While there are many factors impeding the successful insertion of disruptive cybersecurity concepts into the current market, I want to explore the underestimation of the focus required to build an enterprise that is market-driven and product-oriented.The business ecosystem inside the DMV’s Cyber Beltway is heavily prejudiced toward the development of bespoke solutions targeted toward single customers. This ecosystem is dominated by large systems integrators and government contractors who employ low-risk business models based on time and materials billing and very limited internally-funded research and development investment. There is nothing wrong with this business model, as evidenced by the hundreds of wealthy government contracting business owners that our region has created throughout the past decade. However, this model thrives on labor-intensive integration and operational support and, by its very nature, is antithetical to disruptive innovation.When budding cybersecurity entrepreneurs who have grown up in this ecosystem decide to start their own businesses, the siren’s song of SBIR grants, federally-funded research projects and government consulting contracts becomes extremely alluring. In contrast to the twenty-something social networking and iPhone app entrepreneurs populating other techno-regions, entrepreneurs in the Cyber Beltway typically have families, mortgages and car payments. The majority of them are lured toward services models out of financial necessity.Yet they continue to dream about making a disruptive impact.Last week alone, I met with five different entrepreneurs, all aspiring to take to market innovative cybersecurity product ideas. Several of them outlined plans to invest cash flow generated from their consulting operations to build a product and deliver it to market. In most cases, the product team consists of one or two developers working on a product concept part-time. Consistently, these entrepreneurs believe they can bootstrap their way to a generally available product release within 12 months, avoid the dilution of a sizeable venture round and retire on the sale of their product business at a 10x multiple of projected revenues.Here’s my advice: Pick one or the other. You can’t do both effectively.Building a product business will take 100% of your focus. Validating the concept, building the team, and raising the capital necessary to build an organization to support your market entry will take more than all of your time. Getting your concept to market will require significant outside investment made over a number of years. Even if bootstrapping initial development enables you to reach the market first, without the capital to seize market share and create competitive barriers to entry, better capitalized competitors are going to own the market you have created.Yes, it takes guts to make the leap, especially if your services business is already showing promise. But if you want to make a disruptive impact, 100% commitment to the endeavor is simply table stakes. You won’t be able to find the necessary financial backing otherwise.At MACH37™, we are working hard to make taking this leap easier for our entrepreneurs. We have built a 90-day program to enable our entrepreneurs to fully validate and hone their concepts by working with our network of cybersecurity customers, serial entrepreneurs and industry experts. We provide them with capital, allowing them to focus over a tailored 90-day program and build the effective business case that will support additional seed investment from us and third-party investors. We teach them how to be market-focused and how to build products that address what their customers need, instead of what the entrepreneur wants them to have.
The Cyber Beltway’s Innovation Dislocation
Last week, I had the opportunity to participate in the AGC Partners “Disruption: Innovation at the Edge of Cybersecurity” event in Las Vegas. My panel explored how cybersecurity entrepreneurs become inspired to innovate and what dislocations are preventing them from disrupting the cybersecurity marketspace. As I thought about what ingredients are required to insert disruptive concepts into the current market, it occurred to me that within the Northern Virginia, Fort Meade and DC Metropolitan “Cyber Beltway,” the problem is something beyond a lack of creative inspiration.On the contrary, at MACH37 I see at least three new product ideas a week coming from young entrepreneurs, members of the intelligence community, small cybersecurity services companies, university researchers and FFRDCs located within the Cyber Beltway. To be sure, cybersecurity companies operating in the Cyber Beltway enjoy privileged insights into the cyber threat landscape. These companies often support the offensive side of cyber operations, have an intelligence analysis DNA, have been doing big data since before it was called big data and enjoy unique access to the intellectual property derived from thousands of classified and unclassified incident response and remediation activities. Individuals working within these companies know better than most how the cyber threat operates and how to rapidly collect and analyze artifacts to discover a cybersecurity breach within an enterprise network.However, in spite of this treasure trove of intellectual property, we aren’t seeing the conveyor belt of disruptive cybersecurity products entering the market from this region that we should expect. Why is that?While our region’s cybersecurity technologists are filled with creative ideas, the ecosystem forces downstream from their creative genius are undermining their ability to disrupt the market. In general, their innovations:· Are driven out of academic curiosity rather than emerging market need· Lack the entrepreneurial sponsorship required to build a viable business case for the innovative concept· Lack the financial backing necessary to deliver, support and take to market an enterprise-worthy solutionOver the next several blog posts, I intend to explore the dislocations in our local ecosystem. My hypothesis is that none of these are terminal and that we at MACH37, with the help of others in the industry, can positively address the current gaps and create an environment that not only fosters the creation of potentially disruptive cybersecurity concepts, but also supports the many other, perhaps more practical, ingredients required to bring positive disruption to the cybersecurity market.