Yeah, It Makes Sense for Virginia to Invest in Cybersecurity

Mackster

The Mackster gives speech at Launch Lounge event in San Francisco in March 2016. Photo credit: Richmond Times-Dispatch.

by James A. Bacon

Normally, it’s a terrible idea for government to pick economic winners and losers. Politicians latch onto fads and enthusiasms arising from the private sector but allow wishful thinking to override investment discipline when it comes to allocating government capital.

Bacon’s dictum is that if “everyone” knows a sector is hot, and “everyone” is investing in it, unless you’re the smartest, best-informed guy in the room, you’re probably wasting your money.

Twenty years ago, economic developers were chasing the semiconductor and “high tech” sectors. Today, biotech and greentech are hot — and mayors and governors around the country are mal-investing hundreds of millions of dollars in those sectors in the vain hope of triggering riding the wave to economic prosperity. That’s why I cringe when I read about the City of Virginia Beach putting money into a “biomedical” office park, and I get the heebie-jeebies when the state backs Northern Virginia’s Center for Personalized Health.

I may live to regret saying so, but I think that Gov. Terry McAuliffe may be on to something with his cybersecurity initiative. His two-year budget for 2017-2018 steers $750,000 in extra funding to Virginia’s Center for Innovative Technology (CIT) to develop an “information sharing and analysis” capability to build upon CIT’s Mach37 cyber-accelerator located in the CIT building and CIT’s investments, typically about $50,000 a pop, in cyber-related start-ups. In the grand scheme of things, the money is pocket change. The real contribution that CIT provides is acting as a relationship and resource broker for aspiring entrepreneurs.

There are several reasons why I think the cyber-security initiative makes sense for Virginia.

First, business and government awareness of cyber threats has increased markedly in the past few years. The threat is real, and business and governmental organizations are spending more money to combat it.

Second, Virginia is a major player in the industry, second only to California in the number of cyber-security vendors. Companies with cyber-security capabilities have clustered in Northern Virginia to serve the Department of Defense, the Central Intelligence Agency, the Federal Bureau of Investigation and the National Security Agency, where security requirements are high. With a wealth of human capital — thousands of IT workers trained in information technology and cyber-security — the region generates lots of new security-related business ideas. The existence of an existing business cluster and innovation ecosystem makes it easier for entrepreneurs to recruit skilled employees and forge alliances and partnerships.

Third, cyber-security as an economic development ploy has not yet become a national craze. Stupid money hasn’t yet started flowing into the industry, creating a glut of too many dollars chasing too few deals. Inevitably, that will happen, and Virginia leaders need to be alert to it. But it doesn’t seem to be happening yet.

Fourth, Virginia is not throwing around a lot of money. The added sums are infinitesimal compared to what Virginia is spending on new STEM programs at Virginia universities, the Commonwealth Research Commercialization Fund, and the universities’s share of the recently approved 2.1 billion bond package. As noted above, Virginia’s main contribution to cybersecurity is identifying entrepreneurs with promising ideas and hooking them up with private-sector partners who can help them. That is a defensible, inexpensive, and value-added role for the state to play.

Finally, the potential return on public investment is high. ThreatQuotient, a Northern Virginia cybersecurity company that received $1.5 million in seed funding from local investors including CIT early last  year, raised $10.2 million in second-round financing in December, and won recognition in a cybersecurity industry conference in San Francisco as “startup company of the year.” ThreatQuotient now employs 50 people in Reston, according to the Richmond Times-Dispatch.  Reports Michael Martz:

CIT officials estimate the [Growth Accelerator Program seed] funds leverage every dollar invested by 18.5 times, using $17.9 million in equity investments to attract $331 million in private investment in companies with a total value of $798 million. They estimate those companies will create up to 9,000 jobs in Virginia over the next five years. The [state] budget allocated $3.1 million a year to the program and requires a return on investment of no less than 11 to 1.

It goes without saying that such claims should not be taken at face value. CIT, like every other public, private or quasi-public entity in the world, is putting the best face on its performance. Still, the investment returns would appear to be orders of magnitude greater than traditional economic-development tax incentives and real estate subsidies.

