By Jenny Vickers
From the March/April 2018 Issue
You only have to glance at today’s headlines to know that cybersecurity has surged to the top of the list of U.S. national security concerns. The good news is that more than a dozen states are engaged in a fierce competition to head the emerging leaderboard in cybersecurity facilities and programs. What the best initiatives have in common is close cooperation between U.S. Defense and intelligence assets and world-class institutions of higher education.
Cybersecurity is quickly becoming the most lucrative of careers in IT, but the red-hot demand for certified IT security professionals is already creating a nationwide shortage. According to industry experts, currently there are roughly half a million cybersecurity-related job openings in the United States, but the gap between available workforce and demand is growing exponentially. By 2019, there will be 6 million job openings for information security professionals—but only 4.5 million security professionals to fill those roles. Industry analysts say there will be a projected need for 1.8 million additional cybersecurity professionals to fill the workforce gap by 2022.
According to the Bureau of Labor Statistics, the annual rate of growth for jobs in information security is projected at 37 percent between now and 2022; IT security jobs offer salaries three times the national average.
Here’s an in-depth look at locations that have established a leadership position in cybersecurity, an emerging high-tech sector racing to meet a growing threat.
GEORGIA: RED HOT CYBER HUB
Georgia has become a hotbed for cybersecurity activity, ranking third in the nation for information security with companies in this sector generating more than $4.7 billion in annual revenue.
More than 14,300 tech companies and 115 information security companies, such as Check Point Software Technologies, Dell Securworks and IBM Security Services, are located in the Peach State. They benefit from a talent pool of nationally ranked cyber institutes such as Augusta University, Columbus State University, Georgia Institute of Technology (Georgia Tech) and University of Georgia.
Last April, Fortune magazine named both Atlanta and Augusta as two of the “7 Cities That Could Become the World’s Cybersecurity Capital.”
Atlanta is home to Georgia Tech, a vibrant corporate and funding eco-system, and local champions like Tom Noonan who has been dubbed as the “godfather of Atlanta’s cyber scene.” The city also is home to companies like Pindrop, a fast-growing startup up which uses sophisticated analytics to root out phone fraud.
Augusta has risen up in cybersecurity ranks in recent years, with a new arsenal of initiatives aimed at further solidifying its status as a cybersecurity hub.
The state is investing $93 million for a world-class cyber range and training facility in the city’s downtown. A portion of Augusta University’s Riverfront Campus will become the Georgia Cyber Innovation and Training Center, the state’s centerpiece for cybersecurity research and development.
Earlier this year, Governor Nathan Deal announced $58 million for the creation of the training center, then announced in November 2017 another $35 million to expand the facility to include an incubator hub for technology startups as well as a training space for the state’s cybersecurity initiatives and workforce development programs.
“Given Georgia’s growing status as a technology and innovation hub, this additional investment will further cement our reputation as the ‘Silicon Valley of the South,’ said Deal. “When complete, the center will house a cyber range, the Georgia Bureau of Investigation’s new cybercrime unit and an incubator for startup cybersecurity companies.”
The new center will allow technology companies to establish fellowships, internships and co-op program opportunities for students and employees. It will also serve as a training facility for information security professionals employed by state and local governments.
“Cybersecurity technology is changing at a disruptive speed and today, that rate of change is likely the slowest it will be in our lifetime,” said Deal. “This visionary approach to cybersecurity underscores our commitment to encouraging innovation and developing a deep talent pool ready to establish Georgia as the safest state in the nation for today’s leaders in technology.”
The Georgia Technology Authority (GTA) is overseeing construction and operation of the cybersecurity center facilities. GTA partners include the U.S. Army Cyber Center of Excellence (ARCYBER) at Fort Gordon, the Georgia National Guard, the Georgia Bureau of Investigation, the City of Augusta, the University System of Georgia, the Technical College System of Georgia, local school systems and private corporations.
The first phase of the Hull McKnight Georgia Cyber Innovation and Training Center is scheduled to open on July 10, 2018, and the second building is planned for completion in December 2018.
Augusta’s cybersecurity assets have helped to attract companies such as global tech giant Unisys, a $3.5-billion global provider of information technology services. The company has opened its newest North American client service center in Augusta citing the vibrant local economy, state and local leadership, and a well-educated, smart workforce as a few of the reasons it located there.
“Augusta already plays a key role as the headquarters of our growing security business,” said Dale Dye, regional site executive director for Unisys. “Tom Patterson, Unisys Chief Trust Officer, is based in Augusta. We see potential for an expanded role for Augusta in our security business.”
Unisys’ new center provides services to the U.S. Army, which recently selected Unisys for the Army Enterprise Service Desk, a single point of contact for Army personnel who need help desk or other end user IT support services. Unisys located in Augusta because of its proximity to Fort Gordon, headquarters of the Army Cyber Center of Excellence (ARCYBER).
“Fort Gordon is a source of veterans and military spouses knowledgeable in IT who can easily adapt to IT service and management roles,” said Dye. “We can help with the transition to civilian life by offering competitive and sustainable jobs that help keep a highly desirable employee population within Georgia.”
About 4,700 high-tech military personnel will be relocated to Fort Gordon as part of the growth within military intelligence, cyber and the National Security Agency, with the Army spending an estimated $2.1 billion in facility improvements by 2020.
