Cybersecurity in the greater Washington region is an area of economic opportunity and regional strength, yet there was no single, publicly available list of cybersecurity businesses operating here. Now there is.
The TandemNSI Cybersecurity Industry List was compiled by TandemNSI, a community I launched three years ago to link government agencies and entrepreneurs who want to work with them. Through our work, we see an endless stream of opportunities for greater regional corporation, and the numbers in this new census are enlightening.
There are 967 cybersecurity businesses operating in the Washington area: 45 in D.C., 332 in Maryland and 590 in Virginia.
The census tallied businesses providing cybersecurity products, services or solutions and doesn’t include those supporting the cybersecurity industry such as lawyers, real estate brokers or human resource professionals, or businesses where cybersecurity is an ancillary offering. The census focuses solely on businesses driving the industry — the core resources against which supporting activities are arrayed.
An accompanying report entitled “The Cybersecurity Industry in the Greater Washington Region” explains the methodology used in the census, and provides insight to help those interested in growing our region’s cybersecurity industry.
Most of the businesses that met the criteria to be included in the count were service or solution-oriented. Product-oriented cybersecurity companies are a small percentage of the overall number of businesses we found — 38 out of 967.
This composition matters. Generally, service-based businesses aiming to scale up and grow quickly are limited by how easily they can hire and train new people. A business with an innovative product, on the other hand, is able to grow more rapidly because productive capacity is often as easy as making another copy. The most rapidly growing businesses in our national economy are more often product-oriented.
The heavy focus on service and solution-based cybersecurity businesses in the region is less surprising given the relationship they have with the federal government. At least half received money from the federal government under a direct contractual relationship to provide cybersecurity services or solutions. And it appears that the percentage is likely significantly higher, given that many others are subcontractors and therefore not easily identified through public sources.
The data unveils clear evidence of an untapped opportunity: despite tremendous commercial talent engaged in cybersecurity in our region, it is not concentrated in product-oriented innovation. And our region’s largest local customer — the federal government — has made it plain that product-oriented cybersecurity innovations are of high interest. It has opened offices in Silicon Valley and Boston because it is looking for innovation in places it perceives to have a higher concentration of product-oriented cybersecurity businesses.
Two immediate challenges: first is how to help our region’s large service and solution-oriented businesses acquire product-oriented businesses and facilitate integration into the federal government’s goals. Second, how to reshape our region’s strong cybersecurity talent into product-oriented innovators.
Both challenges will require significant investment and commitment. Before being able to solve a problem, it first needs to be identified. Now that we have a baseline against which to measure, we can build a stronger industry.
This column originally appeared at WashingtonPost.com.