Thursday, February 16, 2012

Starting a defense-focused cyber technology company

My posting frequency seems to have declined precipitously, both due to busyness and the usefulness of Twitter to share interesting technical news/articles. (If you're not already on you should be!)

Thought I'd write an article about what I've learned while starting Siege Technologies. I started the company in 2009 with my friend Sam Corbitt who I'd known since I was a rookie engineer. 2011 was another successful year and we continue to grow at a great pace. That growth has been exciting but definitely limits my ability to write up interesting stuff as much as I'd like but the experience might be interesting to read about for those contemplating a similar move (you know who you are!), or who  started down the path recently (Hello Digital Operatives, Apogee Research, Exception Technologies, and Trail of Bits!)

One of the principals behind the company was to implement what Jim Collins calls the Hedgehog Concept. That is, to figure out what you are passionate about, what can you be the best at, and is there a market for that skill? Find the intersection of those factors and focus exclusively on that. So many times when I was at DARPA I would be approached by business development types from companies (who I will leave nameless to protect the guilty!) and I would ask them that question, "What are you the best at?", or "When I think of x, I should think of you guys." Far too frequently they either couldn't answer or would smile coyly and say "We're good at whatever you want us to be good at!"

At the same time, I saw (mostly small) companies that focus on excellence getting snapped up. SI Government Solutions got bought by Raytheon. Crucial Security was snapped up by Harris. I'd already watched Ravenwing bought by Boeing and saw first hand Alphatech acquired by BAE SYSTEMS. And there were many others. Most of the big companies wanted more "cyber" in their lives and often didn't really know how to build it from a technical perspective (or, what to do when you had it on your hands!) Some tried hiring people with "cyber" on their resume or buying any company that had computer & security somewhere in their capabilities description. (Raytheon dominated the acquisition field though, going from practically no real capability to owning SI Govs, Pikewerks, BBN, Tek Associates all in a couple of years, an impressive run! Unfortunately they scattered them across competing business units, a problem that big firms encountered - not unique to them!)

Simultaneously, these and other companies were bought and integrated while new, innovative firms were birthed and the natural corporate life cycle continued. Siege was formed to concentrate on innovative technology development to solve cyber/CNO/computer security problems. We would aspire to be the best in the country at low level computer security technologies. To build those, we'd integrate hacker type software engineers/researchers with PhD-style researchers who can still implement technical solutions. Our team would focus on supporting government and commercial customers looking for advanced technical solutions.

To be the best, we had to have some unique advantage or combination of advantages that were unique. I decided to combine a focus on talent (and provide a corporate culture to enable recruitment and retention of said talent) with a focus on idea generation/innovation, customer support and corporate flexibility. We were originally going to be in two places, Boston (actually the nice and much less crowded suburb of Manchester, NH!) and DC but also opened up an office in Rome, NY because of a really talented guy I really respected who wanted to join but didn't want to move.

We put a lot of stuff in place (benefits, bonuses, recruitment avenues, etc.) to support bringing in great engineers and scientists. We turned down lots of work that wasn't centered around R&D (IT security, software development, etc.) to maintain our focus on innovation and high end talent. We turned down work that was R&D, but out of our "swim lane" to maintain our focus on cyber security. We really encourage new idea creation, both as a culture and as a business and have dozens of ideas we've generated. That allows us to pursue only the ones that have impact or capture a partners attention and treat ideas as commodities to be utilized and explored, rather than a few precious gems to hide from the world lest it be stolen or compromised in some way.

Another approach that has been key has been building relationships through the process. I asked CEOs of companies I admired to serve as advisors and whenever they were permitted they agreed to do so. Also, we built informal relationships with people who provided great advice. One of the best pieces of advice came from Chris Ramming, who advised us to focus on bringing in work first and not getting lost in the details of starting the firm/infrastructure. Build the base first, and the rest will get figured out later... but there will be nothing without customers.

We built strong relationships at bigger firms (including Boeing, Lockheed Martin, Northrop Grumman, Raytheon, and others) that looked to cultivate small, innovative firms in a mutually beneficial arrangement and had some great partnerships with other small/medium sized firms as well. And we interacted with the larger business/support community, receiving help from the ABI Innovation Center, to our local bank and even Senator Shaheen early in our development to resolve a major government paperwork mix-up that threatened to sink the firm. We tried using the SBA, the SBDC, and various other small business/entrepreneurial support groups to no avail (although the SBDC gave a little feedback on an early business plan and has a nice filter to find government opportunities off the terrible FBO site.)

Doing all of that, while maintaining my priority (my family) and maintaining healthy growth was not easy but it's actually gone pretty well.  The credit goes to the people outside of Siege who've helped us along the way and especially the people who decided to join Siege, build the tech and make it the company it is now. And most all, the graciousness of God, who allowed market trends/career movements/people to coincide perfectly and made it all come together. I'm just along for the ride, my job is to try to make sure I don't screw up a good thing while it's going!

I'll probably include some more stories in the future with the normal cyber stuff. Would like to highlight some of the cool people/organizations that've been part of the process.