3 Reasons Why M&A Will Continue to Thrive in 2015

February 17th, 2015 | Posted by Sarah Jones in Guest Blogs | Member Blog Posts - (Comments Off)

This week on NVTC’s blog, guest blogger Gretchen Guandolo of member company Clearsight Advisors discusses the success of M&A in 2014 with the return of gargantuan deals, largely seller-friendly transaction structures and premium valuations, and offers three reasons why 2015 will be just as successful.


dollar-exchange-rate-544949_1280In what was widely considered a banner year for M&A, 2014 was the return of gargantuan deals, largely seller-friendly transaction structures and premium valuations. In spite of the turbulent equity markets being driven by fluctuating oil prices, a gathering storm in Europe, and uncertainty around rising interest rates, we at Clearsight are already seeing the makings of a very big M&A year. Globally, investment banks are seeing increased deal flow and expanding pipelines. Our team is already out to market with several deals that are garnering high demand and premium valuations from a number of unique buyer groups. We expect the rising M&A tide to continue through 2015, as we believe demand for niche leadership positioning, strong growth trajectories, and seasoned management teams is unlikely to dissipate. First, a few fun facts from 2014 that will continue the momentum through 2015:

  • In 2014 there was $3.5 trillion worth of global M&A activity, which is up 47 percent from the year before
  • Global private equity investments totaled at $561.9 billion. That’s the highest figure since 2007, and a 43 percent bump over 2013 – with 60 percent of 2014 buyout activity focused on add-on investments
  • Venture capitalists disbursed a massive $87.8 billion (compared to $50.3 billion for 2013) via 7,731 deals
  • Companies raised around $249 billion in global IPOs in 2014, which was the busiest year for new listings since 2010

So what do we expect for this year?

  • There is likely to be a frenzy of activity in certain verticals, including: healthcare, energy and technology. Technology continues apace with no sign of slowdown and while the energy sector is harder to predict, one thing is clear – disruption in a regulated industry makes for a great M&A environment
  • Investor interest in certain technologies is likely to grow. Some of our favorites include: customer experience, big data, and human capital management. Technologies that enable us to get into the minds of customers and lead them on a journey to experience and buy a product has become the goal of retailers, financial services companies and even government! We see the market of big data continue to evolve and mature. This year will be a great growth year for data analytics consulting businesses who leverage Hadoop and other open source technologies to deliver predictive behavior, lower costs and drive increased revenue. Human capital technologies will continue to surge as employers seek out the best talent and retain and train individuals in a hyper competitive market.
  • As seen in 2014, both private equity and strategic acquirers will drive robust market competition. Nearly all of our processes include both strategic and financial buyers and as private equity grows increasingly aggressive in pricing in an effort to put money to work, we see strategic buyers dominating 2015.

Growth will continue to be the main driver of valuations throughout 2015. Premium multiples go to the companies with a demonstrated high growth track record and robust pipeline for future growth. Growth eclipses profitability through 2015.

 

 

 

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week, the NVTC Digital Strategy Committee writes about the group’s recent event on digital strategy and public safety, featuring Fairfax City Fire Department Chief Richard R. Bowers, and how it revealed several very interesting and useful challenges for the NOVA business community.


The Northern Virginia Technology Council’s (NVTC) Digital Strategy Committee (#nvtcdigstrat) recent event regarding Digital Strategy and Public Safety, featuring Richard R. Bowers – Chief, Fairfax Fire Department – revealed several very interesting and useful challenges for the NOVA business community.Not least of which was the current challenges around focused, resourced digital strategy planning across the County constituent agencies, and among local jurisdictions.Many targeted capabilities and improvements in “front-end” digital tools, outreach and engagement, plus initiatives on the “back-end” to handle system-specific data and information management are certainly underway, but information-sharing among the public safety stakeholders – businesses, government and the public – remains a strategic planning, governance and education hurdle to address. In other words, a B2G2C digital strategy challenge.NVTC Digital Strategy with Fairfax Fire Chief Richard Bowers

