Notes from the Silicon Valley Cybersecurity Summit: Part 2

September 30th, 2014 | Posted by Sarah Jones in Guest Blogs - (Comments Off)

NVTC is inviting members to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. Kathy Stershic of member company Dialog Research & Communications shares her insights below.


While the policy panel discussion at the summer’s Silicon Valley Cyber Security Summit pointed out the many challenges of governments trying to deal with the cyber threat, the second ‘Next Generation’ panel was all about the shortage of qualified talent to deal with the problem.

The good news – cyber presents a great career opportunity! As in, the industry needs lots of help. Now. The not so good news is that 40 percent of open IT security jobs in 2015 will be vacant. There simply aren’t enough qualified people to fill them. Technologies such as new threat intelligence and attack remediation products will continue to advance. That will help automate intervention, but there is still a need for people to skillfully apply them, and for others to create them in the first place in the face of a never-ending game of new threats. One speaker said that, as of only a couple of years ago, a new malware was detected every 15 seconds. Now two new malwares are detected every one second! The speakers expected that pace to accelerate exponentially.

There are a growing number of formal university programs in this area, but I was very surprised to hear that only 12 percent of computer science majors are female, and that population has been steadily shrinking for two decades. A marginal percent of those study cyber. So we’ve got a challenge with public engagement in the issue, an inadequate talent pool, and almost half of the student population not thinking about the problem.

Of course not all software learning is in the classroom and talented hackers do emerge. That is why General Keith Alexander [former head of U.S. CyberCommand] went to least year’s Black Hat Conference – while unconventional, he knew this is a place to find badly needed talent. There are also several incubator initiatives like  Virginia’s Mach37, and many startups are trying to get off the ground.

Another challenge is that CEOs don’t fundamentally understand the complex cyber problem, so they delegate the task to the CIO. [This reminds me of similar dispositions toward Disaster Readiness and Business Continuity Planning pre-9/11]. Cyber threat is another form of business risk and should be planned for as such. One speaker mentioned that there is expert consensus, even from VCs who are scrupulous about how money is spent, that for a $100 million IT budget, 5-15 percent should be spent on security. While panelists noted cyber threat is a top discussion point for many corporate boards, there is uncertainty about what to actually do to prepare.

This is a tough issue all the way around. One speaker suggested repositioning the brand message to what regular folk will respond to – protecting our national treasures, homes and quality of life, critical infrastructure and national security. Nick Shevelyov, Chief Security Officer of Silicon Valley Bank, summarized the issue: ‘the technology that empowers us also imperils us.” I’m hoping more of us come to understand that and step up.


Contributed by Kathy Stershic, Principal Consultant, Dialog Research & Communications

kstershic@dialogrc.com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week on the NVTC blog, Gretchen Frary Guandolo of Clearsight Advisors shares how the opportunity for big data professional services firms has never been greater.


Total big data revenue (software, hardware and services) reached $18.6 billion last year, up from $11.6 billion in 2012 (according to Wikibon), an impressive 58% growth over the previous year. No doubt the big data market is enormous and growing quickly, but one of the main inhibitors to growth is the lack of professional services firms focused around big data. Software, hardware and diversified IT services vendors are all on the hunt for the same target – professional services firms of scale focused on the strategy and implementation of big data projects. Clearsight recently represented Think Big Analytics in their sale to Teradata, a transaction that underscored the skyrocketing demand for big data services.  The sale process was highly competitive with bidders from several different market segments.  The opportunity for big data professional services firms has never been greater. The drivers behind the strong demand for big data services, include:

  • Few IP/tools exist that allow business users to easily implement and access Hadoop data in an uncomplicated, user friendly fashion
  • Special knowledge is required to navigate all the privacy/security/compliance moving parts and their implication on big data
  • A practitioner of big data is necessary to translate and mediate between all constituents around the table – line of business, c-suite and IT departments – to ensure a successful outcome.