Unisys plans to increase the number of its employees in downtown August from approximately 300 to 700 within the next two years to keep pace with ARCYBER’s demand for cyber professionals.
Georgia is also reshaping its statewide education system to strengthen technology curriculums and increase the cybersecurity talent pipeline in the area. Georgia Tech is home to 12 labs and centers dedicated to cybersecurity, with nearly 500 scientists, faculty and students involved with cybersecurity research, as well as the Advanced Technology Development Center (ATDC), the state’s technology incubator, helping organically grow companies throughout the state.
In March 2018, the institute announced eight technology startups that will go through an early-stage venture fund creating by Georgia Tech and 10 leading global corporations. The Engage Ventures growth program differs from other accelerators in that it targets later stage companies and helps them develop and execute go-to-market strategies.
“Bringing top executives from our corporate partners together with founders of high-growth companies to focus on go-to-market has unlocked immense value,” said Thiago Olson, managing director of Engage Ventures. “We’re humbled by the talent pulled together this spring.”
Companies in the spring cohort are pioneering technologies spanning from autonomous flight to artificial intelligence to blockchain. Half of the startups have Georgia Tech connections. Three are current portfolio companies in ATDC and a fourth participated in CREATE-X, a series of entrepreneurship programs for undergraduate students.
ONTARIO: EMERGING CYBER LEADER
Over the past few years, Ontario has seen steady growth in the number of cybersecurity companies setting up shop in Toronto, Kitchener Waterloo and the Ottawa region. The province is home to more than 90 small-medium sized companies focused on cybersecurity and also is home to large multinationals such as IBM, Symantec, McAfee, TrendMicro, Cisco and Checkpoint, who have cybersecurity offices across the province.
“In an economy that is becoming increasingly digital, our personal and commercial privacy is of utmost importance,” said Stephen Del Duca, Ontario Minister of Economic Development and Growth. “Ontario is an emerging leader in the world of cybersecurity, with a number of home grown companies producing leading-edge technology to ward off cyber threats. We’re committed to developing the next generation of highly skilled talent to address the needs of an ever-changing digital economy.”
eSentire is among Ontario’s fast-growing group of cybersecurity companies—a hub of innovation that’s gaining recognition for advanced solutions to today’s complex data protection challenges.
“Where other cybersecurity companies might rely on tools such as firewalls and anti-virus programs to detect and block hackers, eSentire takes proprietary, leading-edge detection and prevention technology and combines it with live security analysts who assess and resolve attacks,” said Trevor Dauphinee, Vice President, Strategic Accounts, Ontario Investment Office. “This approach has earned eSentire a great deal of respect in the industry.”
Toronto’s SecureKey Technologies is using innovative solutions to simplify consumer access to online services and applications by letting them use their digital credentials with trusted providers.
For example, Canadians who want to check the status of government benefits such as pension or employment insurance can choose SecureKey’s Concierge Service solution to sign in to the Government of Canada website through their bank. SecureKey is in the process of launching a new service that makes it simpler for consumers to share their identity and their other data in a secure and private manner.
“Ontario is a natural choice for both small and large cyber-security firms,” said Dauphinee. “We have one of the world’s soundest banking systems, where companies can maximize profit and minimize their risk.”
To meet the needs of industry, Ontario’s post-secondary institutions are ramping up cybersecurity-focused programming and curriculum.
Ontario’s 44 colleges, universities and private career colleges produce 40,000 STEM graduates, and 44,000 business graduates a year. In fact, the province has committed to boosting the number of STEM graduates per year to 50,000 over the next five years, with a special focus on artificial intelligence (AI). Many cybersecurity companies are using AI algorithms to help prepare professionals for cyber-attacks and safeguarding the enterprise.
Ontario is taking action to protect its cyber systems and financial institutions from digital attacks through a one-year $4-million pilot project.
Under the pilot project, financial institutions will be linked with Ontario start-ups and SMEs to develop and facilitate the adoption of technological solutions. The pilot project will build on the momentum of Ontario’s existing cybersecurity strength and support the development and adoption of leading cybersecurity technologies in the financial sector.
“The project will also support the creation of high-tech jobs and a specialized talent pool in cybersecurity to allow the province to develop the next generation of highly skilled talent to address the needs of a digital economy,” said Dauphinee.
Ontario also is a hub of leading-edge risk management thinking, applied research, education and training through the Global Risk Institute in Financial Services, a collaboration of regulators, risk experts, academics, policy makers and practitioners.
Global financial leaders have recognized the competitive advantages they can gain by relocating or expanding their operations in Ontario, including access to major cities in the U.S. With the implementation of CETA, Ontario has free trade agreements with more than 50 countries, including every G7 country.
Based on venture capital dollars invested in cybersecurity, Canada ranks fourth in the world, with Ontario leading the country as a major global hub of cybersecurity innovation after only the U.S., Israel and the U.K. Ontario alone has more than $250 million in venture capital funding for its cybersecurity small-medium sized enterprises between 2011 and 2015. According to a Deloitte report done in cooperation with the TFSA, cybersecurity spending in Canada exceeded $2 billion in 2016.
CYBER INNOVATION CENTER IS A NATIONAL LEADER IN LOUISIANA
Over the past decade, Louisiana’s traditional oil and gas, agribusiness, and chemical industry has pivoted to a technology-driven, knowledge-based economy with a top-notch cybersecurity ecosystem. Its fast-growing software and IT sector includes high profile companies such as EA, CenturyLink, IBM, CGI, GE Digital and CSRA.
