By Barbara Bix
Barbara Bix helps business leaders uncover, crystallize, and
exploit opportunities to gain the competitive edge. Twitter: @enteropportunity
The second part of the conference featured several sessions
that offered a window into what local security companies are doing and why
they’ve been successful. Massachusetts
now ranks third globally as home to the most innovative cyber security
security industry include deep roots planted by companies such as Raytheon and
RSA Security, a robust venture community that includes the country’s foremost
security experts, access to talent, and the fact that people on the east coast
don’t switch jobs as frequently as they do in Silicon Valley.
established companies to remain independent as they grow. We need more public companies here. One of the biggest fears is that west coast
companies will buy, and relocate young companies, taking security expertise out
of the area.
Boston. Last year, the figure was $2
billion; year-to-date we’re at $2.3 billion.
These investments put independent Boston companies in a good place to
acquire smaller companies. They also
help smaller companies as it’s much easier to acquire local businesses.
growth; one of our weaknesses is in getting our message out the way that west
coast companies do. To address this
challenge, one leader says he is embedding the “west coast mentality”
at senior levels to get a different perspective. A later speaker observed that marketing is
the hardest skill set to find locally, since “it’s not Boston’s
collaboration would also foster local growth.
We need to sponsor entrepreneurs earlier in the process. Omar Hussain agreed that we need to nurture
smaller companies now so that local acquisition candidates are available
later. Rather than looking at
collaboration as driving up prices, we need to see it as “de-risking the
security companies. Each had 90 seconds
to introduce themselves to attendees.
This was the first real dive into point solutions, because most of the
conference focused more on the business.
companies a competitive edge. Reasons
cited include the deep ecosystem here nurtured by government, academia, the
innovative community, and investors; strength of the talent pool; and the
optimal time zone and proximity to the European market.
marketing challenges. Examples founders
gave include acquiring credibility, overcoming prospects’ perceptions about the
relative safety of their current solutions and the difficulties associated with
implementing complex technologies, and prying open the door to the CSO office.
next big hire was not necessarily raw engineering talent. Instead, the startups said they were seeking
sales and marketing personnel and smart security practitioners who had prior
experience with breaches.
about whether there’s a talent gap here and if so what to do about it. My sense, in listening to the conversation,
is that there isn’t necessarily a talent gap.
That said we do need to restructure thinking about our organizations, our
hiring requirements, and our training efforts to build the security workforce
of the future.
not seeking security experts. Instead,
they are seeking experts in other fields, particularly developers, who can
complement their existing expertise with security knowledge.
security is everyone’s business. You
will need a deep awareness of the asset landscape and the threat
landscape. You need to embed security
expertise in every area of the company–and everyone has to take ownership for
that are knowledgeable about operating systems, data sets, and how to develop
code with an emphasis on scripting. You
will need rugged Dev Ops personnel who have hands on experience with the
technology stack and automation so that they can build tools that simulate
threats that are proactive versus reactive.
supply chain experts, operations personnel, lawyers, and other practitioners
who have an in-depth understanding of the silos that make up a business and can
look for exposures in each of these areas.
courses at the primary and secondary levels, including introductory courses in
that job seekers focus on the skills they have–and how to connect them to
security. Panelists agreed that
certifications are not as important.
Rather, they are a “nice to have”.
years of experience to less tangible capabilities such as social skills, the
ability to make risk decisions, and the ability to advocate for resources. They will also need more flexible policies
that allow higher salaries, greater increases, and perhaps more frequent
by the session’s moderator.
the impact security has on a business’ success, challenges businesses face in
delivering the security their customers are coming to expect, and a list of
opportunities for MA businesses and job seekers. Thanks to everyone who attended the conference
and contributed to the conversation!
support of the security community within the next few weeks.