There appears to be one other thing the state can do to promote this burgeoning sector. As Martz observes, thousands of cyber-security jobs are going begging in Virginia. The industry has grown faster than the ability to train people to fill the jobs. “It’s an absolute fact for our industry that the demand for talent, especially technical talent, and the supply, there’s just a disconnect,” he quotes John Czupkak, who serves on the ThreatQuotient board of directors, as saying.

As I have long maintained, state and local government can best promote economic development by doing its core jobs well: Deliver the highest quality government services at the lowest possible cost. Virginia doesn’t need to incentivize or subsidize cybersecurity to make it successful. Virginia community colleges and universities need to turn out more graduates with the skills the industry needs.

There are currently no comments highlighted.

15 responses to “Yeah, It Makes Sense for Virginia to Invest in Cybersecurity

  1. so.. is it the job of local and state govt to train Virginia kids to be able to get cyber security jobs or not?

    sometimes I have a hard time understanding the specifics of what you support .

    so how about it? Should our K-12 schools be preparing kids to graduate with the core education needed to go on to Community and 4yr college and get degrees in those fields?

    is that a job of govt or not?

    bonus question: would that cost us more money to re-configure k-12 and colleges to offer subjects specific to that field?

    • There are numerous colleges & universities that offer both undergraduate and graduate degrees in Cybersecurity around the United States. I would think a middle or high school student with some interest in the field would check with prospective colleges to see what prerequisites are recommended and, to the extent possible, take those courses.

      If it were shown that there were critical prerequisite courses needed to major in Cybersecurity that were not being taught in high school, it would be appropriate for school systems to look at the feasibility of adding such courses as electives. But, just as with pursuing any educational or vocational tract, the motivation must come from the student and her/his parent or guardian.

      Adult life does not come with handholding. It’s our job as parents and guardians to help our kids develop the skills necessary to live an adult life. Our schools should support this by making our students more and more responsible for making their own decisions and being responsible therefor, as they go through school.

      • Not sure I can agree, TMT, that “the motivation must come from the student and her/his parent or guardian.” Ideally it should, of course, but isn’t that a significant part of the problem we have making the transition from a manufacturing to a services and technology-based economy? That many of the parents who didn’t grow in that world don’t support their kids’ education in that direction? Anyway, given the strength of technology in northern Virginia I’m happy to see a shift in training to build on it, take advantage of it, even at government expense.

  2. TMT – I presume you have read this:

    ” Remedial classes have become a hidden cost of college”

    ” What’s striking about the report is it dispels the widely held belief that only low-income or community college students are saddled with remedial courses. As it turns out, 45 percent of students enrolled in such classes hail from middle- and upper-income families.”

    https://www.washingtonpost.com/news/grade-point/wp/2016/04/06/remedial-classes-have-become-a-hidden-cost-of-college/

    from the report: ” …. first-year remedial college students and families spent $1.5 billion on tuition and living expenses, including $380 million in loans, for content and skills they should have learned in high school.”

    so we attribute this to irresponsible parents ?

    do these kids taking these remedial classes have a good chance at a degree in cyber-security?

    nope:

    ” Full-time students seeking bachelor’s degrees that take remedial courses in their first year are 74 percent more likely to drop out of college. ”

    looks to me that we’re spending a LOT of tax dollars on something that is not only not producing good results but even lesser chances that they’ll get the higher level education they’ll need to actually succeed at the tougher areas like cyber-security.

    so the current system is fine and it’s up to parents and kids to make the right choices?

    honest question!

    • “Do these kids taking these remedial classes have a good chance at a degree in cyber-security?” Well, no, but also YES. They certainly start at a disadvantage; but the poor quality of so much secondary teaching of how to read and write and do simple math is well known — plenty of colleges have to offer remedial classes to get their admittees up to barely adequate levels for “high school graduates” in those areas — yet some of those same kids are smart as heck and can jump into a computer technology class and thrive — in part precisely because they don’t suffer from inadequate secondary education in THAT area because they learned about computers and such from their peers and on their own after school, not IN school. Half the elementary teachers my kids experienced didn’t know how to turn on a computer, much less use it efficiently!