As more companies boast successful Hadoop/big data projects, demand continues to grow, but there remains a divide in the approach to tackling big data projects. Big data consulting firms develop their own IP and toolsets because simple, business user- focused analytic packages accessing Hadoop data are not yet widely available. Software and hardware vendors have a challenging time selling their infrastructure products and deploying Hadoop solutions because their sale process requires a more consultative sale, implementation discipline, and technology skills of a big data consulting firm. The shortage of big data professional services skills is acute. As a result, at Clearsight we expect to see the larger product vendors, IT services firms,  ad agencies and many other sectors continue to hunt for acquisition targets to increase their big data services capabilities and address the growing need for big data professional services.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Notes from the Silicon Valley Cybersecurity Summit

September 23rd, 2014 | Posted by Sarah Jones in Guest Blogs | Uncategorized - (Comments Off)

NVTC is inviting members to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. Kathy Stershic of member company Dialog Research & Communications shares her insights below.


I was fortunate to attend Silicon Valley Cyber Security Summit over the summer, where I spent four hours indulging in the subject. The panel discussions were excellent, bringing perspectives from security technology providers, pundits, the Department of Homeland Security, congressmen, senators and executives from the outstanding Silicon Valley Leadership Group (#SVLG).

The first discussion centered around progress to date with Obama’s Executive Order (EO) issued in early 2013, and the potential for more formal cyber policy or regulation coming from the Congress. The cybersecurity problem offers a rare opportunity for the public sector to lead in a critical technology domain, but all of the day’s speakers emphasized the requirement for public-private partnership in addressing the challenge. There has actually been some good news around the Cybersecurity Framework, an outcome of the EO being driven by NIST, in which participation is voluntary but to which 3,000 private sector representatives have actually contributed. While governments actively push such information to the citizenry, companies need to share a lot more about what’s happening to them, what they’re learning and how they’re defending themselves – competitive concerns are keeping this constrained to date. Still, some progress is being made.

One of the biggest eye openers was the claim by several speakers that the public is just not engaged in this issue and therefore practices poor digital ‘hygiene’. I found this surprising and uncanny in the aftermath of the Target and Nieman Marcus’s attacks last fall, and the Aug. 5 revelation that a Russian crime ring had stolen 1.2 billion user name and password combinations and more than 500 million email addresses.

Senator Saxby Chambliss (R-Ga.) extolled the virtues of his and Senator Dianne Feinstein’s (D-Calif.) Cybersecurity Information Sharing Act bill, which made it through the Intelligence Committee but still faces stiff opposition from privacy advocates. Everyone agreed that what would spur Congressional action would be a real crisis – a big attack that causes a real national issue. We hope that we don’t have to endure a crisis to make progress, however. It is also possible for Federal agencies like HHS, DHS, the SEC and others to impose cyber regulations within their domains – some are already doing so. And states are stepping up too, with a plethora of unique policies. Beyond the U.S., each country will have its own policies as well.

In my opinion, the core issue behind the discussion was trust – citizens don’t trust the government, businesses don’t trust each other or the government, and the government doesn’t trust other governments. One speaker even joked that in the Silicon Valley, the NSA is seen as an ‘advanced persistent threat.’  Everyone is waiting for a cybersecurity crisis, which I believe will sooner or later. Let’s hope later.

My next post will discuss the country’s shortage of skilled cybersecurity workers.


Contributed by Kathy Stershic, Principal Consultant, Dialog Research & Communications

kstershic@dialogrc.com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week on the NVTC blog, Aaron Trionfi of LMI shares three business-friendly strategies to increase the value of enterprise architecture.


Enterprise architects have long promised significant benefits to their organizations. Using Enterprise Architecture (EA) practices, they can uncover operational and technical redundancies, pinpoint overspending, and identify technology gaps and other risks. Unfortunately, these promises are often unmet. Why? Lack of simplified, business-focused communications between EA teams and executives.