The $107 million Cyber Innovation Center (CIC) has played a critical role in helping Louisiana establish a fully integrated national hub for cybersecurity. CIC is a business technology accelerator and anchor of the 3,000-acre National Cyber Research Park (NCRP) in Shreveport-Bossier City.
The initial investment by the parish and the state established the CIC as the anchor of the NCRP and commissioned as a catalyst for the development and expansion of a knowledge-based workforce that can support the growing needs of government, industry and academia regionally within the state.
The CIC and its partners changed the landscape by developing a skilled pipeline tailored to multiple levels of learner. This multi-faceted approach has yielded a sustainable pool of talent that is entering the cyber-workforce.
“Our academic outreach program was one of the first projects we put together,” said Craig Spohn, Executive Director of CIC. “We needed to solve the question around what workforce was going fill the new cyber demands in Louisiana. Now, we can proudly say we have produced an organically grown, sustainable, systemic workforce in the state and around the country that will continue to regenerate itself.”
CIC has attracted such tenants as Lockheed Martin, Boeing and Northrop Grumman as well as Fortune 500 CSRA’s 800-job Integrated Technology Center (ITC). With CenturyLink’s Fortune 500 headquarters in Monroe, the research park anchors the I-20 Cyber Corridor.
CSRA, a $5 billion company with over 18,000 employees across the globe, has partnered with Louisiana to create 800 professional technology careers by 2018. As a trusted partner to the federal government, CSRA envisioned a state-of-the-art IT facility designed exclusively to help solve the federal government’s most difficult technology challenges and combat the continual threat of cyber terrorism.
“This facility is a key differentiator for CSRA and helps position us as forward-thinkers and trendsetters in the federal IT industry,” said Larry Prior, CSRA President and CEO. CSRA evaluated over 130 locations across the country before choosing Northwest Louisiana as the location for its new tech center.
“With a set of higher education partners able to provide high-quality technical education, a large technical workforce within 200 miles and an attractive set of state incentives, all geared at mutual success, the Shreveport-Bossier City region has been an ideal location for CSRA and the ITC,” said Mimi Hedgcock, Senior Principal, External Affairs, ITC, CSRA.
Nearby Barksdale Air Force Base and its Global Strike Command serve as an ideal workforce pipeline for CSRA and its federal government customers.
“CSRA aligns with the mission and development at CIC’s National Cyber Research Park, providing a synergy to attract businesses and talent focused on high-tech innovation and research, allowing government, industry and academia to collaborate, innovate and develop state-of-the-art technology,” said Hedgcock.
Much of Louisiana’s high-tech action takes place along the “I-20 Cyber Corridor” providing access to a high caliber of students from local higher education institutions such as Louisiana Tech University, which created the first four-year degree in Cyber Engineering in the nation.
The state also has invested more than $68 million directly in higher education technology initiatives.
“The goal is to rapidly increase the number of college graduates in computer science, cyber engineering, electrical engineering and related STEM curricula,” said Don Pierson, Secretary of Louisiana Economic Development (LED).
LSU’s Transformational Technologies & Cyber Research Center (TTCRC) at the LSU Innovation Park in Baton Rouge has attracted over $3 million in cybersecurity-related applied research funding this year, to go with a backlog of more than $8 million in cybersecurity research.
The center, which is housed within the university’s wholly owned nonprofit research and development enterprise, the Stephenson Technologies Corp., is undertaking landmark research in the petrochemical, medical and maritime sectors to protect vital industries from cyber threats.
Stephenson Technologies Corp. President Jeff Moulton, who oversees the TTCRC, has been named by Governor John Bel Edwards to a newly created Louisiana Cybersecurity Commission that has each of these threats and solutions on its radar.
“LSU is the flagship university of the state,” said Moulton. “We harness the research capability, employ and train interns, hire the top graduates, and leverage LSU’s intellectual property. We have transformed multiple LSU research facilities and built cyber ‘living labs’ to serve our customers.”
Current research ranges from missile defense security, to protecting the electric grid from cyberattacks, to comprehensive visualization software for protecting U.S. borders and the ring of Caribbean Sea nations.
Radiance Technologies, Inc., a Huntsville-based cybersecurity company has opened an applied research office co-located with TTCRC. In addition to Radiance, LSU/TTCRS has been approached by at least half-a-dozen companies about locating on/near campus to work closely with TTCRC.
“I fully anticipate a couple of these becoming site selection projects (of the LED flavor), attracted by the work we’re doing and the way we’re doing it, and catalyzed by LED’s incentives,” said Greg Trahan, Director of Economic Development, Office of Research & Economic Development Program Manager at TTCRC. “The companies have ranged from small firms with powerful specific capability to large firms looking to put a domain-focused R&D center here. We’re doing great work on projects that matter, and that’s drawing some attention.”
CYBERSECURITY IS BOOMING IN VA
Cybersecurity is booming in Virginia. The state is home to the most cybersecurity companies per capita in the nation and 22 percent of Virginia’s workforce is employed in high-tech industries. This is the highest concentration of any of the 50 states and is only exceeded by the District of Columbia’s 26 percent concentration.
Virginia IT companies, from startups to large systems integrators, are leaders in the development of cybersecurity solutions for industry and government. The industry has a direct output of $41.5 billion and supports an additional output of $33.8 billion.
With the constant advancement of IT infrastructure security, Virginia-based companies are at the forefront of technologies such as cryptography, forensics, intrusion detection and firewall devices.
“Virginia’s cybersecurity ecosystem is built upon its central position in the nation’s security and communication infrastructure,” said Stephen Moret, President and CEO of Virginia Economic Development Partnership (VEDP).
Virginia is part of the nation’s Cyber Capital, the Washington D.C. region. As the hub of leading-edge intelligence technology, the region serves as a fertile ground for the growing cybersecurity industry. 37 of the Washington Technology Top 100 federal contracting companies are headquartered in Virginia and 36 Virginia companies appear on the Cybersecurity 500 list, a list by Cybersecurity Ventures of the world’s hottest and most innovative cybersecurity companies.
In September 2017, Thomson Reuters announced it is locating its internal cybersecurity operations center in downtown Richmond, creating up to 60 jobs in highly specialized roles. Thomson Reuters is the world’s leading source of news and information for professional markets.
The company will occupy about 10,000 square feet at Riverfont Plaza and plans to employ up to 60 people by the end of 2018.
In a press statement, Tim McKnight, chief information security officer for Thomson Reuters, said the new “cyber fusion” center would be an important element of the company’s enhanced information security program.
“Establishing a presence in Richmond provides us excellent access to talent and cyber-related resources from the nearby academic, research and military communities,” said McKnight. “We look forward to being a good corporate citizen in the Richmond community.”
Besides its labor force, Richmond’s low operational cost factored into Reuter’s decision, according to the Greater Richmond Partnership. “We had the exact real estate that Thomson Reuters was looking for with an ideal talent pipeline so the project moved very quickly,” said Barry Matherly, president and CEO of the Partnership. “We hope to be able to attract more of the company’s operations in the future.”
In June 2016, Frontier Secure announced it is creating a cybersecurity customer care center in Wise County, creating 500 new jobs. Frontier Secure is a division of Frontier Communications Corporation, a leader in providing communications services to urban, suburban and rural communities in 29 states.
“Wise County offers the talent we depend on to drive our 100 percent U.S.-based operations, and we are proud to play a role in supporting economic growth in Southwest Virginia,” said Kelly Morgan, Senior Vice President & General Manager of Frontier Secure. “This expansion will provide us the additional capacity that we need to service our growing strategic partnership business.”
A partnership of state officials, higher education institutions and private-sector companies are now working on accelerator programs to advance the cybersecurity industry and train Virginia’s workforce for cyber opportunities.
“Our priority is to grow this industry in every region of the Commonwealth, with a particular focus on identifying cyber opportunities in more rural regions of the state,” said Moret. “Our main priority is STEM education starting at K-12 level, higher education programs to train the cyber workforce of the future and accelerator programs.”
The University of Virginia’s College at Wise in Southwest Virginia has partnered with Southwest Virginia Community College and Mountain Empire Community College in the Southwest Virginia Regional Cybersecurity Initiative.
“The College’s software engineering program, the only undergraduate software engineering program in Virginia, will accommodate the growing cybersecurity industry,” said Moret. “UVa-Wise will also expand its computer science and software engineering programs to include more faculty with cybersecurity expertise, and expand coursework in information security.”
In 2017, Marymount University, Virginia Tech, Liberty University and New River Community College were all hosts for GenCyber; a weeklong summer camp which teaches middle and high school students basic cybersecurity skills and encourages interest in cybersecurity careers.
Through Virginia’s Cyber Veterans Initiative, men and women who have served gain access to training, apprenticeship and job opportunities in the cybersecurity field.
“Because of Virginia’s significant military presence, thousands of veterans leave the military and remain in Virginia each year, contributing to a robust workforce,” said Moret.
Business accelerators include the Virginia Cyber Security Commission, Center for Innovative Technology (CIT), Northern Virginia Technology Council (NVTC) and the MACH37™ Cybersecurity Accelerator, an intense 90-day program in which select startups are mentored by cybersecurity entrepreneurs and receive a $50K investment to develop, test and pitch their ideas to security market investors. Since 2013, the MACH37 Cyber Accelerator at the Center for Innovative Technology has launched 40 cybersecurity companies.
MARYLAND: FEDERAL SECURITY HUB
Maryland has emerged as a leading cybersecurity location in recent years. It is home to renowned research centers, as well as business incubators and startup studios that provide expertise, space and capital to entrepreneurs. It’s also close to many of the federal government’s top agencies that play critical roles in protecting the nation’s physical and digital infrastructure—the National Security Agency, U.S. Cyber Command and CECOM, among others.
“Entrepreneurs coming out of those agencies adapt technology developed in federal agencies and bring that technology to the commercial market here in Maryland,” said Ken McCreedy, senior director for cybersecurity and aerospace at the Maryland Department of Commerce.
The state boasts more doctoral scientists and engineers than anywhere in the nation, as well as an industry-related workforce more than 115,000 strong. Its higher-ed institutions include 16 National Centers of Academic Excellence in Cyber, designated by the NSA and Department of Homeland Security.
