The Pentagon as Silicon Valley’s Incubator
Illustration by James C. Best, Jr/The New York Times
By SOMINI SENGUPTA
Published: August 22, 2013 http://www.nytimes.com/2013/08/23/technology/the-pentagon-as-start-up-incubator.html?_r=2&
SAN FRANCISCO — In the ranks of technology incubator programs, there is
AngelPad here in San Francisco and Y Combinator about 40 miles south in
Mountain View. And then there is the Pentagon.
News from the technology industry, including start-ups, the Internet, enterprise and gadgets.
Jim Wilson/The New York Times
Jay Kaplan, left, and Mark Kuhr met at the National
Security Agency and raised $1.5 million in seed money to start Synack.
In the last year, former Department of Defense and intelligence agency
operatives have headed to Silicon Valley to create technology start-ups
specializing in tools aimed at thwarting online threats. Frequent
reports of cyberattacks have expanded the demand for security tools, in
both the public and private sectors, and venture capital money has
followed. In 2012, more than $1 billion in venture financing poured into
security start-ups, more than double the amount in 2010, according to
the National Venture Capital Association.
For years, the Pentagon has knocked on Silicon Valley’s door in search
of programmers to work on its spying technologies. But these days, it’s
the Pentagon that is being scouted for expertise. Entrepreneurs and
venture capitalists are finding it valuable to have an insider’s
perspective on the national security apparatus when trying to find or
prevent computer vulnerabilities or mine large troves of data.
“They have unique insights because they’ve been on the front line,” said
Matthew Howard, a former intelligence analyst in the Navy and now a
managing partner at Norwest Venture Partners, referring to former
military and intelligence operatives who have hatched start-ups. He has
invested in several such companies. “Now they’ve got commercial desires.
The lines are blurring.”
One of the start-ups is Synack,
which promises to vet an army of hackers to hunt for security
vulnerabilities in the computer systems of government agencies and
private companies. The company’s co-founders, Jay Kaplan and Mark Kuhr,
met in Fort Meade, Md., in the counterterrorism division of the National
Security Agency. They left the agency in February after four years
there, and later decamped to Silicon Valley. Within weeks, they had
raised $1.5 million in seed money; they are now working with their first
customers and pitching their experience in the spy agency.
“Doing things on a classified level really opens your eyes,” Mr. Kaplan
said. “The government is doing a lot of interesting things they don’t
disclose. You have a unique perspective on what the adversary is doing
and the state of computer security at a whole other level.”
Morta
Security, another
of the start-ups, was founded by Raj Shah, a former F-16 fighter pilot
for the Air Force in Iraq. He described himself as “a policy adviser” to
the N.S.A. before moving to Silicon Valley to establish the company
this year with two former analysts. Morta’s work is in such “stealth
mode,” in valley parlance, that the company has said nothing about what
it is working on. Nor would Mr. Shah describe fully what his two
co-founders were doing at the agency before they formed the company.
“There are very sophisticated threats that are able to steal data from
corporations and government,” is all Mr. Shah would say. “Our guys’
background — they just have a deeper understanding of that problem.”
Though Silicon Valley sees itself as an industry far removed from the Beltway, the two power centers have had a longstanding
symbiotic relationship. And some say the cozy personal connections of
ex-intelligence operatives to the military could invite abuse, like the
divulging of private information to former colleagues in the agencies.
“They have enormous opportunities to cash in on their Washington
experience, sometimes in ways that fund further innovation and other
times in ways that might be very troubling to many people,” said Marc
Rotenberg, executive director at the Electronic Privacy Information
Center in Washington. “Both sides like to maintain a myth of distant
relations. The ties have been in place for a long time.”
The ties are more than personal; the National Security Agency is among
the few organizations in the world, along with companies like Facebook
and Google, with a cadre of engineers trained in mining big data.
By working at the N.S.A., “you get to be on the bleeding edge, not just
the cutting edge of what’s possible,” said Oren Falkowitz, who left the
agency last year to start Sqrrl, a big data analytics company based on
technology developed at the agency. Mr. Falkowitz has since left Sqrrl,
which is in Boston, and is considering moving to Northern California to
start working with a big data company.
Last year, Sumit Agarwal left his post as a deputy assistant secretary of defense to join Shape Security, a
Mountain View company that offers what it calls “military grade”
security solutions against botnets, groups of infected computers used
for attacks.
(Page 2 of 2)
Shape Security’s chief executive is Derek Smith, a former Pentagon
consultant whose last company, Oakley Networks, which specialized in
detecting insider threats, was sold to Raytheon, the military
contractor, in 2007. Since its inception in 2011, Shape Security has
raised $26 million in venture financing.
Computer security experts are leaving other parts of government for start-ups, too. Sameer Bhalotra, who worked on cybersecurity issues at the White House, was recruited by a Redwood City-based security company called Impermium. And Shawn Henry, a
former computer security specialist from the F.B.I., left his job in
government last year to help establish CrowdStrike, a computer security
firm.
In Israel, government security workers have long found a career path in
moving to start-ups, said Peter Wagner, a partner at a recently opened
venture firm, Wing Venture Partners, in Menlo Park. Many Israeli
entrepreneurs come out of the Israeli military and intelligence
services, he pointed out.
“It’s not surprising that some of the same type of experience is finding
its way into entrepreneurial endeavors here in the U.S.,” Mr. Wagner
said.
The idea for Synack came to its founders, Mr. Kuhr, 29, and Mr. Kaplan,
27, when they were working side by side at the N.S.A.’s computer network
operations division; within the agency, that includes figuring out how
to attack or exploit data gathered from a computer network. Nights and
weekends, they hatched their business plan. They proposed to assemble an
army of vetted bounty hunters from around the world to find security
bugs. Their product is a variation of the so-called bug bounty programs
run by large companies, like Facebook and Microsoft, that in effect
invite security researchers to try to crack vulnerabilities in their
systems — and reward them if they do.
Part of their pitch to potential customers is that they will vet the
bounty hunters before setting them loose. They hope to sign up
government agencies as customers, along with private firms, especially
in the software services sector.
“We are able to provide security experts previously inaccessible to companies,” Mr. Kaplan added.
Both men’s college educations were paid for by N.S.A. scholarships — Mr.
Kaplan at George Washington University, Mr. Kuhr at West Point Military
Academy and then at Auburn University. With that came an obligation to
work at the agency, which they did, each for four years.
“We really liked our jobs there,” Mr. Kuhr said.
Then they headed west, drawn by the same dream of riches that draws so many other people here.
No comments:
Post a Comment