Boston is a major cybersecurity hub and industry leaders say it’s for several unique reasons.
As one of the oldest cities in the US, Boston’s economy is built on hundreds of years of history. The Greater Boston region is a thriving hub for financial companies, healthcare firms and other highly regulated areas such as defence. The blooming culture of innovation, education and regulation is especially visible in the Boston cybersecurity realm.
Carbon Black is a leading endpoint security firm based in Waltham and its CTO and co-founder, Michael Viscuso, said Boston’s success is down to three key factors: “great open jobs, a desire to innovate and motivated young talent”.
Education is key
Prestigious centres of excellence in education are a hallmark of the area, with more than 60 colleges in total, including Harvard, MIT and Northeastern to name but a few. According to CEO of third-party vendor risk management firm BitSight, Tom Turner, many of these institutions have “really good computer science departments that started to offer cybersecurity programmes earlier than other universities”.
The Massachusetts government is also a linchpin, said Steven Bearak, CEO of identity theft protection firm IdentityForce. He noted: “State government has supported the industry through funding, education, and the creation of forward-thinking policies and programmes.”
Cloud-based cybersecurity start-up GreatHorn was established in 2015 and its CEO and co-founder, Kevin O’Brien, noted that in general, infosec is becoming more important: “We are at critical mass when it comes to cybersecurity.”
Viscuso added that the people who are entering into the field are generally passionate about their work. “Very few people get into cybersecurity by accident. Most, I’d say, are drawn to the career and are looking to become the equivalent of a modern-day superhero.”
This sentiment was echoed by O’Brien, who said: “Cybersecurity is an area where you don’t have any amateurs.” The cluster of prominent computer science educators and prestigious institutions attracts people who are keen to make the digital world safer through technology.
Prestigious colleges such as MIT (where the co-founders of BitSight met) and Harvard attract some of the brightest minds to the area. These savvy individuals are invariably up for testing their skills, Viscuso said. “Cybersecurity is a demanding and exciting job. People are intrigued by that challenge.”
The Greater Boston area also has history on its side, giving it an air of confidence. As O’Brien eloquently put it, it’s “a market that understands that it’s a centre of excellence”. For example, RSA began in Bedford, Massachusetts, more than two decades ago, creating the seeds for the flourishing market today.
Executive vice-president of global business development at privileged access security firm CyberArk, Adam Bosnian, put it simply: “Massachusetts is a natural home for analysts and thought leadership in cybersecurity.” He added: “The history of cybersecurity in Boston means it has become an epicentre, which leads to more expertise coming to the area and more success as a result.”
A unique market
Looking across the US, there are also cybersecurity centres in areas such as Silicon Valley and Atlanta, Georgia, but Boston has a couple of unique advantages apart from education.
“The east coast is a great place geographically to address the 50pc of the global cybersecurity market that is the US and the next biggest market, EMEA, just a relatively short hop away,” Bosnian noted. Turner said that there is a strong culture of staff retention in the ecosystem: “[Companies are] very focused on hiring and retaining long-term talent.”
Bosnian said that Boston’s older, more entrenched industries create a large and unique market demand. “Our proximity to a customer base that includes major cybersecurity early adopters – big global banks, for instance – means Boston cybersecurity businesses can not only build solutions, but sell and iterate them in large-scale environments.”
Bearak said it is an exciting place to be. “Roundtables and events for networking, along with trade events, happen frequently and it’s inspiring to have front-seat access to this world here in Boston.”
The companies are in one of the most diverse ecosystems in the world and the threats that pique the interest of infosec professionals in the area are just as varied.
For CyberArk, complexities of cloud migration and regulation such as GDPR are major points. For all of the companies Siliconrepublic.com spoke to, the increase in persistent attacker innovation and data breaches is a crucial issue that needs continuous mitigation. O’Brien noted that attacks have changed from volumetric to targeted in nature.
Viscuso said the bubbling geopolitical tension in cyberspace is something Carbon Black keeps an eagle eye on. “They [bad actors] are attacking not only governments and elections but also businesses of all sizes. Virtually anyone who has data that can be used for espionage or monetisation is a target.”
It’s clear then that the mixture of talent, history, education and geography has created a thriving and exciting cybersecurity hub in the Greater Boston area, from Waltham, Bedford and Cambridge to Boston itself. This looks set to continue as more and more enterprises come to the realisation that cybersecurity is not just box-ticking, but an integral component in every successful organisation.
Updated, 3.29pm, 18 September 2018: This article was updated to reflect that Adam Bosnian is the executive vice-president of global business development at CyberArk, not the CEO.