Zuly Gonzalez and Beau Adkins used to work at the National Security Agency. Now they run a cybersecurity firm in Catonsville, helping companies defend against online threats.
They're the embodiment of why Maryland officials call the state the nation's "epicenter" of cybersecurity: big federal installations here that focus on cyber problems, and all the private-sector growth related to it.
It's no surprise then that much of the activity revolves around the government. But some groups and firms are trying to push the state's cybersecurity boundaries to grab more of the commercial market at a time of tighter federal budgets.
Light Point Security, the startup Gonzalez and Adkins founded, is one example.
"We've made a business decision to really focus on the commercial side first before going strong after the government — because we come from the government and we know what a hassle it is to get into the government," said Gonzalez, Light Point's chief operating officer. "It's got such a long sale cycle."
As criminal activity and warfare move online, protecting information, networks, intellectual property and the critical infrastructure of everyday life — such as banking channels and power plant controls — is a high-stakes, high-value proposition. It's a sector that state officials have promoted for years, including with a new tax credit, because they want as many cyber jobs as possible to end up here.
Maryland has had a piece of the market for decades, thanks to the cyber-focused NSA at Fort Meade in Anne Arundel County and its former employees. Belcamp-based SafeNet, one of the state's major cybersecurity firms, was founded 30 years ago by two NSA engineers.
But the acceleration of cyber activity in recent years has kicked that momentum into high gear.
The military put its fledgling U.S. Cyber Command at Fort Meade in 2010, and the next year it moved the IT-oriented Defense Information Systems Agency there from Northern Virginia. Defense contractors opened cyber-focused offices. A Commerce Department institute helped launch the National Cybersecurity Center of Excellence in Rockville to offer assistance with industry challenges posed by hackers.
Now business leaders are hoping to leverage that federally focused activity into a broader base.
Several industry groups teamed up in May to launch the Baltimore-Washington Cyber Task Force, aimed at propelling industry growth. Another business group, the Annapolis-based Chesapeake Regional Tech Council, has a cybersecurity forum whose members recently decided to make the commercial market — not government contracting — the focus of their gatherings.
"It's natural that we would be strong on the federal side of things, given our proximity to the federal government," said Kris Shock, the tech council's executive director. "I just think it's a really tremendous opportunity for us ... to really refocus that into some commercial opportunities in our backyard."
That's critical if the state wants to become the Silicon Valley of cybersecurity — a goal Gov. Martin O'Malley set in 2010. Though that California hotbed of tech innovation got a jump-start from military demand during the space race and the Cold War, it has grown into a business- and consumer-focused powerhouse — with oodles of startups, venture capitalists and big players such as Apple and Google.
It is that "robust startup ecosystem" that Maryland wants, said Patrick Tonui, program manager for security and information technology industries at the state Department of Business and Economic Development.
"We're seeing some of that happening, but we still think there's lots more that can be done," he said.
At the University of Maryland, Baltimore County's incubator for cybersecurity startups, there's a definite government focus. Companies can participate in a federal contracting institute, and some have scholarships from contracting giant Northrop Grumman that cover their rent.
But incubator leaders are emphasizing the importance of going after the "huge and growing" commercial market, said Ellen Hemmerly, who oversees all of the university's incubators as executive director of bwtech@UMBC.
"If we're going to become the 'Silicon Valley of the East,' we've got to tap into the commercial market," she said. "The funding tends to flow more easily if the commercial market is viable as well as the government market."
Light Point Security, a tenant at UMBC's cybersecurity incubator, sees value in aiming for commercial customers first. The company protects businesses from malicious software — "malware," which burrows into computer systems to steal information or cause havoc — by separating employees' Web use from the corporate network.
Light Point offloads browsing onto a server set up for that purpose, Gonzalez said — "isolating it there so it stays in that bubble and doesn't actually ever touch the employee's computer."