How To Build A Cybersecurity Company

Transcription

1 A Service Disabled Veteran Owned Small Business Maryland 2014 The Cybersecurity Industry Window of Opportunity John M. Leitch President & CEO Winquest Engineering Corporation V1.3 1

2 Agenda Industry Windows of Opportunity Industry Comparison & Conclusion Winquest Engineering Introduction Business Challenges Lessons Learned Open Forum 2

3 Detroit in the Early 1900s The Automotive Industry Window of Opportunity - Many large players; Olds, Ford, Dodge, Chrysler, Cadillac, etc. - Large network of parts supply companies - A product in early development (about 20 years old ) - Close to resources (iron ore, copper, coal, etc.) - No corporate taxes until 1909 & no incentives - Very little education support available, or needed - Culture of competition 3

4 Silicon Valley in the 1980s-90s The Minicomputer Industry Window of Opportunity - Many large players; HP, Intel, Apple, Sun Microsystems, Silicon Graphics, etc. - Large network of electronics supply companies - A product in early development (About 20 years old ) - Close to resources (knowledge & funding) - No specific tax incentives for R&D - Extensive community college and state university system to support high technology industry - Culture of cooperation and collaboration 4

5 Maryland in 2014 The Cybersecurity Industry Window of Opportunity? - Many large players; NSA, U.S. Cyber Command, NIST, DISA, Lockheed Martin, Northrup Grumman, General Dynamics, SAIC - Developing network of cybersecurity companies - A product in early development (About 21 years 1993) - Close to resources (knowledge & funding) - Specific cybersecurity tax incentives - Extensive community college and state university system to support high technology industry - Culture of cooperation and collaboration? 5

6 Specific Maryland Advantages - Unique cluster of federal and commercial cybersecurity organizations - State support: - 27 business incubators, two of which are cyber-centric - Several funding & loan programs - Cybersecurity Investment tax credit - Several other tax credits relating to security clearances - Strong computer science educational support including: - AACC - UMUC - UMBC - University of Maryland - USNA - Many others - Increasing government cybersecurity funding 6

7 Industry Comparison Industry Center of Mass Detroit 1900s Silicon Valley 1980s-90s Maryland 2014 Key Players Support Industries Young Industry Resources Tax Incentives Education Support Collaborative Culture Total Yes Answers Y Y Y Y N N N 4 Y Y Y Y N Y Y 6 Y+ Y Y Y Y Y? 6+ Conclusions: 1. Maryland 2014 has all the ingredients to become the Cybersecurity Industry Window of Opportunity 2. Adding the right amounts of talent, capital and entrepreneurial spirit to these ingredients can replicate the formula around which entire industries have been born 7

8 Winquest Introduction Winquest Engineering Corporation (Winquest) provides U.S. Government and Commercial clients with Cybersecurity Services, Intelligence Analysis, Program Management and Engineering Services Winquest s cybersecurity services mission is to provide expertise to our clients to help them protect their critical IT infrastructure, intellectual property and reputation against a dynamic and increasingly sophisticated threat Winquest s Cybersecurity Services Group (CSG) was founded in 2012 to provide expertise to our clients to help protect their critical IT infrastructure, intellectual property and reputation against a dynamic and increasingly sophisticated threat 8

9 CSG Services & Personnel Winquest is focusing our government cybersecurity expertise on the commercial sector due to increasing threats The CSG provides a variety of cybersecurity services including: Consulting Network Recons Vulnerability Assessments Penetration Testing Regulatory Compliance Audits Mobile Device Protection and Forensics Computer Forensics Red Teaming The average CSG engineer has 15+ years of experience and several certifications to include; CISSP, CEH, GAWN, GCIH, GCIA and/or GPEN CISSP = Certified Information Systems Security Professional, CEH = Certified Ethical Hacker GAWN = GIAC Auditing Wireless Networks, GCIH = GIAC Incident Handler Certification GCIA = GIAC Certified Intrusion Analyst, GPEN = GIAC Penetration Tester 9

10 Business Challenges Determining what you re going to do (Software, Hardware, Services or Combination) Funding Amount needed largely depends on what you re going to do Retaining ownership Finding qualified personnel (Developers, Assessors & Penetration Testers, Business Developers, etc.) Finding Professional Liability and E&O insurance Finding customers (Target a sector and plan for time to develop trust) Educating your customer base Developing and executing repeatable processes 10

11 Relevant Founder s experience was/is important 1990s Army Computer Network Operations and DoD policy experience Prior business experience with start-up companies including a 1999 company providing computer security services (which was too early to the marketplace) Strong Navy Cryptology & Security experience Trust amongst our core founder group was/is essential Our personal and professional networks needed to grow quickly Outsourcing was right for us (accounting, payroll service, assistant FSO) We established banking relationships early and applied for a LOC ASAP Most things haven t happened as fast as we wanted them to Partnering will be key to our (and our partners) rapid growth Lessons Learned Keep overhead costs low (We will remain a virtual office as long as practical) 11

12 The Winquest Advantage Experience Our professionals have decades of computer security experience, conducting hundreds of assessment and penetration tests for government and commercial clients and finding vulnerabilities 100% of the time Trust Our professionals offer security clearances and professional certifications Over-the-Horizon Early Warning Our professional s work in different sectors enables them to cross-level knowledge and predict some attacks before they happen An Unbiased Opinion Winquest does not sell software or hardware products enabling us to give you a neutral assessment of your network s strengths and weaknesses and an unbiased mitigation strategy 12

13 Why? Our personnel have a strong service ethic dedicated to protecting our nation s way of life and Our nation is facing a new and unprecedented threat 13

14 Net Recon Service The Net Recon service is a no risk, lower cost capability to improve and maintain your network security against an ever-increasing cybercriminal threat at a fraction of the cost of staffing your own in-house Cybersecurity Team. Net Recon subscribers receive the following benefits; A complimentary on-site abbreviated vulnerability assessment to determine if vulnerabilities exist on your network and specific recommendations on how to fix the ten most dangerous ones A 20% discount on remediation services to help you remove vulnerabilities Four hours per month of consulting services via Winquest certified cybersecurity professionals Annual follow-on abbreviated vulnerability assessments to measure progress and discover new vulnerabilities Optional services can be added: More frequent full vulnerability assessments/penetration tests (quarterly/bi-annual) On-site employee cybersecurity awareness training Additional hours of consulting services A 30% discount on Computer Incident Response Team deployment in case of cyber attack Other customized services upon request including Mobile Device Management (MDM) services The monthly subscription cost will be determined by any optional services and the size and complexity of the client network (Point of Sales devices may add additional cost). 14

15 Contact Info Winquest Engineering Corporation Cybersecurity Services Group (CSG) or via mobile