“Simplicity” was a key concept – that seems hard to maintain in the first responder settings, particularly with the profusion of both new technology equipment and situational data. Chief Bowers illustrated the challenge with local EMS responders – on route or on scene -having to quickly use and interact with at least 5 separate kinds of equipment:

  • EPCR (Electronic Patient Care Reporting)
  • CAD (Computer Aided Dispatch)
  • MDC (Mobile Data Computers)
  • NCR (National Capital Region) Patient Tracking System
  • Mobile Phones, iPads and Radios

The variety of interfaces, variety of data granulation, variety of authentication methods – it all adds up to what can be a burdensome expectation on responders, which creates higher risk in areas of data quality and security, process coordination and mission efficiency. This hinders, therefore, the ability of the entire responder community to deliver optimal outcomes – in spite of the number and types of technologies available and in use.

Furthermore, as the technologies available to both the responders and the public become more pervasive, easy to operate and use – for collecting or contributing incident reporting, sensory feedback and overall situational awareness data – it’s simply too difficult to add these inputs to the mix in a way that avoids information overload, or worse, information degradation or errors. There’s no common information architecture that anticipates a proliferation of device inputs, mobile and social channels.

A standard “dashboard” visualization service for use in the field, to quickly access the various systems and growing information sources, was also mentioned as a highly-desirable capability – particularly a dashboard to sensitive systems and protected information in a BYOD environment – i.e. on personal cellphones or tablets. A related need surfaced above the actual dashboard of the response vehicles and fire engines – actually having “heads up” display on the windshield of incident information, particularly GPS and route data.

Fairfax 2015 Police and Fire Games

The Committee was also briefed on the upcoming World Police and Fire Games, coming to Fairfax County at the end of June this year (2015). It’s anticipated that over 12,000 athletes and family/guests (over 30,000 in all) will attend the games, and that Fairfax County will experience tremendous global attention, regional pride and local economic benefit from hosting the event. Over 2000 volunteer slots remain open, along with many sponsorship opportunities for businesses, organizations or individuals. The Fairfax 2015 Games Website maintains all information for athletes and all other participants, from local accommodations and event venues, to a robust social community and online marketplace.

The NVTC Digital Strategy Committee looks forward to more collaboration sessions with the Northern Virginia public safety and First Responder community, and will continue to support information-sharing about B2G2C digital strategies.

Thanks to the NVTC event sponsors, speakers, coordinators and volunteers, including:

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week, NVTC member company Carpathia discusses the upcoming year, predicting a transformative 2015 for government agencies and enterprises.


At the start of a new year we have the opportunity to look ahead and think about what trends will likely shape the coming months. 2015 is poised to be transformative for government agencies and enterprises, as an increasing number of organizations look to modernize their computing environments, expand their focus on secure and compliant hosting, and meet the growing demands of an increasingly mobile workforce. What trends will we see emerge this year?

Here are the top seven predictions we see for 2015:

  1. Hybrid Cloud Grows Up and “Gets Real” – Out of the buzz created by incredibly rapid IT technology advancements, the industry will finally emerge with a firm understanding of the gamut of “hybrid” options thanks to best practices derived from real-world cloud deployments.
  1. Compliance’s Operational Impacts Will Continue To Expand – Are your prepared to pass that next audit? After years of struggling with time-consuming and complex compliance processes and procedures, enterprises, agencies, and auditors alike will be even busier! But there is some light at the end of the tunnel – and it comes in the form of automation.
  1. Privacy Will Be Everywhere – Whether it’s electronic protected health information (ePHI) driven by ACA or information traveling between public and private cloud environments, harnessing and protecting data will be a focal point of every government and enterprise IT initiative.
  1. Agencies Get Cozier With Public Cloud – Government cloud computing adoption will hit its stride. Agencies will finally start moving a great number of workloads (and even some mission-critical ones) into the public cloud with FedRAMP authorized providers.
  1. Verticalized Cloud Communities Become the Next Boomtowns – There’s no one-size-fits all when it comes to cloud. As a result, industries with common compliance standards, such as healthcare, will turn to cloud service providers that can act as community organizers or hubs. In 2015, we’ll see the increasing emergence of vertical-centric cloud communities that can effectively cater to industry-specific needs and requirements.
  1. New Tools Will Enhance Infrastructure and Application Performance – Spurred on by rapid software development, software-defined networks, and faster hardware technology, rapid maturation of industry tools and services will help organizations enhance the performance of IaaS, public, private and hybrid cloud solutions in the coming year. Expect affordable resources that will extract even more value in the form of greater flexibility, security and self-service, alongside service-focused offerings from providers.
  1. Real-time Data-Centric Decisions Are the New Norm – In 2015, we’ll see IT-enabled data-centric decisions across platforms become common practice for many organizations. Deeper insight into usage patterns and greater visibility into network operations and performance across computing infrastructure will allow organizations to make better-informed decisions about workload allocations and respond faster to enterprise nee

Do you agree with Carpathia’s predictions? Let them know on Facebook or Twitter. In addition, follow NVTC on Facebook and Twitter! We would love to hear your thoughts on what trends will be game-changers in 2015.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Finding the Right Teaming Partner

December 22nd, 2014 | Posted by Sarah Jones in Guest Blogs | Uncategorized - (Comments Off)

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week, Stu Funk of LMI and Amy Deora of Summit share teaming insights from a recent project.


Many factors drive teaming partner success. Whether you are looking for the right set of skills to meet client requirements, or the ability to quickly turn quality proposals, it is important to be strategic about teaming. Stu Funk of LMI and Amy Deora of Summit recently partnered on a cost savings analysis of the Department of Housing and Urban Development’s (HUD’s) energy investments. They share their insights on teaming strategy.

Q: What do you look for in teaming partners?

Stu Funk: We view small business partnerships as essential to LMI’s health. We look for small businesses with strong management that help us better understand client problems and meet niche needs. When an opportunity arose in support of HUD, we felt that Summit was a great fit, given its strong track record with the client. We also felt the project showed promise in advancing how agencies measure energy efficiency. Summit brought key analytical capabilities and organizational knowledge.

Amy Deora: We often look for the opportunity to be on a team where we can use our core competencies in partnership with a firm that has a different set of competencies, which ultimately allows us both to reach a greater breadth of projects than either firm could complete alone. For example, for our current partnership, LMI brings subject matter expertise in best practices in energy efficiency programs, whereas Summit provides methodologically rigorous utility consumption modeling, while other teaming partners bring expertise in affordable housing policy. In this way, we’re more than the sum of our parts and can provide comprehensive approaches to client problems.

Q: How does “culture” affect your choice in partners?

Stu Funk: As a not-for-profit consultancy, a client-focused culture means everything. We are fortunate that profit is not the driving force behind how we vet and deliver projects. We place our clients first and we like our partners to do so as well. We find this mindset makes a difference in the quality we deliver. Summit showed care for solving our client’s problem before worrying about the bottom line.

Amy Deora: Summit’s most fruitful teaming partnerships also come from mutual client focus. LMI has been a good fit for us because of this shared priority. In cases where teaming hasn’t worked well or we decide against embarking on the project together, it usually is because the firm lacks the same focus on client satisfaction.

Q: What do you bring to your teaming relationships?

Stu Funk: We strive to be an excellent teaming partner. While we need to consider the financial success and sustainability of our small business partners, we are committed to supporting them where we can — from offering access to project management systems to providing training and market intelligence. With Summit, we have discussed “capture” on other opportunities and our current work led to some new work for Summit within the same office.

Amy Deora: Even though Summit is a small business, we know it’s a two-way street when teaming with a larger business. We don’t just expect a large business to bring us opportunities; we need to provide them as well. We have strong client relationships and subject matter experts that can bring our partners, even those that are much larger firms, into new lines of business, or engage them to provide additional support on our ongoing projects. Small businesses can be the leader in this way, opening up networks for larger businesses, while benefiting from larger firms’ bench strength.

Q: What advice do you give someone who is testing the waters of a new teaming relationship?

Stu Funk: The ultimate goal with teaming partners is to craft a plan that solves a client problem. Make sure client needs are being addressed up front, so that you not only bid and price effectively, but you deliver on your promises. From the outset, you and your teaming partners should be in agreement on what needs to be delivered.

Amy Deora: Setting clear expectations from the beginning is key, especially in large, complex, and fixed-price projects. Even in the business development stage, clear roles and responsibilities should be determined. Be honest with your potential teaming partner about any potential staffing “holes” or any areas in which you do not have strong qualifications so that you can all better prepare to serve each other and your client.


Stu Funk leads the energy and climate change practice at LMI, a not-for-profit consulting firm dedicated to advancing the management of government. He has 38 years of experience in energy and logistics planning and execution, climate change planning and management, strategic planning, facility planning and recapitalization, weapon-system acquisition, and resource analysis

Amy Deora is senior manager in the applied statistics and economics practice group at Summit, a data analytics advisory firm that guides federal agencies, financial institutions, and litigators as they decode analytical challenges. More about her background and experience can be found at the Summit website.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week, Kathy Stershic of member company Dialogic Research and Communications shares how public sector CIOS can and should prepare to take advantage of the Internet of Things while creating a secure, trusted foundation for the long term.


Gartner defines IoT as “the network of objects that contain embedded technology to communicate and sense or interact with their internal states or external environment.” At present, that generally means a machine-to-machine connection, although an expanded ‘Internet of Everything’ may well evolve to include people-to-machine and process-to-machine connections in an ever-growing ecosystem.While select commercial applications are beginning to appear, at this very early stage IoT is one area in which Public Sector IT has a unique opportunity to lead—creating large scale deployments driven by constituent demand, growing security threats, and the economic imperative to “do new with less.” For example, smart street lighting solutions can reduce crime while saving money; combined water management, smart grid and waste management can yield greater ROI on energy investment; connected warfighters can bring dominance to the battlefield, faster.

While the opportunities are many, so are the risks. IoT presents exponentially increased threats in a dynamic landscape. There is no more network perimeter. Embedded, non-standardized sensor hardware creates an increased number of connected threat points, many of which will result from the ‘smartification’ of traditionally dumb devices never intended for software or IP and built by manufacturers not accustomed to thinking about digital security.

There is a pending vast amount of data to be generated by new sources—how must it be secured as it moves and permutates? The public internet is highly vulnerable, but even isolated networks are not impermeable— think back just a short time to Stuxnet.

Human error is a leading security concern, whether due to inadequate data security policies, non-adherence to existing policies, intentional malicious acts, or even the increasing shift to BYOD.

IoT success hinges on trust, making privacy another major issue. What data is captured and stored? How? Who owns it? How may it be used? How should and will it be protected through its use cycle, and by whom?

While these challenges apply generally to IoT deployments, the Public Sector faces some truly unique and consequential situations. Consider the implications of generating data that precisely reveals the location of dismounted soldiers in combat, the specific timing and location of municipal buses en route, safe campus video monitoring, or public health threat information, to name just a few.

Given the enormous changes that IoT will eventually bring, Federal regulation and policy are inevitable but will remain unclear for some time, politics being what they are. State and municipal-level policies vary greatly. Policy needs to be appropriately aligned to possibility for each environment, but some formidable issues must be addressed first:

-          Data Collection. Many public sector mission and business leaders want to collect data from untrusted sources that can facilitate better, faster decision-making, such as improving threat, health or environmental analysis. But many current cybersecurity policies conflict with data collection, limiting what can be captured. The pressure is on IT to open up, yet security can’t be compromised.

-          Cybersecurity. To date, the market has been served with a complexity of disparate point solutions, mostly focused on prevention. Defense will always be the priority goal, but with malwares proliferating at two per second (and accelerating), a 100% prevention strategy is simply not possible. Malicious actors need to be right only 1% of the time or less to permeate the firewall. Therefore, it’s not only prudent but necessary to prepare for the full aBack conCnuum―before, during and aEer. An appropriate solution requires layers of security that span prevention, halting an attack in progress, and accelerating remediation after it occurs.

