Tampa Bay has become Florida's ground zero in the battle for data security.
With business and so many other aspects of our daily lives increasingly moving online and into the cloud, it’s never been a better time to be part of the cybersecurity industry.
That’s especially true for companies and workers in the Tampa Bay region.
Opportunities are abundant primarily because the stakes are high. In June, for example, Tampa-based fast-casual restaurant chain PDQ became the latest high-profile company to suffer a widespread cyber attack. PDQ says a hacker gained access to customers’ credit card information during an assault on the company’s computer systems that spanned nearly a year.
But cybersecurity isn’t just a network hardware issue; it’s a human resources issue — a fact that has made companies such as Clearwater’s KnowBe4 and Tampa’s ReliaQuest so successful. The former specializes in security awareness training for employees who interact with their companies’ internal computer networks, which these days amounts to pretty much everyone.
To test its clients’ defenses, KnowBe4, founded in 2010, simulates phishing attacks and other methods employed by hackers to breach IT security systems. Its phenomenal growth reflects how seriously businesses are looking at ways to batten down the cyber hatches, so to speak. The company’s revenue more than doubled from 2016 to 2017, rising from $24.4 million to $62 million, and it now has nearly 330 employees. Founder and CEO Stu Sjouwerman says it’s not uncommon for KnowBe4 to hire as many as 30 people per month to keep up with demand.
It’s a similar story at Tampa-based ReliaQuest, which has seen its revenue grow at a 624% rate since 2013 and is on track to have 400 employees by the end of the year.
A-LIGN, a Tampa-based professional services firm that specializes in cybersecurity and compliance monitoring, could be the next local cybersecurity breakout company, thanks, in part, to a $54 million investment from FTV Capital, a growth investment firm with offices in New York and San Francisco. As a result of that recent capital injection, A-LIGN CEO Scott Price expects the firm to hire 100 additional employees over the next 12 months, with 40 to 45 most likely being direct hires right out of college. That will bring its head count to more than 250.
“With more brand awareness out there and greater amounts of outside investment, you’re adding kerosene to a fire that’s already really strong, which is awesome,” Price says of the growth of the region’s cybersecurity industry, adding A-LIGN hired 20 new staff members in June alone.
TEACH YOUR CHILDREN WELL
But as demand for talent grows, where are new cybersecurity workers going to be found? Will companies such as KnowBe4 and ReliaQuest have to spend valuable resources on nationwide searches for qualified candidates?
Some area colleges hope to solve those issues. The University of Tampa now offers a major and minor in cybersecurity, in addition a master's in the discipline. And beginning in the fall semester, the University of South Florida will — in a first for a Florida public university — offer an undergraduate degree program in cybersecurity.
USF’s College of Engineering will house the program and expects to enroll up to 90 students in it. The university already has master’s programs in cybersecurity and cybercrime, and it offers a graduate certificate program for IT professionals who want to improve their cybersecurity credentials. USF’s Tampa campus is also home to Cyber Florida, formerly known as the Florida Center for Cybersecurity, a state-funded organization dedicated to growing Florida’s cybersecurity industry.
Robert Bishop, dean of the USF College of Engineering, says cybersecurity is too broad of a topic to be fully covered in a single program of study. “It can include behavioral aspects, like how do you respond to phishing?” he says. “Or, do you pick up a thumb drive in the parking lot and stick it in your computer to see what’s on it?”
USF’s new undergraduate program, Bishop says, will take a narrow approach that will focus on improving the design of systems used by companies in vulnerable sectors such as banking and finance, health care, defense and manufacturing. Says Bishop: “We’re looking at cybersecurity at the level of the hardware and operating system software, asking, ‘How do you design and build robust systems in the future?’ Because cybersecurity hacks are often a result of design.”
Bishop believes the program will be an excellent jumping-off point for students who desire a career path that presents different forks in the road.
“I think it’s fair to say that there’s no standard path for engineers anymore,” he says. “Typically for engineering, across the board, engineers start off in what you might think of as engineering position, but they rapidly move into management and leadership and other types of positions because engineering is really about problem solving. And so I would see that our graduates would start off doing high-level technical stuff, but moving into leadership.”
To get exposure to the many areas affected by cybersecurity, students will be required to take 12 credit hours outside of the College of Engineering. Bishop says coursework in business, law and behavioral sciences will be encouraged. Then, some day, USF cybersecurity graduates will move into C-suite positions like chief technology officer.
“My sense is that they will be the highest-paid engineering graduates that we have, maybe with the exception of biomedical engineers,” he says. “The undergraduates who come out of this program, if they were to graduate today, I think they would be starting probably in the $90,000 range because of the demand for their skill sets.”
That’s not wishful thinking. According to the U.S. Bureau of Labor Statistics, the median annual salary for information security analysts exceeds $95,000, and the job market for cybersecurity professionals is expected to expand by 30% by 2026.
Although financial services and health care sectors currently drive demand for cybersecurity, Bishop predicts manufacturing will be a huge source of jobs for USF graduates while consumer products increasingly become networked together via the cloud and internet of things, or IoT.
“So much of what we do in manufacturing these days is cloud based and code based,” he says, “and as you could imagine, anything with an IP address can be hacked.”
CYBER SUCCESS STORY
Meanwhile, at A-LIGN, Price, 42, and his business partner Gene Geiger, 45, saw the way the big data winds were headed nearly s decade ago. Price founded the company in 2009 after starting his career in 1997 in the IT audit industry, and Geiger joined A-LIGN in 2011 as president.
That's when the duo decided to focus on providing third-party compliance and cybersecurity auditing for companies that service fintech and health care firms. Clients, says Price, are mostly managed service providers, cloud application service providers or Software-as-a-Service companies that work within hospitals or banks.
A-LIGN and its proprietary compliance platform, A-SCEND, has resonated in the marketplace. Revenue at the firm is up 175% since 2015, from $7.5 million to $20.6 million last year.
Price says A-LIGN makes most of its money via fixed-fee engagements whose pricing is based on return-on-investment evaluations and projections of the scope of work involved. Because A-LIGN’s audits are so extensive and can test for so many regulatory compliance and cybersecurity weaknesses, the company will sometimes decline work if a company isn’t going to achieve the ROI it’s looking for. The company has some 1,700 clients, and typically adds 250 to 300 per year, Price says.
The next step for the company, Price says, is brand recognition. That's where the hefty capital investment comes into play, both in advice from new board members and money to spend on it. Price declines to specify how much of an ownership stake, if any, FTV Capital has taken in the company. Two of FTV’s partners, Liron Gitig and Richard Garman, have joined A-LIGN’s board of directors as a result of the recent deal.
“Part of the reason you’ve never heard of us is that we have this innate ability to have zero brand awareness while also growing like crazy,” Price jokes. “I think FTV is really going to help us with that.”
It’s not enough, he says, to have “great technology … you want to be able to service your clients wherever they’re at and be able to have the right services for them, but if you don’t have brand awareness, you’re not going to have clients. FTV has a partner network that’s expansive and can help with marketing and sales initiatives. It’s like a marriage — they’re selecting us and we’re selecting them, and as went through the [investment] process, we could see that they’re going to provide some great guidance on how we can increase our brand awareness.”