    • Re: remedial classes. I’d like to see state law provide that, for every in-state HS graduate who takes remedial courses in a college in Virginia that receives state funding, the costs for offering the remedial courses are transferred from the appropriate K-12 school division and given to the affected college. Perhaps, this would need to be phased in over 5 years or so.

      We’d have a helluva lot fewer kids taking remedial courses.

  3. Cybersecurity is one of the most challenging areas of computer science. Practitioners are generally very well educated and have math skills much above the average. In other words, it’s hard to imagine cybersecurity as a mass employment opportunity. However, it is lucrative and Virginia businesses making a lot of money (regardless of how many people they employ) pay Virginia taxes. The relatively small number of people employed will be affluent and will want to buy houses that somebody has to build. They will want to eat in restaurants where somebody has to take the orders and cook the food. They will need lawyers to do estate planning, etc.

    No educational system can make up for proper parental supervision. I was on the board of a charity that helped economically disadvantaged kids in DC. Over the 12 years I was on the board we had an extremely good record of success (high school graduation, college or vocational technical school, etc). The reason we succeeded was because the program was completely voluntary. The kids who enrolled were pushed into the program by some adult (parent, grandparent, etc). Our kids were no smarter than the average kids in that neighborhood. They all went to the same public schools. But our kids were considerably more successful than average because some adult pushed them to take advantage of programs like ours.

    It’s a very rare 14 year old who is self-motivated to go to school and get good grades. Failed parents produce failed children. Harsh? Yes. True? Also yes.

  4. re: ” It’s a very rare 14 year old who is self-motivated to go to school and get good grades.”

    perhaps you missed this part:

    ” What’s striking about the report is it dispels the widely held belief that only low-income or community college students are saddled with remedial courses. As it turns out, 45 percent of students enrolled in such classes hail from middle- and upper-income families.”

    how do we explain this?

  5. Re “how do we explain this?” Crappy, boring teaching of bright kids in secondary schools.

  6. so the kids and their parents KNOW they’re not getting the education they need for college and that it’s going to cost them even more money for college?

    doesn’t this seem kind of stupid if the idea is to have their kids succeed and not be in debt up to their eyeballs.. and get a good job in the economy ?

    so this is the schools fault? Don and TMT think it’s the parents fault, eh?

    oh..and the report seems to say the problem is even worse with private schools!

    • Larry, WADR, you are looking at it from the wrong perspective. It’s not a matter of blame. Rather, it’s a matter of fact that a kid who has the attention of a semi-intelligent adult and who receives a message that this kid is expected to learn something is going to do a lot better in school than those kids who don’t.

      I believe this is true irrespective of gender, race, national origin or income. (Look at all the uber wealthy who have kids that wind up strung out on dope.) While the involved adult is generally a parent, other relative or guardian, any “present” adult can serve in this role. But a lot of kids don’t have this, and I don’t think schools can do much about this.

      As JFK said, “Life is not fair.”

      • @TMT – well these kids PASSED the SOLs , took and passed AP, and passed the SATs and got accepted into college and THEN were told they needed remedial help.

        so didn’t they do what their parents said and got good grades?

        what went wrong?

        • Larry, I’m confused. Is this a hypothetical question, or an actual situation that has been uncovered? Thanks for the clarification.

        • Remedial classes are an integral part of the money tree degree. For instance, a student spends three semesters doing remedial Algebra so he can qualify to take a required lower level math class.

          What’s wrong with this picture? The student had already completed two semesters of upper level statistics at a different school, but wasn’t credited for it until just before graduation. The two courses more than qualified for the needed coursework he wasted money on but didn’t even need.

  7. Virginia would be better off looking for that next innovative idea to expand the internet. That’s because with all the locks, keys, and reporting gizmos that cyber-security throws on the net, there is no bandwidth left for the Internet of Everything Else.

    Remember, the next time your email is slower than a snail, the Denial of Service attack you are experiencing probably originated inside your own computer’s cyber defenses.

Leave a Reply