Zuly Gonzalez and Beau Adkins used to work at the National Security Agency. Now they run a cybersecurity firm in Catonsville, helping companies defend against online threats.
They're the embodiment of why Maryland officials call the state the nation's "epicenter" of cybersecurity: big federal installations here that focus on cyber problems, and all the private-sector growth related to it.
It's no surprise then that much of the activity revolves around the government. But some groups and firms are trying to push the state's cybersecurity boundaries to grab more of the commercial market at a time of tighter federal budgets.
Light Point Security, the startup Gonzalez and Adkins founded, is one example.
"We've made a business decision to really focus on the commercial side first before going strong after the government — because we come from the government and we know what a hassle it is to get into the government," said Gonzalez, Light Point's chief operating officer. "It's got such a long sale cycle."
As criminal activity and warfare move online, protecting information, networks, intellectual property and the critical infrastructure of everyday life — such as banking channels and power plant controls — is a high-stakes, high-value proposition. It's a sector that state officials have promoted for years, including with a new tax credit, because they want as many cyber jobs as possible to end up here.
Maryland has had a piece of the market for decades, thanks to the cyber-focused NSA at Fort Meade in Anne Arundel County and its former employees. Belcamp-based SafeNet, one of the state's major cybersecurity firms, was founded 30 years ago by two NSA engineers.
But the acceleration of cyber activity in recent years has kicked that momentum into high gear.
The military put its fledgling U.S. Cyber Command at Fort Meade in 2010, and the next year it moved the IT-oriented Defense Information Systems Agency there from Northern Virginia. Defense contractors opened cyber-focused offices. A Commerce Department institute helped launch the National Cybersecurity Center of Excellence in Rockville to offer assistance with industry challenges posed by hackers.
Now business leaders are hoping to leverage that federally focused activity into a broader base.
Several industry groups teamed up in May to launch the Baltimore-Washington Cyber Task Force, aimed at propelling industry growth. Another business group, the Annapolis-based Chesapeake Regional Tech Council, has a cybersecurity forum whose members recently decided to make the commercial market — not government contracting — the focus of their gatherings.
"It's natural that we would be strong on the federal side of things, given our proximity to the federal government," said Kris Shock, the tech council's executive director. "I just think it's a really tremendous opportunity for us ... to really refocus that into some commercial opportunities in our backyard."
That's critical if the state wants to become the Silicon Valley of cybersecurity — a goal Gov. Martin O'Malley set in 2010. Though that California hotbed of tech innovation got a jump-start from military demand during the space race and the Cold War, it has grown into a business- and consumer-focused powerhouse — with oodles of startups, venture capitalists and big players such as Apple and Google.
It is that "robust startup ecosystem" that Maryland wants, said Patrick Tonui, program manager for security and information technology industries at the state Department of Business and Economic Development.
"We're seeing some of that happening, but we still think there's lots more that can be done," he said.
At the University of Maryland, Baltimore County's incubator for cybersecurity startups, there's a definite government focus. Companies can participate in a federal contracting institute, and some have scholarships from contracting giant Northrop Grumman that cover their rent.
But incubator leaders are emphasizing the importance of going after the "huge and growing" commercial market, said Ellen Hemmerly, who oversees all of the university's incubators as executive director of bwtech@UMBC.
"If we're going to become the 'Silicon Valley of the East,' we've got to tap into the commercial market," she said. "The funding tends to flow more easily if the commercial market is viable as well as the government market."
Light Point Security, a tenant at UMBC's cybersecurity incubator, sees value in aiming for commercial customers first. The company protects businesses from malicious software — "malware," which burrows into computer systems to steal information or cause havoc — by separating employees' Web use from the corporate network.
Light Point offloads browsing onto a server set up for that purpose, Gonzalez said — "isolating it there so it stays in that bubble and doesn't actually ever touch the employee's computer."
"If something bad were to come, it would stay isolated within that bubble, that fake machine," she said. "And once the employee is done browsing ... we take that fake machine and we wipe it, we destroy it."
Gonzalez and her co-founder launched their company in 2010 and quit their day jobs last year to focus full-time on the venture. Early sales have been promising, she said, and she's enthusiastic about the possibilities in the commercial market.
But she thinks Maryland has a tough road ahead if it is truly going to be the cybersecurity Silicon Valley. It's not for lack of talented people and good ideas, she said — it's about venture capital.
"That very, very early-stage company that's still trying to prove out their technology, you don't see as many investments in our area for those types of companies," she said. "And without that, we can't compete with Silicon Valley. We really can't. We could have really great ideas, really great technologies, really great innovation, but if we can't ... take it to market, we can't compete."
That's not a new lament in Maryland. State and local officials have tried to fill some of that gap — there's the state's InvestMaryland Challenge for fledgling firms and Anne Arundel County's VOLT loan fund, for instance — but Gonzalez would like to see more private investors get into the early stage market.
That could determine Maryland's level of dominance in the field over the long term. The state isn't the only cyber hub.
Bhavani Thuraisingham, executive director of the Cyber Security Research and Education Center at the University of Texas at Dallas, said her university's graduating cyberspecialists head to several Texas cities, Seattle and Boston, in addition to Silicon Valley and the Baltimore-Washington area.
Silicon Valley is a popular destination for the graduates who are not U.S. citizens, she said. Maryland and the District of Columbia are big draws for the Americans, with federal jobs and government contracting positions that require citizenship.
Thuraisingham knows about Maryland's cyber assets. In her eyes, it's reasonable for the state to think it could become the industry's Silicon Valley — even with Silicon Valley itself in the running. It just depends on how the state builds on what it has.
"All the ingredients are there," she said.
twitter.com/jsmithhopkinsCopyright © 2014, The Baltimore Sun