This content is produced by Studio/B

Produced by Studio/B

Why Boston is a cybersecurity hotbed

This article is a part of BG BrandLab’s Cybersecurity Special Report, meant to provide insights about today’s cyberthreats and the steps readers can take—as  individuals, employees, and decision-makers—to protect against them.

The threats are real. But so, too, are the opportunities. Boston’s high caliber of universities, large talent pool, thriving healthcare and finance sectors, and unique area resources make the city a leader in cybersecurity research and development (R&D) and a hotbed for tech startups. The local landscape consists of private companies, universities, nonprofits, government agencies, and private-public partnerships working to improve defenses nationally, locally, and for companies and people.

Boston has more than seven public cybersecurity companies with market capitalizations above $1 billion, as well as a number of large cybersecurity organizations that have been acquired, including Cloudlock, Recorded Future, RSA, and Veracode, says Greg Dracon, partner at .406 Ventures, a Boston-based venture capital company that has invested in over a dozen cybersecurity companies built in the region.

According to Pitchbook, a private market data platform, there are more than 200 cybersecurity companies in Massachusetts, including 81 with venture funding. In April 2019, Indeed ranked Boston the third-fastest-growing tech hub in the United States. In July, CBRE’s 2019 Tech Talent report ranked Boston the seventh-best market for tech talent in North America.

The accolades are due, in part, to the area’s talent pool. According to a report by the Massachusetts Budget and Policy Center, 50% of the workforce holds a bachelor’s degrees, compared to 35% nationwide. Dracon notes Massachusetts has at least 18 local universities offering more than 30 cybersecurity certificate programs. These programs ensure cybersecurity companies can find the skilled professionals they need to scale.

He adds that Boston can support every stage of a company’s growth, from initial formation, to scaling, to exit. Successful cybersecurity IPOs in Boston include Carbon Black, CyberArk, Imprivata, Mimecast, Tufin, and Rapid7.

Homegrown innovation
Boston-based CyberSaint Security snagged a spot on Built in Boston’s “50 Start-ups to Watch in 2019” for its cybersecurity platform that automates, measures, and reports a company’s compliance and risk management program in real-time. CEO and founder George Wrenn says Boston’s higher education system makes the city’s cybersecurity scene unique. Wrenn, also a research affiliate and instructor emeritus at the MIT Sloan School of Management, says Boston has been a leader in cyber R&D for decades. He references MIT’s Project Athena, a campus-wide effort in the 1980s to provide students with systematic access to computers. The project laid the groundwork for Kerberos, a network authentication protocol, also developed at MIT.

“We are now seeing many innovations from our top-notch academic community cross pollinate with a vibrant business and venture ecosystem,” he says.

Boston’s leadership in healthcare also benefits its cybersecurity scene, and vice versa. Wrenn says leading research hospitals are exploring how they can use AI, robotics, and Internet of Things (IoT) technologies to address medical challenges.

“We have customers actively engaged at the leading edge in genetics, robotic assisted surgery, and a range of IoT devices that address critical healthcare issues and improve the life of millions of patients,” Wrenn says.

As interesting as the companies launched in Boston are the ones that move here. Peter and Paul Martini, co-founders of the Boston-based cloud cybersecurity company iboss, relocated the company from San Diego in 2017 because they believe Boston is one of the world’s most innovative technology and cybersecurity hubs. Last year, it expanded its headquarters on Federal St. and now employs 200 people. Its clients include the US Air Force, Verizon, large financial institutions, and hospitals and healthcare systems.

Paving the way for Israeli startups
Israeli-based company CyberArk moved to Boston in the early 2000s when there were less than a handful of information security companies in the space. “Several years later, and particularly over the last three to five years, we have not only seen new venture capital investments, but also noteworthy M&A and IPO activity,” says Udi Mokady, founder, chairman, and CEO of CyberArk.

Boston was appealing to Mokady because of its “tremendous university community,” as well as its proximity to customers and prospects, particularly in the financial space. He also notes that Governor Charlie Baker forged a strong partnership with Israel and has worked consistently to improve the region’s security ecosystem.

Mokady takes pride in recommending Boston as a destination for other global organizations. “CyberArk bucked a trend by picking Boston at a time when so many other companies were defaulting to Silicon Valley. Since then, we’ve blazed the trail for other startups, particularly Israeli startups, to pick Boston as their headquarters.”

Morphisec is a $20M-backed Israeli enterprise cybersecurity firm that set up its US headquarters in Boston in 2016 after meeting with Baker in Tel Aviv while he was on a mission to recruit startups to Boston. “We chose Boston as the joint home for Morphisec because of the number of potential enterprise customers in the area, as well as access to local talent,” says Ronen Yehoshua, CEO of Morphisec.

Advancing the space with government support and private-public partnerships
Boston also benefits from unique area resources, including MITRE, a Bedford, Mass.-based nonprofit that solves challenges to the safety of our nation through its federally funded R&D centers and public-private partnerships; and Massachusetts Technology Collaborative, a public agency that supports the Commonwealth’s tech sector by strengthening connections, assisting companies, leading programs, and making investments.

The Advanced Cyber Security Center (ACSC) was recognized by the White House as one of the first regional threat sharing collaboratives when it was launched as a member-based nonprofit by leading private sector firms, defense nonprofits, the Commonwealth, and universities organized by Mass Insight in 2011. The Center, which operates from MITRE’s headquarters in Bedford, is dedicated to preparing its members and the New England region to defend against the most sophisticated cyber attacks through its “Collaborative Defense” programs, effective practice sharing and public-private incident simulation exercises.

Boston’s cybersecurity space also benefits from Baker’s track record of supporting tech startups and recognizing the realities of cyberthreats. He established MassCyberCenter in September 2017 to enhance opportunities for the Massachusetts cybersecurity ecosystem and to strengthen the defenses of public and private entities that call the Commonwealth home. In 2018, the Baker administration and the Massachusetts Technology Collaborative launched a statewide cybersecurity center to prepare for digital attacks.

These resources are valuable, but our best chance at defending ourselves is collaboration. Dracon, who serves on the board of the (ACSC) and Baker’s cybersecurity strategy council calls cybersecurity a “team sport.”

“We need support from all players in the ecosystem—state and local government, large and small companies, academic research and training programs, and all the way down to individual employees,” he says.

Dracon believes government has a responsibility to hold organizations accountable for how they treat sensitive and private data, and companies have a responsibility to invest in cybersecurity defense and remediation tactics, and to share best practices across the industry.

For more information about the Massachusetts cybersecurity ecosystem, visit https://www.masscybercenter.org/massachusetts-cybersecurity-ecosystem.

This content was produced by Boston Globe Media's Studio/B. The news and editorial departments of The Boston Globe had no role in its production or display.