Maryland also offers tax credits and other incentive programs to help cyber companies grow and thrive such as the Cybersecurity Investment Incentive Tax Credit, the Employer Security Clearances Costs Tax Credit and the TEDCO Seed Investment Funds. “In short, Maryland’s network of talent, technology and research—coupled with an established industry base and a culture of entrepreneurship—make our state a cybersecurity powerhouse,” said McCreedy.
Leveraging the military and federal cyber-related agencies in the state, Maryland launched the first statewide cybersecurity initiative. Partnering with the National Institute of Standards and Technology (NIST), the state also established the National Cyber Center of Excellence in Rockville to work with business to identify best practices across all critical sectors.
The Maryland Cybersecurity Council, created by Gov. Larry Hogan and authorized by the Maryland General Assembly in May 2015, works with NIST and other federal agencies to improve cybersecurity standards in MD.
“The council is reviewing laws and policies to ensure that Maryland is preparing the state and its businesses against cyber attacks,” said McCreedy. “Governor Hogan has made securing our data a priority of his administration, tasking his Office of Homeland Security with developing a comprehensive strategy.”
Maryland is now home to more than 30 business incubators and accelerators working to promote tech and cybersecurity growth in the state. These include Accelerate Baltimore, an initiative of the ETC (Emerging Technology Centers), which provides seed capital, resources, mentors, potential partners and a collaborative community to entrepreneurs; [email protected] Cyber Incubator, which offers business and technical support to startup and early-stage cyber and IT companies; and DataTribe, supporting emerging companies with capital as well as in-kind services such as legal, financial, product management and marketing assistance.
Cyber companies located in Maryland have seen success and significant growth. For example, Tenable, located in Columbia, is one of the nation’s fastest-growing cybersecurity software companies. The company is planning a major expansion at its new corporate headquarters and will add hundreds of full-time employees over the next few years.
“We see this growth in companies across our state, and we anticipate the trend to continue,” said McCreedy.
Bandura Systems, also headquartered in Columbia, recently closed on $3.5 million in seed funding from Blu Venture Investors, Gula Tech Adventures, and TEDCO. The company plans to increase sales and development of its Threat Intelligence Gateway product.
BlueVoyant recently announced plans to establish a Global Cyber Analytics Center at the University of Maryland, College Park. The company will employ 25 highly-skilled analysts and data scientists, with plans to add even more team members over the next few months.
And ZeroFOX, founded in Baltimore in 2013, secured $40 million in venture capital funding in 2017. The company now employs more than 100 people.
With cyber threats escalating every day, there is increasing demand for talented workers with up-to-date skills across the state. In addition, the federal government’s need for cyber workers has accelerated as agencies like the National Security Agency (NSA) and the U.S. Cyber Command at Fort George G. Meade continue to grow.
“Defense contractors supporting the federal government’s cyber agencies face similar challenges,” said McCreedy. “On the commercial side, there is high demand for cyber warriors, given Maryland’s success in attracting new business to the state, in supporting entrepreneurs creating companies here and in helping existing cyber companies grow and thrive in our state.”
As a result, Maryland’s colleges and universities have ramped up their cybersecurity-related curriculum and training to fuel the workforce pipeline.
The University of Maryland College Park (UMCP) recently received a $5 million grant from the National Science Foundation’s CyberCorps Scholarship for Service program, to fund scholarships for students in the university’s Advanced Cybersecurity Experience for Students (ACES) program. Launched with support from the Northrop Grumman Foundation, ACES was the first undergraduate honors program in cybersecurity in the U.S.
U.S. News & World Report ranks the University of Maryland Baltimore County (UMBC) fifth in the nation in innovation. Led by Freeman Hrabowski, Ph.D., one of Time Magazine’s 10 best college presidents, UMBC is the home of the Center for Information Security and Assurance.
Maryland also continues to train cyber workers in non-traditional settings such as internships and apprenticeships.
“As the required skill levels have also increased in the wake of a more sophisticated threat, additional resources such as the Baltimore Cyber Range and other training operations have provided a variety of options for those seeking to qualify for cyber jobs as well as those wishing to update their skills,” said McCreedy.
In addition, trade missions and outreach to international companies have showcased Maryland’s cyber capabilities to the world. A trade mission to Israel brought about a partnership between Baltimore-based ETA and Israel-based Cyberbit to form the Baltimore Cyber Range, as well as the decision of ELTA North America to establish its cyber footprint in Maryland. During a trade mission to the United Kingdom, Maryland Commerce signed an MOU to strengthen the relationship between the state and the U.K.’s premier cyber cluster, the Midlands region.
FLORIDA BUILDS ON HIGH-TECH HISTORY
Florida has remained at the forefront of IT innovation since the birth of the IBM PC in Boca Raton. Today, the Sunshine State boasts the nation’s third largest tech industry. The state’s IT strengths are wide ranging—from software to photonics to modeling, simulation and training.
The state quickly IS becoming a leader for companies that have a focus on cybersecurity, including ThreatAdvice, Gartner, Citigroup, DTCC, Reliaquest and KnowBe4.
In December 2017, ThreatAdvice, opened their office in the UCF Business Incubation Center office in Central Florida Research Park. The company plans to add 20-25 employees.
“The biggest reason we came here was the access to talent,” David Brasfield, CEO of ThreatAdvice, told the Orlando Business Journal. “The computer science and research programs at UCF are among the largest in the Southeast, and we wanted to get closer to that talent.
Last spring, Gartner, Inc., a global information technology research and advisory company, announced it would expand in Lee County and create 600 jobs. The company also will invest more than $21 million in the local community. Gartner currently employs more than 1,250 Floridians.
Gartner began its Fort Myers operation nearly two decades ago. Since then, it has grown to become the company’s second-largest office worldwide. Gartner’s latest commitment to Florida follows the successful construction of two successive 120,000 square foot buildings in Fort Myers in 2012 and 2014, and the development of a new world class training facility in 2016 which totaled more than $46 million in capital investment.
“We appreciate the hard work of Enterprise Florida and the incentives approved by the State of Florida and Lee County,” said Gene Hall, chief executive officer of Gartner. “These efforts will help us continue to invest in the local community and support our long-term growth. We look forward to adding new talent to our existing workforce in Southwest Florida.”
Citigroup’s anti-money laundering program is one of the best in the nation and their hub is in Tampa. They have partnered with the University of South Florida (USF) to create a training program for USF students in the field.
“We started a very unique program in cybersecurity that is truly interdisciplinary,” said Moez Limayem, the Dean of the Moma College of Business at USF. “Engineering is teaming up with business, teaming up with psychology, teaming up with criminology to make one of the best programs in cybersecurity.”
Currently, there are more than 300,000 cybersecurity positions open nationwide, and over 12,000 in Florida. Finding the talent to fill those positions is a challenge the state is addressing through programs at universities and colleges.
A recent report by the Florida Center for Cybersecurity (FC2), “The State of Cybersecurity in Florida,” found that the state is well positioned to develop a strong workforce, with nearly 100 cybersecurity certificate and degree programs offered by institutions of higher education across the state.
FC2 was established in 2014 to position Florida as a national leader in cybersecurity through education, innovative research and community outreach. Housed at USF, the Center is a statewide agency that works with all State University System (SUS) of Florida institutions, industry, the military, government and the community to build Florida’s cybersecurity workforce.
“Our mission is to make Florida the national leader in cybersecurity,” said Sri Sridharan, Director of FC2. “We want to build the workforce and show there is so much talent in Florida that businesses will want to come here because of the skillsets available.”
With a strong cyber workforce graduating from the University of West Florida (UWF) and increase in funding from the Homeland Security Department (DHS) and National Security Agency (NSA), the Pensacola area is becoming a hotbed for cyber innovation.
UWF’s Center for Cybersecurity was designated by the National Security Agency (NSA) and Homeland Security Department (DHS) as a National Center of Academic Excellence in Cyber Defense Education. The Center provides leadership to advance cyber defense education among colleges and universities in Alabama, Florida, Georgia, Mississippi, Puerto Rico and South Carolina.
Florida’s Agency for State Technology (AST) has partnered with UWF to develop a curriculum that will deliver training on an ongoing basis, allowing for multiple sessions per year.
“Universities are the essential pipeline into state government, for all personnel talent, but provide even greater utility to the cyber workforce due to the highly specialized nature of the discipline,” said Thomas Vaughn, Chief Information Security Officer for AST.
The UWF Center for Cybersecurity propels innovative cybersecurity solutions and advances workforce readiness through education, training, partnerships and outreach; that outreach ranges from K-12 students to cybersecurity professionals.
“The partnership with UWF not only provides high quality training opportunities for state employees, but also offers exposure for UWF faculty and students to potential employment with the State of Florida,” said Vaughn.
Florida also is home to the Abanacle Cybersecurity Incubator, the second cybersecurity-focused incubator in the U.S. and the fourth cybersecurity incubator in the world.
Abanacle has partnered with Nova Southeastern University (NSU) in Davie, Florida to operate the incubator ([email protected]) which is focused exclusively on cybersecurity companies and technologies. To complement the incubator, Abanacle and NSU will commercialize research at the university level and provide specialized training in cybersecurity.
[email protected] will assist startup companies in cybersecurity with developing and running their business, providing mentorship for each company and delivering a number of business resources that give companies the tools necessary to become successful.
MICHIGAN: THE FUTURE OF CYBERSECURITY
Michigan is forging the future in automotive, defense and advanced manufacturing cybersecurity. It’s home to the first school district in the nation to create a cybersecurity program and the largest concentration of electrical, mechanical and industrial engineers in the nation.
Michigan’s Cybersecurity Initiative, the world’s first comprehensive state-level approach to cyber, is improving the state’s defenses while fostering rapidly growing cyber talent and business environments.
Initiatives include the Michigan Cyber Range, which is training members across the community in cybersecurity response skills; the Michigan Cyber Command Center (MC3), which is enhancing coordination between the state’s fusion and the State Emergency Operations Centers; and the Michigan Cyber Disruption Response Plan development, which will help government, industry and community organizations respond to malicious cyber activity.
“Michigan has set a standard for states in creating a center of excellence in cybersecurity management,” said Sarah Tennant, Strategic Advisor of Cyber Initiatives at the Michigan Economic Development Corporation (MEDC). “We are also the first state to create a chief security officer over both cyber and physical protection.”
The Cyber Range provides an unclassified, private environment to teach, test and train individuals and companies for real-world situations. By providing classes, exercises and virtual infrastructure, it gives companies an affordable and flexible way to prepare for cybersecurity challenges of all types.
Recently, they’ve added two new Cyber Range Hubs at Pinckney Community High School and Wayne State University to their lineup. The hubs are centers for the cyber ecosystem within their communities, providing certification courses in over 20 cybersecurity disciplines.
Courseware is available at places like The Velocity Center, a first-of-its-kind cyber hub in the state. The Center holds classes and events to train the local workforce in cybersecurity techniques and skills.
Currently, there are more than 140,000 people working in the IT and cybersecurity industry in Michigan, more than half of whom are in metro Detroit. “Thriving businesses in the defense, mobility, automotive and IT industries offer ample opportunities for cybersecurity firms to succeed in Michigan,” said Tennant.
Ann Arbor-based Duo Security recently expanded to a central downtown location. Duo, which recently closed a round of fundraising worth $70 million at a valuation of $1.17 billion, provides advanced security solutions for organizations of all sizes, supplying companies with so-called access management tech, which includes two-factor authentication and single-sign on services.
“Duo plans to add to its incredible team of talented employees, thanks to a series C funding to address the emerging security challenges faced by organizations everywhere who struggle to secure their users against breaches in a modern IT environment,” said Tennant. “Duo was recently called out by Facebook’s Chief Security Officer Alex Stamos as his favorite tool made by an information security company.”
Michigan has been seeing a steady influx of companies that are looking to provide cybersecurity resources to industries that have not traditionally been considered tech companies, and there has also been a reinvestment in Michigan from traditional industries.
For example, General Motors will invest $1 billion in its Warren Technical Center and add about 2,600 jobs over the next four years. The new jobs will be spread among vehicle engineering, information technology and design.
GM will break ground in mid-2018 on a new studio building that will surround the iconic Design Dome Auditorium and viewing patio and connect to the existing Design Center. The 360,000-square-foot expansion is the final stage of a multiyear investment in GM’s Tech Center, a National Historic Landmark site.
“We can only begin to predict how mobility will change in future generations,” said Michael Simcoe, vice president of Global Design. “Investing in our creative and skilled team and providing them with inspiring, modern spaces, new technologies and more ways to work together will foster innovation that leads to real solutions for customers.”
Michigan is now staking its claim as the epicenter for mobility and autonomous vehicle technology and testing.
In December 2017, Visteon Corp. and Toyota Motor North America were the first to run tests at the American Center for Mobility (ACM), a federally designated testing facility established for both automakers and suppliers to perform self-certification on connected and automated technologies, as well as cybersecurity work on vehicles.
“We are excited to be open for testing and to have our founders already leveraging the assets of this facility,” said John Maddox, ACM’s president and CEO. “We have been moving rapidly, and along with good input from our founders, a great deal of work has gone into developing this site. Opening our doors is just the beginning as we continue to develop the American Center for Mobility into a global hub for CAV and future mobility technologies to put self-driving cars on America’s roads safely.”
The 600-acre driverless car proving ground sits on the site of the bomber plant Henry Ford built during World War II that came to symbolize the “Arsenal of Democracy.” The center has received investments from Ford Motor Co., Hyundai and AT&T. It includes a 2.5-mile highway loop, a 700-foot curved tunnel, two double overpasses, intersections and roundabouts.
Now in its sixth year, Michigan’s SAE Battelle CyberAuto Challenge™ is a groundbreaking event in automotive cybersecurity that takes place at Macomb Community College in Warren, the heart of the automotive industry.
The five-day workshop gathers automotive engineers, government engineers, ethical “white hat” hackers and students to work on cars in use today. Among other things, the hackathon aims to foster the skills that the automotive industry will need moving forward, by developing young automotive cybersecurity talent and keeping core automotive engineers connected to the cybersecurity community.
Defense is another leading industry that intersects with cybersecurity. Michigan’s defense assets include Selfridge Air National Guard Base and the 100th Airlift Wing in Battle Creek. The state, in conjunction with the Michigan National Guard, has established cyber range extension sites at nearly all bases throughout Michigan.
These ranges allow National Guard professionals to train in cybersecurity disciplines and host unclassified cyber exercises with inter-agency and private partners. Currently, the Michigan Army Guard has roughly 600 Michigan and Top Secret computer specialty positions from the Michigan Army Cyber Protection Team and Air National Guard Cyber Squadron. “These soldiers are a valuable asset to Michigan’s cyber industry and can help fill the demand for cybersecurity talent,” said Tennant. “One of the biggest challenges for everyone is the cybersecurity skills gap. We are looking to fill thousands of positions that we didn’t know would even exist 10 years ago.”
SAN ANTONIO, TX: CYBER CITY USA
Home to one of the top hubs for cybersecurity in the nation, Texas already is positioned to tap into the exponentially expanding national market for cyber defenses. San Antonio’s military presence has created a critical mass of cybersecurity operations in the area. Dubbed “Cyber City USA,“ San Antonio is now home to more than forty cybersecurity headquarters and the nation’s second-largest concentration of cybersecurity experts—with more than 1,000 employed by the U.S. Air Force within the Port San Antonio campus.
San Antonio’s cyber strengths are further amplified by the 24th Air Force, located at Joint Base San Antonio—Lackland, the operational warfighting organization that establishes, operates, maintains and defends Air Force networks; NSA Texas, which conducts worldwide signals intelligence, cyberspace operations and information assurance operations at a former Sony chip fabrication plant that’s now a sprawling intelligence center; and the Center for Infrastructure Assurance and Security, a cybersecurity center at the University of Texas at San Antonio.
Already a major hub for digital startups, Texas also is emerging as a go-to location for cybersecurity startups thanks to its robust infrastructure, network of industry partners and access to venture capital. The Consumer Technology Association (CTA) recognized Texas as top state for championing innovation-friendly policies, encouraging entrepreneurial activity and attracting investment.
Infocyte, Inc., which develops proactive cybersecurity solutions focused on breach discovery and malware hunting, has seen significant growth since opening in San Antonio in 2014. In 2017, the company doubled in size to 25 employees, and in 2018 it raised $5.2 million in its Series B Venture Capital round, bringing the total investment raised to $8.6 million.
According to Infocyte co-founder Chris Gerritz, the concentration of cybersecurity talent in San Antonio due to the presence of Air Force Cyber, NSA Texas and the hundreds of companies supporting those missions make San Antonio very unique.
“We have an incredible talent pipeline here in SATX which ensures we can be on top of the latest cyber threats,” said Gerritz. “We are able to recruit top-tier talent easier and for 30 percent less than what our peers/competition are paying in Silicon Valley or D.C. (mostly due to the cost of living difference and competition over the smaller pool of candidates).”
Infocyte has developed a software as a service platform, Infocyte HUNT, to enable any security professional to assess an organization for possible security breaches, unauthorized access and malicious software (malware).
In June 2017, Duo Security, one of the fastest-growing cybersecurity firms in the world, doubled its Austin footprint with a move to Austin’s historic Bosche-Hogg building. The Michigan-based firm counts Facebook, NASA, Toyota, Twitter and Virginia Tech among its clients.
Forcepoint LLC (formerly Websense), a leading global cybersecurity firm, relocated its headquarters from San Diego, California, to Austin, TX, in 2014, creating 445 new jobs and investing over $9.9 million. For the project, the company received a $4.5 million grant from the Texas Enterprise Fund (TEF)—Texas’ deal-closing incentive fund, awarded through the Office of the Governor.
In 2016, San Antonio technology companies raised $600,000 to create an incubator program, Build Sec Foundry, to mentor young cybersecurity companies with management advice and help in finding funding. The effort is a public-private partnership born out of CyberSecurity San Antonio, an industry-driven program sponsored by the San Antonio Chamber of Commerce and local cybersecurity businesses.
In January 2018, Governor Greg Abbott announced a new training program, in partnership with the SANS Institute, designed to encourage young women to become involved in the field of cybersecurity. And in August 2017, the Governor’s Office approved almost $500,000 in federal grant funding to provide intensive networking and information security training and job placement support for individuals in the Lower Rio Grande Valley.
In addition, more than 25 Texas universities offer cybersecurity certificate or degree programs including Texas A&M’s Cybersecurity Center; the University of Texas at San Antonio’s cybersecurity program; and the University of Texas at Dallas Cyber Security Research and Education Institute.
UTAH DATA CENTER: CYBER HUB FOR U.S INTELLIGENCE
The Utah Data Center, also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, is a data storage facility for the National Security Agency that is designed to store data estimated to be on the order of exabytes or larger. Its purpose is to support the Comprehensive National Cybersecurity Initiative (CNCI). The NSA leads operations at the facility as the executive agent for the Director of National Intelligence. The Utah Data Center is located at Camp Williams near Bluffdale, UT between Utah Lake and Great Salt Lake and was completed in May 2014 at a cost of $1.5 billion.
Brigham Young University and Utah Valley University are the only two schools in the state with on-ground baccalaureate and graduate degrees in cybersecurity. However, you can earn a certificate, complete an online degree and/or connect to high-level research at a handful of other Utah schools. Here’s a roundup of who’s doing what:
BYU is recognized by the National Security Agency and the Department of Homeland Security as a Center of Academic Excellence in Cyber Defense Education. The reason for that accolade is its Cybersecurity & Systems Research Laboratory. The lab’s recent research efforts include using drones to map wireless networks, predicting system and network failures via log files for a project called SEAHORSE and creating a classification system for attacks against physical infrastructure, such as power plants.
After a second-place finish in 2016, the BYU cyber defense team took third place at the 2017 National Collegiate Cyber Defense Competition in San Antonio. Such students remain active on campus too. The BYU Cyber Security Students Academic Association, known as ITSec, meets twice a month to listen to guest experts, runs a yearlong Capture the Flag competition and hosts an annual student-led cybersecurity conference.
Utah Valley University established the Center for National Security Studies, which has begun embracing cyber issues. The Center boasts a lively event calendar and has recently sponsored panel discussions on privacy and protection in the digital age as well as Russia’s use of cyber warfare.
UVU also has positioned itself to recruit new cybersecurity junkies. In 2015, it created the annual Math, Cryptography and Cyber Security Conference and invited every high schooler in the state to come take workshops and learn code-making basics from UVU faculty.
University of Utah doesn’t have a cybersecurity degree program, but postgraduates can forge a research career under faculty at the School of Computing. Active professors include Matt Might, who won a $3 million Department of Defense grant in 2015 to develop software that alerts programmers to vulnerabilities in their code. That same year, his colleagues, Eric Eide and John Regehr claimed $500K from the National Science Foundation to create Xsmith, which finds software defects in programming language compilers and interpreters.
Southern Utah University’s Computer Science and Information Systems Department, which runs an online master’s plus an on-ground associate degree in cybersecurity.