Last year, startups in this industry lured $1 billion in venture financing.
WikiLeaks was just the tip of the iceberg. It seems like every day the headlines tell us of another breach, another hack, another chink in the armor of data protection. It's no surprise that cyber-security is among the fastest-growing career fields. Nor should it come as a shock to see an increasing number of small businesses getting into the game.
The National Venture Capital Association reports that some $1 billion in venture financing went to security startups in 2012 , more than double the 2010 figure. Across the nation, new enterprises are emerging, with small business owners looking to help secure and protect the vital information locked in government and corporate computer systems.
How to get a foothold? Here are three newcomers to the scene, explaining why they were drawn to cyber-security and how they are making it pay.
CEO Rami Essaid, Distil Networks, Arlington, Virginia
Why: With a background in cloud computing, Essaid could see the growing need for security services. "It's a growing field because there is a lot of necessity," he says. "There's still a lot of 'wild, wild West' sensibility out there, a lot of malicious actors on the web. So there's still a lot to be done to make the internet a safer place."
How: Essaid has set his sights on the SMB (small and midsize business) and SME (small and midsize enterprise) markets by bringing to bear a narrow range of services. Rather than bite a big chunk out of security, he tackles specific issues such as bots and web scraping. These are back-door attacks on users’ systems, something most business owners don’t give much thought.
"We went with the approach of tackling a very narrow problem, something that has existed for a while but people just didn't know what to do," he says. "The more you try to do, the more diluted your efforts become. You really have to put in a lot of effort to make sure you do one thing right the very first time."
Biggest Challenge? Essaid spends a lot of time evangelizing this specific niche. He attends a trade show a month and does a lot of media outreach, but you can only cover so much ground that way. His challenge is to scale up the education effort.
"To get exponential growth, we have been going to more traditional methods, even using targeted mailers for executives and educational emails. If you send something educational, something meaningful, that isn't spam. It resonates," he says.
Mark Chapman, Founder, PhishLine, Milwaukee, Wisconsin
Why: The biggest threats to computer systems are the people who run them: people who share passwords, who don’t recognize web-based scams, who inadvertently open digital doorways. Chapman trains, tests and measures users’ vulnerability to such social-engineering attacks.
"People fall for that kind of thing all the time, and organizations are losing a ton of data,” he says. “On the tech side, there are plenty of ways of mitigating that risk, but the people side is very different. You can’t just apply a patch to a person like you can with an insecure web server."
How? Rather than sell to those without a security clue, PhishLine markets its services to businesses that already are working hard to lock down their data. In this case, an educated consumer really is the best customer.
"In order to appreciate what we do, you need to be at a certain level of size or sophistication," Chapman says. "The most good we can do is to empower security organizations that have already handled the technology and the process layers." Now they need to look at the people layer.
Biggest Challenge? "The biggest challenge is in finding the organizations that value what you do," Chapman says. Even when he can identify a prospect, Chapman still has to cut through the clutter.
"There are a hundred vendors claiming to do what you do, so how to get the word out to convey your unique proposition? You do it by working with reputable companies, doing a really great job and then having them as references."
Carolyn Schrader, CEO of Cyber Security Group, Reno, Nevada
Why: Schrader has set up her business to provide a range of security services including vulnerability assessments and penetration tests. She’ll help craft policies and run security-awareness training.
She’s aiming for the SMBs, a class of business increasingly under threat. "The criminals are moving downstream from the fortune 500s down to the small and midsized businesses," she says. Such firms typically have very small in-house IT departments and lack the expertise to do what she does.
How: To develop a base for the launch of Cyber Security Group, Schrader built word-of-mouth relationships with businesses that are especially vulnerable, those with the most to lose in a data breach: CPAs, investment firms and others with sensitive client information.
"My focus is first on helping educate the potential clients. Many people are hearing that there are issues, but they don’t know what to do or how to quantify it," she says. Her ties to these firms should trickle down to a broader range of SMBs. "If you are a small business, you are going to your lawyer for advice, your CPA, so those are the people I will be developing as strong contacts and as a referral base."
Biggest Challenge? With all the tech speak surrounding cyber-security, Schrader's job is to bring it down to earth. "We talk using all these technical phrases, but the challenge is in bringing it to a business perspective. What is the risk, and what should you be doing to mitigate that risk?" she says. "You have to put it in dollars and cents. Will I make money? Will it give me a competitive advantage? Will it help me as a business to grow and thrive?"
Read Next: Best & Worst Franchise Sectors to Invest In