“We don’t focus on going after contracts,” said CEO Michael Ryan, who Jacoby has advised for years. “There are a lot of companies that do that.”

South River Technologies was born at the turn of the 21st century. Its software allows businesses to create their own secure cloud computing network.

The company is headquartered in Annapolis but does about 99 percent of its business outside of Maryland and more than half outside the United States, so it doesn’t need a lot of employees in Maryland. It has about a dozen, and works with distributors in other countries.

Ryan said he used to go to a lot of cyber networking events, but most of them were focused on the government sector. Now, he said, with events like the Chesapeake Regional Tech Council’s Commercial Cyber Open Forum Meetings, that’s beginning to change.

“That’s directly in my sweet spot,” he said.

Ryan isn’t intimidated by the idea of other cyber players entering the commercial world, he said, because his company’s offering is unique enough. On the contrary, he’s excited about the buzz.

“The commercial space is finally waking up,” he said. “We’re in the right space, finally, at the right time.”