-          Bandwidth will always be limited, but data volume is only growing, with much of it useless—driving the need for edge-based data analytics to ensure the flow of just the most relevant data to those who will make use of it. Policy must guide what is considered most important and relevant, and who needs to receive what level of information.

-          Cloud. Not surprisingly, as adoption of cloud-based services increases, incidents of cyber-attacks on cloud environments are now nearly on par with attacks of on-premise equipment. IoT connectivity will force a growing intersection of domains in the cloud environment: sensors and networks, IaaS and SaaS, Big Data analytics—yielding an increasingly expanded and vulnerable enterprise environment. Persistent security enforcement and information management policies are needed, where responsibility is shared between the service provider and the customer, to protect the data and the devices and people connected to it.

What then must CIOs consider when preparing for Trusted IoT deployment?

Given these challenging issues, Public Sector CIOs should lay some important groundwork when embarking on their IoT journey:

-          Carefully plan the number and scope of initial IoT deployments that an organization can afford to undertake, including the investment in the needed people and skills, applications, analytics technologies and risk mitigation required to capitalize on the opportunity value: IaaS/SaaS, cybersecurity and Big Data. In an era of ridiculously tight budgets, existing infrastructure must obviously be leveraged as much as possible.

-          Establish and maintain trust throughout the data lifecycle. Consider solutions like Suite B encryption (devised by the NSA), which secures data out to the tactical edge. Reliable firewalls between cloud and fog network nodes are also needed. Beyond the technology, only capture data that is truly needed for the business or mission purpose, then be transparent with citizens and stakeholders. Let them know what is collected, why, how it’s used, and how it’s managed and protected. Provide easy opt-outs when possible.

-          Prepare for the full attack continuum. Design a robust security platform rather than approaching security from a point-topoint perspective. A combined hardware and software platform managing the connection, the applications, the devices and the data will enable CIOs to more readily enforce security policies and provide for security persistency. Correctly applied analytics can identify an attack in progress and help to remediate damage more quickly, but this approach will require intelligent information stewardship along with tight security.

-          Educate the workforce. Push security messages frequently. Set reasonable access and geo-fencing policies that balance the desire for expanded data collection with the need for security, then enforce them as much as possible. Revisit them annually to assess and accommodate changing stakeholder requirements.

-          Explore innovation partnerships with the private sector to create technical and policy solutions to IoT challenges. Feasible solutions can later be adopted cross-domain to maximize the potential benefits.

The Internet of Things has the potential for sweeping disruption, perhaps on par with only a few milestones in recent history such as World War One and the Industrial Revolution. While IoT may forever change the way public sector leaders protect and serve, trust is paramount to IoT success. Constituent participation will be weighed as a trade-off for utility received, such as a better citizen experience or increased public safety. Thoughtful, holistic planning should include not just the technological, but the fiduciary, legal and ethical aspects that will engender trust and drive to the greatest public good.


Kathy Stershic is Principal Consultant of Dialog Research & Communications, a consulting firm serving IT Executives through thought leadership messaging and informed, strategic communications planning. kstershic@dialogrc.com; blogging@dialogrc.com; @kstershic

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week, John Beveridge of Rapidan Inbound shares insights both on closing deals as well as developing a business that you want to close from the Nov. 20 Small Business and Entrepreneur and Business Development, Marketing & Sales joint committee event.


One of the most difficult things for tech companies, or any company, for that matter, is creating revenue from your technology. Unfortunately, it’s not a matter of build it and they will come.On Thursday, November 20, the Small Business and Entrepreneur and the Business Development, Marketing & Sales Committees hosted a joint event titled, “The Art of the Deal – How Successful High-Growth Companies Close Deals.”

Hosted by Samantha Smith of Etail Eye, the event featured 3 executives from high-growth companies who shared their experiences on how to best generate revenue. Panelists included:

Marty Kaufman, VP of Operations, WeddingWire

Chris Marentis, CEO, Surefire Social

Carolyn Parent, Chief Experience Officer, Gravy

The panelists shared insights both on closing deals as well as doing the things you need to develop business that you want to close. Here are some of the tips the panelists shared.

  • A good way to start developing business is to develop your personal brand as well as your company brand. Creating good content is a great way to develop your personal brand and anyone can do it. Chris Marentis started Surefire Social with an eBook.
  • Economic down times create opportunities for new businesses. Carolyn Parent recommended that new businesses take what they can get and show results quickly. You may want to land that Fortune 500 account, but if a good SMB opportunity arises, take advantage of it. To close business, find some way to show them value quickly, even if it’s just a needs analysis.
  • New businesses can take advantage of sales technology to qualify new business opportunities. Marty Kaufman shared how WeddingWire’s data scientists use predictive analytics to help them target their business development resources to maximize revenue. Don’t overlook the affordable SaaS sales technology resources available to you.
  • Depending on which market you serve, your sales strategies will vary. B2C companies should look to create viral buzz around their products and services while B2B companies should position themselves as valued business partners to their customers. The B2G market moves at a glacial pace and sellers need to be early to the party.

These were just a few of the insights the panelists shared at the event. Want to learn more about business development, sales and marketing? Come to the next committee meeting on December 16.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week, David K. Shepherd of LMI shares six strategies for reducing loss from data breaches. Check out previous blogs from LMI on a business-driven approach to IT decision-making and three business-friendly strategies to increase the value of enterprise architecture.


David Shepherd

David Shepherd, senior consultant and member of the Systems Development Group at LMI.

It’s no secret that data breaches are on the rise. These security rifts cost U.S. organizations an average of $195 per protected personal data record lost or stolen, with total costs averaging more than $5.8 million per organization breached. What may be surprising is that well-intentioned employees could be putting your data at risk..

How? To meet deadlines and collaboration requirements, employees skirt security rules protecting confidential documents by using personal email addresses and free file sharing services. Focused on completing tasks, they are unaware of the risks.

MeriTalk research shows that nearly 50 percent of federal agency security breaches are caused by security noncompliance. Forrester data reveals that the top reason for breaches (36 percent of companies surveyed) is inadvertent use of data without clear knowledge of polices. The problem is exacerbated by the proliferation of mobile devices that connect to cellular and Wi-Fi networks and upload data to the cloud.

Why do users bypass security? They take these risks to complete tasks within tight deadlines. They recognize this isn’t the “right” way to share documents, but feel they have no other options. Common complaints:

“Due to mail server size limitations, I cannot send a large file to my client.”

“Neither my client nor my company has a file-sharing tool.”

Balancing data protection and productivity

Increasing the number of security rules will not decrease employee data losses. The following six recommendations can help organizations balance the need for data protection, policy clarity, and productivity.

1) Understand employee needs when setting security policies

Engage users so you understand their day-to-day work and why they bypass security. Anonymous surveys and best practice initiatives are helpful tools. Consider granting amnesty to ensure you fully understand the problem. If your employees are using Dropbox, Box, or Google Docs, they are saying they need better storage and collaboration tools.

2) Conduct consistent, regular staff training at all levels

PricewaterhouseCoopers research reveals that most businesses invest only up to $400 per employee per year on cybersecurity training. The big exception is financial institutions, which typically spend $2,500 per employee each year. Employee training must be ongoing and pervasive—not an annual ritual. It must also include executives who are more likely to have data on multiple devices.

3) Provide a secure, flexible, and easy-to-use file-sharing tool

Employees started using cloud storage because providers offered free services with easy-to-use interfaces. These companies also offer enterprise versions, which include customizable interfaces, meet government security standards, and may even be branded with your organizational identity. Nearly all providers offer trials.

4) Deal with mobility

Organizations need to update mobile device policies to address both organization- and employee-owned devices. Solutions need to protect organization data while meeting security and employee usability needs.

5) Invest in effective prevention

Be proactive. Prior to a damaging event, security budgets are slim. After a breach, organizations can’t spend money fast enough. An event’s root cause is often due to problems with an organization’s processes. Hastily spending money on new tools won’t necessarily fix the root cause.

6) Consider suggesting tools, even if you can’t endorse their use

If an organization can’t provide a file-sharing tool, consider suggesting employees use a particular service. Wouldn’t it be better to monitor a single service closely, rather than attempting to monitor them all? If a bad breach occurs, the organization could immediately inform users and take corrective actions.

Our pristine networks are vulnerable to dedicated employees who are trying to do great work and meet impossible deadlines. If we don’t provide secure, capable tools, they will find another way. We can continue to fight against them, or we can investigate their needs, accept the challenges, and work to meet those needs while still ensuring security.


David K. Shepherd is a senior consultant in LMI’s Systems Development Group and has 25 years of experience as an information technology (IT) service management and security professional. He has designed, developed, managed, and maintained enterprise quality websites and applications for federal clients. He also advises clients on IT infrastructure issues, effective use of tools and techniques, and security engineering. He can be reached at dshepherd@lmi.org.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Notes from the Silicon Valley Cybersecurity Summit: Part 2

September 30th, 2014 | Posted by Sarah Jones in Guest Blogs - (Comments Off)

NVTC is inviting members to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. Kathy Stershic of member company Dialog Research & Communications shares her insights below.


While the policy panel discussion at the summer’s Silicon Valley Cyber Security Summit pointed out the many challenges of governments trying to deal with the cyber threat, the second ‘Next Generation’ panel was all about the shortage of qualified talent to deal with the problem.

The good news – cyber presents a great career opportunity! As in, the industry needs lots of help. Now. The not so good news is that 40 percent of open IT security jobs in 2015 will be vacant. There simply aren’t enough qualified people to fill them. Technologies such as new threat intelligence and attack remediation products will continue to advance. That will help automate intervention, but there is still a need for people to skillfully apply them, and for others to create them in the first place in the face of a never-ending game of new threats. One speaker said that, as of only a couple of years ago, a new malware was detected every 15 seconds. Now two new malwares are detected every one second! The speakers expected that pace to accelerate exponentially.

There are a growing number of formal university programs in this area, but I was very surprised to hear that only 12 percent of computer science majors are female, and that population has been steadily shrinking for two decades. A marginal percent of those study cyber. So we’ve got a challenge with public engagement in the issue, an inadequate talent pool, and almost half of the student population not thinking about the problem.

Of course not all software learning is in the classroom and talented hackers do emerge. That is why General Keith Alexander [former head of U.S. CyberCommand] went to least year’s Black Hat Conference – while unconventional, he knew this is a place to find badly needed talent. There are also several incubator initiatives like  Virginia’s Mach37, and many startups are trying to get off the ground.

Another challenge is that CEOs don’t fundamentally understand the complex cyber problem, so they delegate the task to the CIO. [This reminds me of similar dispositions toward Disaster Readiness and Business Continuity Planning pre-9/11]. Cyber threat is another form of business risk and should be planned for as such. One speaker mentioned that there is expert consensus, even from VCs who are scrupulous about how money is spent, that for a $100 million IT budget, 5-15 percent should be spent on security. While panelists noted cyber threat is a top discussion point for many corporate boards, there is uncertainty about what to actually do to prepare.

This is a tough issue all the way around. One speaker suggested repositioning the brand message to what regular folk will respond to – protecting our national treasures, homes and quality of life, critical infrastructure and national security. Nick Shevelyov, Chief Security Officer of Silicon Valley Bank, summarized the issue: ‘the technology that empowers us also imperils us.” I’m hoping more of us come to understand that and step up.


Contributed by Kathy Stershic, Principal Consultant, Dialog Research & Communications

kstershic@dialogrc.com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. This week on the NVTC blog, Gretchen Frary Guandolo of Clearsight Advisors shares how the opportunity for big data professional services firms has never been greater.


Total big data revenue (software, hardware and services) reached $18.6 billion last year, up from $11.6 billion in 2012 (according to Wikibon), an impressive 58% growth over the previous year. No doubt the big data market is enormous and growing quickly, but one of the main inhibitors to growth is the lack of professional services firms focused around big data. Software, hardware and diversified IT services vendors are all on the hunt for the same target – professional services firms of scale focused on the strategy and implementation of big data projects. Clearsight recently represented Think Big Analytics in their sale to Teradata, a transaction that underscored the skyrocketing demand for big data services.  The sale process was highly competitive with bidders from several different market segments.  The opportunity for big data professional services firms has never been greater. The drivers behind the strong demand for big data services, include:

  • Few IP/tools exist that allow business users to easily implement and access Hadoop data in an uncomplicated, user friendly fashion
  • Special knowledge is required to navigate all the privacy/security/compliance moving parts and their implication on big data
  • A practitioner of big data is necessary to translate and mediate between all constituents around the table – line of business, c-suite and IT departments – to ensure a successful outcome.

As more companies boast successful Hadoop/big data projects, demand continues to grow, but there remains a divide in the approach to tackling big data projects. Big data consulting firms develop their own IP and toolsets because simple, business user- focused analytic packages accessing Hadoop data are not yet widely available. Software and hardware vendors have a challenging time selling their infrastructure products and deploying Hadoop solutions because their sale process requires a more consultative sale, implementation discipline, and technology skills of a big data consulting firm. The shortage of big data professional services skills is acute. As a result, at Clearsight we expect to see the larger product vendors, IT services firms,  ad agencies and many other sectors continue to hunt for acquisition targets to increase their big data services capabilities and address the growing need for big data professional services.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Notes from the Silicon Valley Cybersecurity Summit

September 23rd, 2014 | Posted by Sarah Jones in Guest Blogs | Uncategorized - (Comments Off)

NVTC is inviting members to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. Kathy Stershic of member company Dialog Research & Communications shares her insights below.


I was fortunate to attend Silicon Valley Cyber Security Summit over the summer, where I spent four hours indulging in the subject. The panel discussions were excellent, bringing perspectives from security technology providers, pundits, the Department of Homeland Security, congressmen, senators and executives from the outstanding Silicon Valley Leadership Group (#SVLG).

The first discussion centered around progress to date with Obama’s Executive Order (EO) issued in early 2013, and the potential for more formal cyber policy or regulation coming from the Congress. The cybersecurity problem offers a rare opportunity for the public sector to lead in a critical technology domain, but all of the day’s speakers emphasized the requirement for public-private partnership in addressing the challenge. There has actually been some good news around the Cybersecurity Framework, an outcome of the EO being driven by NIST, in which participation is voluntary but to which 3,000 private sector representatives have actually contributed. While governments actively push such information to the citizenry, companies need to share a lot more about what’s happening to them, what they’re learning and how they’re defending themselves – competitive concerns are keeping this constrained to date. Still, some progress is being made.

One of the biggest eye openers was the claim by several speakers that the public is just not engaged in this issue and therefore practices poor digital ‘hygiene’. I found this surprising and uncanny in the aftermath of the Target and Nieman Marcus’s attacks last fall, and the Aug. 5 revelation that a Russian crime ring had stolen 1.2 billion user name and password combinations and more than 500 million email addresses.

Senator Saxby Chambliss (R-Ga.) extolled the virtues of his and Senator Dianne Feinstein’s (D-Calif.) Cybersecurity Information Sharing Act bill, which made it through the Intelligence Committee but still faces stiff opposition from privacy advocates. Everyone agreed that what would spur Congressional action would be a real crisis – a big attack that causes a real national issue. We hope that we don’t have to endure a crisis to make progress, however. It is also possible for Federal agencies like HHS, DHS, the SEC and others to impose cyber regulations within their domains – some are already doing so. And states are stepping up too, with a plethora of unique policies. Beyond the U.S., each country will have its own policies as well.

In my opinion, the core issue behind the discussion was trust – citizens don’t trust the government, businesses don’t trust each other or the government, and the government doesn’t trust other governments. One speaker even joked that in the Silicon Valley, the NSA is seen as an ‘advanced persistent threat.’  Everyone is waiting for a cybersecurity crisis, which I believe will sooner or later. Let’s hope later.

My next post will discuss the country’s shortage of skilled cybersecurity workers.


Contributed by Kathy Stershic, Principal Consultant, Dialog Research & Communications

kstershic@dialogrc.com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS