Credit: Shutterstock.com

From 2011 to 2014, Greater Washington, D.C. saw three major acquisitions of cybersecurity companies that totaled $4.1 billion — Reston, Va.-based NetWitness was acquired by the EMC Corporation, Columbia, Md.-based SourceFire was bought by Cisco and FireEye agreed to acquire Alexandria, Va.-based Mandiant. The deals have done more than just turn heads, however.

The recent string of multi-billion dollar cybersecurity acquisitions in the D.C. area has helped set the table for new generations of local startups in the space—and ultimately, the next round of payouts, says Rick Gordon, managing partner at Mach37, a cybersecurity startup accelerator in Herndon, Va. The deals also show how cybersecurity in D.C. has become an industry helped by—but not totally dependent upon—government funding.

The current investment and exit cycle for the local cybersecurity industry can be categorized into three “generations.”

The first generation included NetWitness, SourceFire and Mandiant. The second generation includes the likes of Invincea, Lookingglass, iSIGHT, Silent Circle and Crowdstrike, Gordon told DC Inno. These are companies that have shown promise, are continuing to mature, and who illustrate promising exit potential in the future, according to Gordon. Where the truly massive exit value may exist locally, however, is in the next group coming down the line—which is the largest of the three generations, he said.

“Once these exits occur [second generation], they will further fuel the pipeline of cybersecurity product companies in this region (25+) many of whom have been seeded by Mach37 and the Center for Innovative Technology. This burgeoning ecosystem will sustain itself and enable this region to dominate the cybersecurity market for many years to come,” Gordon told DC Inno.

Money Talks

Funding for cybersecurity has long been dominated by defense contracts—influenced by initiatives set in place by the Department of Defense and a cohort of other federal agencies. While it’s not hard to understand why more investment in cybersecurity is occurring in many regions—given the recent high-profile breaches of federal agencies and big-name corporations—the way it’s happening, and how it is influencing the D.C. area, appears to be unique.

“Cybersecurity in the DC area benefits from the overall rise in sea-level of cyber spending, and certainly its proximity to the nearly $16B Federal spend. This spend, which largely goes to defense/Federal contractors, in turn creates a large pool of talent in cybersecurity that makes this region one of the strongest regions for cybersecurity expertise,” Anup Ghosh, founder and CEO of Fairfax, Va.-based Invincea, told DC Inno.

But it’s not just the government that’s been bankrolling the growth of the cybersecurity industry in D.C. “For too long, the area has relied on federal government spending which made us complacent on innovation. With the budget woes, it forced many to rethink their position. We are now starting to see those planted seeds grow and it’s exciting,” said Adam Meyer, CIO at SurfWatch Labs of Sterling, Va.

Ghosh put it this way: “Building on this trend [of government spending] is investment capital from traditional venture firms, such as New Atlantic Ventures, Grotech Ventures, and Harbert Ventures, in addition to a healthy angel investment network.”

Cyber Clusters

At the state level, from Maryland to Virginia, the rise of cybersecurity startups has been welcomed due to the size and quality of potential outside investment coming into the region. “With incubators being set up by UMBC and Montgomery County, start-up, corporate tax credits and relocation incentives being throw out, cybersecurity is definitely hot right now, and we will continue to see more cyber security tech being built out of this area,” Meyer told DC Inno.

The D.C./Northern Virginia/Maryland area “is becoming the Silicon Valley of security.”

The push from the region — especially Northern Virginia — to establish a cluster of cybersecurity companies is well documented. “The DC/NoVA/MD area, also known as the Cyber Corridor, is becoming the Silicon Valley of security,” said Rohyt Belani, CEO of Leesburg, Va.-based PhishMe.

“These companies, in turn, create economic wealth for the region in terms of job creation, shareholder value, and a broader tax base than traditional government contracting,” Ghosh said of the industry’s regional growth.

The region is also attracting cybersecurity companies from elsewhere—lured in by proximity to federal agencies, East Coast clients and a thriving security ecosystem.

Home to the Aspiring

DC Inno recently learned that Tanium, an Emeryville, Calif.-based cybersecurity company founded in 2007 and valued at over $1.75 billion, will be opening a new office in Northern Virginia to help it connect with local customers and resources. The company blasted onto the scene in June 2014 when it raised $90 million from prominent venture capital firm Andreessen Horowitz (a16z). Since that June 2014 raise, Tanium has secured more than $110 million in funding.

Fast forward one year later to June 2015: Tanium is expanding and to grow its business it views a presence in Northern Virginia as emblematic of that effort.

“Tanium is on a mission to transform markets in need of re-invention and solve previously unsolvable problems. We saw a great opportunity for this in the DC-area where government agencies are tasked with protecting our critical infrastructure and sensitive intelligence and civilian data, but are under growing pressure to do more with less,” Ralph Kahn, Tanium’s VP of federal systems, told DC Inno.

“We hope to shift the thinking of government agencies.”

Kahn previously said in a phone interview that the company was “committed” to government work and building government contracts. While about 15 to 20 percent of Tanium’s current business comes from the federal government, Kahn said the company wanted to grow that figure to about 25 percent. Along with the move, Tanium plans to employ a 20-person team but also expects to expand to between 30 and 45 employees within 12 months.

“Expanding into the DC-area gives us the chance to provide federal agencies with our unique endpoint platform, allowing them to effectively detect and respond to cyber threats with a speed and scale that enables them to stay ahead of their adversaries. With a presence in DC, we hope to shift the thinking of government agencies,” Kahn added.