EAs define the business, as well as the information and technology needed to operate the business. Enterprise architects use frameworks to capture current and alternative future states of an organization broken down into related elements, such as business functions, data, and technologies. Too often, these frameworks don’t yield results that decision-makers can use to better understand the risks and opportunities facing their organizations.

As a result, many executives fail to recognize the potential value EA shops can deliver. To unlock this value, decision-makers must clearly communicate the business questions they want their EA shop to try and answer.

Similarly, enterprise architects must learn to speak the language of their stakeholders. Rather than developing EA outputs that only other architects can understand, they must present results in a form that decision-makers can more readily consume.

Implementing three key strategies will facilitate communication between enterprise architects and business leaders, and improve the success rate of EA efforts. To better support organizational-level decision-making, enterprise architects need to

  • Create a simple model showing how organizational elements relate,
  • Tailor communications for different audiences, and
  • Provide business intelligence-based analyses.

1. Create a simple model showing how organizational elements relate

Most EA frameworks include an EA model describing the data elements. Unfortunately, these models routinely are based on a fixed set of EA products that fail to help answer pertinent business questions. Further, because EA data models are often developed using a Unified Modeling Language (UML) class diagram or entity-relationship diagram, enterprise architects struggle to convey to non-architects the importance of the EA data model for answering business questions.

Instead of enterprise architects focusing on a laundry list of EA products, they should develop an organization-specific conceptual EA data model with many of the complicated modeling elements removed. This simplified model describes organizational objects—such as goals, initiatives, projects, and investments—about which an EA program might collect data. Once the model is created, conversations can revolve around how linking the different data areas allows EA shops to answer business questions pertinent to stakeholders. Figure 1 shows a simplified model and how to tailor a discussion of the model around how it can be used to answer a specific business question.

figure1
Figure 1: A simplified EA metamodel describing the objects of the organization about which an EA program might collect data. The model clearly illustrates the data needs of the EA program and how the data can be integrated to answer business questions. This organizational-level example helped decision-makers manage strategic information technology (IT) investments.

 

2. Tailor communications for different audiences

Enterprise architects need to tailor communications to individual stakeholders. For instance, for financial executives, the communications might focus on how linking investment data to systems and applications can help determine how a reduction in specific investments will impact the maintenance of current business systems.

Conversely, for a functional office providing services, the communications could focus on understanding the impact on services if the staff executing a specific business function is reduced. The vocabulary and frameworks used to describe the architectures must have business relevance.

3. Provide business intelligence-based analyses

Senior executives are pressed for time. EA programs often fail to connect with leaders because they cannot effectively summarize information.

The growth of the business intelligence field gives EA programs powerful tools to analyze data and illustrate results in easy-to-understand formats. For example, the heat map in Figure 2 summarizes the number of applications that support specific business functions related to financial management.

Senior executives can quickly see that the red areas have more business applications supporting them and are, therefore, better candidates to examine for IT redundancies. Traditional EA approaches would yield a complex matrix and force the audience to summarize the data themselves. By presenting an audience with targeted business intelligence, the enterprise architect can deliver information that traditional EA formats cannot to audiences enterprise architects typically fail to reach.

figure2

Figure 2: A heat map showing financial management business functions—color-coded by the number of applications supporting those functions. Red represents more applications, yellow a moderate level,
and green a lower level.

Organizational benefits

Although a departure from traditional EA methods, employing these strategies will deliver significant organizational benefits, including:

  • Information that is consumable by business leaders and architects alike,
  • A simplified and less costly approach to EA
  • Less need for personnel with advanced modeling skills, making EA programs easier to staff.

When business leaders and enterprise architects speak the same language, the success rate of EA efforts increases. Enterprise architects can position themselves as enablers of data-driven decision-making, and executives will finally realize the value of their EA investment.


Aaron Trionfi is a staff member of LMI’s Enterprise Architecture team. He has supported U.S. government agency EA programs for roughly 6 years. During that time, he has developed architectures using multiple frameworks and every layer of architecture. Dr. Trionfi earned a Ph.D. in physics from Rice University and uses this foundation to bring a strong analytic approach to EA.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Equity vs. Debt Financing: Pros and Cons

September 9th, 2014 | Posted by Sarah Jones in Uncategorized - (Comments Off)

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. In his latest post on the NVTC blog, Matt Rajput of CohnReznick shares his the pros and cons on equity versus debt financing.


Even though there are many sources of capital in today’s market—commercial banks, investment banks, private equity, venture capital, angel investors, mezzanine lenders, crowdfunding, and IPOs—there are generally three forms of financing that technology companies access when they need capital: debt, equity, and a combination of the two.  Choosing one form of financing over another is situational.  Debt financing may be more appropriate for technology companies with assets to offer as collateral, while equity financing may be more attractive to technology companies in need of both financial and strategic investments.us_02_vector[1]

Debt Financing

Debt financing generally requires repayment of the amount borrowed along with interest. However, debt is non-dilutive. This means that if you own 100% of your company before borrowing, you’ll still own 100% of the company after the transaction has been closed.  Early stage companies with less of a proven track record, or companies without sufficient assets to offer as collateral, may find debt capital too costly and the covenants too onerous.

Unless company owners have deep pockets, early stage companies may find debt financing to be difficult to obtain as financial professionals typically evaluate the company’s ability to repay its debt through operating cash flow as a condition of the loan.  And, as many early stage companies have little or no revenue, this presents too great of a risk to the lender.

Equity Financing

Equity financing may be more accessible for growing technology companies.   As opposed to debt capital, equity capital is dilutive.  Once shareholders consummate the deal, they will transfer all or part of the ownership of the business to the equity investor in exchange for capital.   Before an equity transaction can close, buyers and sellers must place a mutually-agreed value on the company, which is usually based on a multiple of actual or projected revenues or operating margin. To obtain the amount of capital that may be needed, a sacrifice of a substantial amount of ownership rights may be required. The upside is that the right investor can introduce operational and strategic resources in addition to financial resources, and this can be a major advantage. A key part of raising equity capital is to find the right investors who have industry experience and acumen, as well as connections, to help grow and improve the business.

Financing Alternatives

Other alternatives exist that offer a combination of debt and equity, such as convertible debt. This alternative begins as debt, but can be exchanged for ownership interests in the company if certain milestones are achieved. Lenders may also request stock warrants or other “sweeteners” in conjunction with issuing debt, so that they can benefit from an eventual sale.

Among other things, lenders or investors want to be sure that technology company owners are committed to the project, they’ve got some skin in the game, and that they are focused on the success of the company. Although an investor may be very supportive and excited about a specific project or venture, in the end, they expect to either be repaid or realize a return on their investment.


Matt Rajput, CPA, is an Audit Senior Manager with CohnReznick LLP and a member of the firm’s Technology Industry Practice. Working from the firm’s Tysons Corner office, Matt has eight+ years of experience servicing publicly-traded and closely-held companies in the technology sector and he routinely provides services to private equity and venture capital backed companies. Contact Matt at matt.rajput@cohnreznick.com. Follow CohnReznick’s Technology Practice on Twitter @CR_TechInd.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Increasing U.S. Competitiveness in the Age of Sequestration

September 2nd, 2014 | Posted by Sarah Jones in Uncategorized - (Comments Off)

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week, MITRE CEO Al Grasso discusses repatriation as a means to maintain or increase domestic research spending.


leadership_Grassoweb

Al Grasso, President and CEO of The MITRE.Corporation.

As the federal government trims support for research and development in response to budget pressure, U.S. competitiveness and productivity could take an unintended hit.  But there is an untapped gold mine that could offset the impact of budget cuts and channel fresh billions into research: nearly $2 trillion in accumulated offshore profits on the books of U.S. companies. One way to maintain or increase domestic research spending is to give industry an incentive to repatriate those foreign-held assets and invest in U.S.-based research activities.

House Ways and Means Chairman Dave Camp (R-MI) draft “Tax Reform Act of 2014” would do so by lowering corporate and individual tax rates, reforming U.S. international tax rules, and simplifying the tax code. While of great interest to policymakers and stakeholders, it is unlikely that such widespread reforms will be enacted soon. Hence, a smaller, near-term incentive is proposed while the debate rages over system-wide reform.

R&D seeds economic growth. A mature economy like that of the United States’ depends on its ability to discover and develop ideas that result in new technologies, pharmaceuticals and many other products.  It’s the key to maintaining U.S. leadership in an increasingly competitive global economy.

The federal government accounted for nearly a third (31 percent) of the nation’s spending on R&D, contributing more than $124 billion in 2009, the most recent year with complete data. While private industry invested $247.4 billion in U.S.-based R&D, private sector R&D is much more focused on development, rather than on basic research. In fact, only 21% of industrial R&D investments (some $50 billion) went toward basic and applied research.

Government has been more willing to invest in basic research, which is inherently more risky because practical applications may not be found until years or even decades later.  But the potential payoff is enormous.  The Internet can trace its origins to a basic research project in the early 1970s at the Defense Department’s Advanced Research Projects Agency.

The Budget Control Act and Sequestration will likely impose a 10-20 percent cut in government investment in research in coming years, and there is no ready replacement for those dollars.  Meanwhile, U.S. corporations with significant business operations abroad are awash in cash. A 2013 report by analysts at JPMorgan Chase & Co. estimated that all U.S.-based companies had $1.7 trillion in accumulated offshore profits. In addition, The Wall Street Journal reported last year that U.S. companies were accruing foreign held profits at a rate in excess of $150 billion annually.

In most cases, U.S. multi-nationals have not demonstrated great interest in repatriating the bulk of these profits due, at least in part, to the 35% tax that would be applied to foreign held profits (minus whatever tax a company already paid to a foreign government). Corporate leaders have long advocated a reduction or elimination of corporate taxes associated with repatriation, arguing that repatriated assets would be applied to job creation and investment in the U.S. However, a U.S. Senate review of a previous repatriation tax break in 2004 showed that companies simply increased spending on stock buybacks and executive pay.

So how can industry incentives be crafted to fill the research gaps created in critical technology areas as a result of reduced federal budgets? The answer: adopt a highly focused federal tax credit, in addition to current R&D credits, for repatriation of offshore profits re-invested in targeted research and development areas. The tax credit could be structured to provide variable benefit levels depending on the allocation of investments to basic and applied R&D in specific areas. So as not to repeat the outcomes of the 2004 repatriation tax break, the proposed tax credits must be awarded on accurate and measurable criteria tied to sustained investment directly associated with R&D spending in the targeted areas.

For U.S. companies to be willing to repatriate assets and invest in U.S.-based research, they must believe they will earn a better rate of return than they would by keeping assets overseas. Investing those dollars in basic research would create a funding pipeline that makes good sense for the country from an economic perspective, for companies and for jobs in the U.S.

If research tax incentives would lead to 20% of annually generated foreign profits being repatriated each year and even a smaller percentage of foreign held assets over a multi-year period, it could have a significant impact on domestic R&D spending. As a first step, a time-constrained tax holiday could be introduced to test the hypothesis, examine the accuracy and measurability of stated investments and refine the criteria for a more enduring policy.

If an appropriate implementation of an R&D based repatriation tax credit can be developed, it would promote continued U.S. competitiveness and productivity growth while also increasing the prospect for high tech jobs across the country despite declining federal research spending.


Approved for Public Release; Distribution Unlimited. Case Number 14-3037

Alfred Grasso is president and CEO of The MITRE Corporation. His affiliation is provided for identification purposes only, and is not intended to convey or imply MITRE’s concurrence with, or support for, the positions, opinions or viewpoints expressed.

©2014 The MITRE Corporation. ALL RIGHTS RESERVED.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS