Cyber threats are an increasingly persistent national security concern supercharged by AI—and so is the industry built to help hospitals, financial institutions, and the Pentagon secure their networks. But unlike the defense industrial base overall, there’s no clear prime. Could that change with venture capital?Joe Lin, co-founder and CEO of the VC-backed cyber firm Twenty, said private capital isn’t pouring into cybersecurity at the same rate as other defense tech areas in part because it’s unclear whether “true winners” will emerge. ”This was an ecosystem [that was] very, very hard for outsiders to come in and join. So that barrier has gone down. That's the good news,” Lin said during Second Front’s Offset Symposium earlier this month. “I think the question is still out as to whether or not a company that is able to take a lot of money invested into private R&D is able to actually be successful in the space where, historically, there's been a lot of peanut-butter spreading in terms of awards—funding awards, contract awards—and whether or not there will actually be true winners that will come out of this.”Make it work, make it malleableThe winners will make versatile technology that works as the customer needs, said Brian Carbaugh, ex-CIA turned co-founder and CEO of Andesite, a VC-backed defensive cyber data analytics startup. “There is a tremendous amount of noise. There are a lot of marketing dollars being spent,” Carbaugh told Defense One. “From a customer, from a buyer standpoint, you can see some elements of fatigue because they're having to sift through just so many vendors and pitches that oftentimes don't materialize.” Buyers’ expectations for cyber tools and services are extremely high, Carbaugh said, and companies must deliver products that can “do all the things, all the time. Because, I think, what most of us in this space thought would be sort of innovative in terms of features and functionality—increasingly it's becoming table stakes.”That’s not a warning shot for nascent companies, it’s an opportunity, he said. “The warning lights are blinking red in a lot of these [security] operations centers. The work that CISOs and their teams put in are, it's nothing short of heroic on a daily basis,” Carbaugh said. There’s technology now that can "optimize” and level up analysts “by wrapping this tech around them” and are auditable with a “very, very high security compliance.”But as cyber threats and industry grow, the Pentagon may need a more tightly coupled relationship with the cyber industrial base. “There's an assortment of different companies that provide tools or services that are the ones that build and operate the domain on which we fight. They build our battlefield. We need to start partnering together so that they don't build the battlefield and we operate on it in a very disjointed way,” said Katie Sutton, the Pentagon’s cyber policy chief, during the symposium. That relationship must also leave room for tweaks and changes to cyber tools, said Maria Barrett, former commanding general of U.S. Army Cyber Command.“It's also got to be about the vendor being willing to work with us, and right side the operator, or whoever the user is, to tweak it. Because, I think, that quality of adaptability by the industry partner and the willingness to be able to do that and deliver it quickly…that's the new normal,” she said on the panel.WelcomeYou’ve reached the Defense Business Brief, where we dig into what the Pentagon buys, who they’re buying from, and why. Send along your tips, feedback, and song recommendations to lwilliams@defenseone.com. Check out the Defense Business Brief archive here, and tell your friends to subscribe!HASC’s NDAA mark. The House Armed Services Committee dropped its draft of the annual defense policy bill this week. Two things that caught my eye are related to supply chains:
Defense Business Brief: Defense cyber champs?; HASC mark; Navy IW
Cyber threats are an increasingly persistent national security concern supercharged by AI—and so is the industry built to help hospitals, financial institutions, and the Pentagon secure their networks. But unlike the defense industrial base overall, there’s no clear prime. Could that change with venture capital?Joe Lin, co-founder and CEO of the VC-backed cyber firm Twenty, said private capital isn’t pouring into cybersecurity at the same rate as other defense tech areas in part because it’s unclear whether “true winners” will emerge. ”This was an ecosystem [that was] very, very hard for outsiders to come in and join. So that barrier has gone down. That's the good news,” Lin said during Second Front’s Offset Symposium earlier this month. “I think the question is still out as to whether or not a company that is able to take a lot of money invested into private R&D is able to actually be successful in the space where, historically, there's been a lot of peanut-butter spreading in terms of awards—funding awards, contract awards—and whether or not there will actually be true winners that will come out of this.”Make it work, make it malleableThe winners will make versatile technology that works as the customer needs, said Brian Carbaugh, ex-CIA turned co-founder and CEO of Andesite, a VC-backed defensive cyber data analytics startup. “There is a tremendous amount of noise. There are a lot of marketing dollars being spent,” Carbaugh told Defense One. “From a customer, from a buyer standpoint, you can see some elements of fatigue because they're having to sift through just so many vendors and pitches that oftentimes don't materialize.” Buyers’ expectations for cyber tools and services are extremely high, Carbaugh said, and companies must deliver products that can “do all the things, all the time. Because, I think, what most of us in this space thought would be sort of innovative in terms of features and functionality—increasingly it's becoming table stakes.”That’s not a warning shot for nascent companies, it’s an opportunity, he said. “The warning lights are blinking red in a lot of these [security] operations centers. The work that CISOs and their teams put in are, it's nothing short of heroic on a daily basis,” Carbaugh said. There’s technology now that can "optimize” and level up analysts “by wrapping this tech around them” and are auditable with a “very, very high security compliance.”But as cyber threats and industry grow, the Pentagon may need a more tightly coupled relationship with the cyber industrial base. “There's an assortment of different companies that provide tools or services that are the ones that build and operate the domain on which we fight. They build our battlefield. We need to start partnering together so that they don't build the battlefield and we operate on it in a very disjointed way,” said Katie Sutton, the Pentagon’s cyber policy chief, during the symposium. That relationship must also leave room for tweaks and changes to cyber tools, said Maria Barrett, former commanding general of U.S. Army Cyber Command.“It's also got to be about the vendor being willing to work with us, and right side the operator, or whoever the user is, to tweak it. Because, I think, that quality of adaptability by the industry partner and the willingness to be able to do that and deliver it quickly…that's the new normal,” she said on the panel.WelcomeYou’ve reached the Defense Business Brief, where we dig into what the Pentagon buys, who they’re buying from, and why. Send along your tips, feedback, and song recommendations to lwilliams@defenseone.com. Check out the Defense Business Brief archive here, and tell your friends to subscribe!HASC’s NDAA mark. The House Armed Services Committee dropped its draft of the annual defense policy bill this week. Two things that caught my eye are related to supply chains:
