There was no shortage of valuable insight at this year's DMV Rising, the premier cybersecurity community conference for the Washington, D.C., Maryland and Virginia region.
Over 300 C-suite members and other high-level executives and engineers from dozens of companies around the beltway gathered at the Virtru HUB in downtown D.C. and online via stream to spotlight the area’s growing innovation and significance in the world of tech and cybersecurity.
Following an introductory address from Nina Albert, Deputy Mayor for Planning and Economic Development discussing the economic diversity of the nation's capital, N2K CyberWire host, co-founder and DMV Rising emcee Dave Bittner kicked off five panels that featured a who’s who of local influence and industry knowledge.
Miss the event? Don’t worry, we’ve got you covered. Let’s dive into a recap of each all-star panel, produced in collaboration with N2K CyberWire:
The first panel provided a fascinating glimpse into the minds of early-stage founders. Moderated by John Funge of DataTribe, the discussion featured John Doyle, CEO of Cape Wireless, and Anup Ghosh, CEO of ThreatMate.
Doyle and Ghosh shared candid perspectives on their founding journeys and lessons learned while building cybersecurity startups in the DMV area. Key topics included:
Ghosh highlighted his goal of achieving outsized success with minimal venture funding, stating “Raise as little as you need. Not to the point of stifling your growth. Take technical risk off the table. I’d love to come back in a few years and say ‘I only raised $3 million in venture capital and we still blew this thing up.’ That is winning to me.”
Doyle offered insights into the venture capital mindset, noting that VCs are "fundamentally gamblers.”
“Their model is to take a lot of bets. For them to beat the house means 1 out of 10 bets hit. They want and need to be inspired when you’re pitching them. Get the investors excited. Numbers matter, but you’re asking them to believe there is an enormous company here.”
Doyle also shared his strategy of tapping into existing relationships for funding: “All the early investors we had were people I knew. I trusted them and had a good relationship with them. I certainly have more folks looking over my shoulder as a result of taking all that money, but at least I know and trust them.”
The second panel featured industry veterans Marty Roesch, CEO of Netography, and Will Ackerly, Co-Founder & CTO of Virtru. Moderated by Matt Howard, Chief Marketing Officer and Senior Vice President at Virtru, this discussion explored the evolution of cybersecurity and the power of open-source innovation.
To start, Roesch, known for creating the widely-used Snort intrusion detection system, shared his journey of turning an open-source project into a profitable business. Ackerly, with his background in government cybersecurity, discussed the development of Virtru's data-centric security approach.
A key theme of the panel was the transformative power of open-source in cybersecurity. Ackerly emphasized how creating an open-source standard has benefited Virtru, stating, "It's changed the game. So many objections we used to have just evaporated." He noted that open-source software builds trust and transparency, and it mitigates the “unintended ransomware” that can come from vendor lock-in with proprietary software. Ackerly highlighted how Virtru's customers are often also partners, buying into the data-centric approach and benefiting from the interconnectedness of the ecosystem.
Roesch added to this, addressing a common misconception: "When I got started, people said 'if it's open-source, then the bad guys can see everything.' That just means you need to build it the right way."
Roesch went on to share his experience of monetizing Snort, an initially free tool. "I needed to figure out how to make people pay for something that was free," he said. His strategy focused on addressing the complexities that arise at scale: "If you have 300 to 400 Snort sensors, that is a big problem. The companies with that problem have a lot of money. I'm going to sell to them!"
This approach proved successful, as evidenced by SourceFire's growth from $250 million to $2 billion a year following its acquisition by Cisco.
Ackerly expanded on Virtru's journey, highlighting the importance of focus and persistence in category creation. "We started with email. Let's just knock out the email problem," he said. "That took eight years before we could actually pivot to other aspects of the problem and become a multi-product company."
The session concluded with each speaker touching on ongoing challenges in the industry. Ackerly noted, "There is still an awareness gap. I don't know how quickly this approach is going to become the expectation," referring to data-centric security.
Looking to the future, Roesch predicted AI's “Facebook moment," suggesting that the rapidly-developing technology could eventually be used in a maleficent way against consumers.
The third panel was a deep dive on product innovation, customer-centric development, and the evolving landscape of cybersecurity policy. Moderated by Tom Knox of King & Spalding, the discussion featured Brian Fox, Co-Founder & CTO of Sonatype, and Kate Ledesma, VP of Public Policy & Government Affairs at Dragos.
Both panelists started off by emphasizing the importance of staying tuned into customer needs while simultaneously pushing the boundaries of innovation. Ledesma detailed Dragos's approach, stating, "It's about solving a problem. Back in 2016 our founders saw a problem and set out to solve it. We listen to our customers today to make sure we are still solving a problem." She opined that this ongoing commitment to customer needs has ensured that Dragos remains relevant and valuable in a fast-changing industry.
Fox shared a unique perspective with respect to innovation. "I've been accused of being a contrarian. I think you find some innovation in that," he remarked. “I took a look at existing solutions that were out there and tried to understand why they were failing for customers.”
One of the most intriguing strategies shared during the panel came from Fox, who described an unconventional method for gathering technical insights: “I’ll ask a question that I know is wrong. If you can get technical folks agitated enough to think that you’re dumb, they’ll tell you a lot of reasons why you’re wrong. If they tell me something I haven’t heard before, then I’ve learned something. Let them poke all the holes in it. Many of them I knew were holes, but some of them I didn’t. When they could no longer poke holes in something, then we knew what we needed to go and build.”
The discussion took a turn towards the complex interplay between cybersecurity innovation and policy development. Both panelists stressed the importance of proactive engagement with policymakers and regulators.
Ledesma highlighted Dragos's approach to policy engagement: "Knowing what is coming in the policy and regulatory space, being an advocate for sectors, regardless if they are customers or not, and talking to policymakers and making sure requirements are buying down risk." She claims this proactive stance allows companies like Dragos to shape policies that are both effective and practical.
Fox brought attention to the challenges of implementing policies like the SBOM (Software Bill of Materials) executive order. He noted, "So many of the problems we're dealing with in the software supply chain today were visible 10 years ago. The policy is catching up, but organizations aren't moving fast enough." This observation highlights the ongoing struggle to align policy, technology, and organizational practices in the face of rapidly evolving cyber threats.
The panel concluded with a sobering assessment of the current state of cybersecurity. Fox didn't mince words: "The market has failed. And it will continue to fail. All of our social security numbers were just leaked. If that’s not evidence that the market has failed, I don't know what is."
Next up was a panel delving into the topic of modernizing federal cybersecurity. Moderated by Camille Stewart-Gloster, Former Deputy National Cyber Director at The White House, the discussion featured Justin Fanelli, Acting CTO of the Department of Navy, and Nick Polk, Senior Advisor to the Federal CISO at the White House Office of Management and Budget.
The conversation started off with both panelists hitting on the importance of Zero Trust architecture in modernizing federal cybersecurity. Fanelli highlighted the collaborative nature of this endeavor, noting, "This is the tightest I've ever seen the government. You're doing something right if you're more connected." He stressed that Zero Trust is an ongoing process, likening it to software development: "Just like software is never done, this is an ongoing process."
The discussion touched on the looming challenges posed by quantum computing. Polk outlined the ongoing efforts to prepare for post-quantum cryptography, noting the recently-released NIST standards. He spoke about priorities, with the first being the process of determining where said standards can be implemented. “We know some legacy tech will not be able to migrate to the new standards. We need to start addressing that now. It is time to replace those things.” He also cautioned against neglecting current threats in favor of preparing for Q-Day: "We don't want folks looking at the quantum threat, which is very real, and neglecting modern cybersecurity technologies to solve today's problems."
Both panelists stressed the importance of collaboration between government and industry. Fanelli summed it up eloquently: "We’d like to be better buyers and smarter buyers. We’re going to need [the private sector’s] help for that. Staying in lock-step and understanding the specific problems and being as specific as possible with policy issues. When we do something stupid, tell us how to be more specific. We need to practice humble listening.”
As federal agencies continue to navigate this evolving landscape, the insights shared by Fanelli and Polk offered a roadmap for balancing security imperatives with the practical realities of governance and service delivery. Both panelists were bullish about how the journey to modernize federal cybersecurity is ongoing, requiring continuous adaptation, innovation, and cooperation across all sectors.
The final panel offered a compelling vision for the future of the DMV (DC, Maryland, Virginia) region as a global leader in cybersecurity. Moderated by Elise Liberto, Partner & Managing Director of Private Investments at Brown Advisory, the session featured Ron Gula, President of Gula Tech and Co-Founder of Tenable.
Gula began by reflecting on the early days of founding Tenable, now a cybersecurity powerhouse. He highlighted the challenges of recruiting in the industry's nascent stages: "Getting people to quit government jobs and work for a start-up was a lot less common." This anecdote underscores the significant shift in the region's entrepreneurial culture over the years.
He continued on to discuss the importance of having a clear vision for your company, especially when faced with acquisition offers. "You have to know what you want as a company, otherwise you aren't going to get there," he advised, stressing the value of staying true to one's vision in the face of tempting short-term opportunities.
Gula reflected on DMV region’s status as a burgeoning cybersecurity hub with immense potential. The path forward, he outlined, involves a collaborative effort across education, business, and government sectors. It calls for nurturing local talent, supporting homegrown businesses, and creating an environment that encourages innovation and risk-taking.
DMV Rising showcased the dynamic and evolving landscape of cybersecurity in the D.C., Maryland, and Virginia region — and it fostered a sense of community, with personal stories from founders and innovators who have painstakingly built businesses from the ground up. From startup challenges and funding strategies to open-source innovation, policy development, and federal modernization efforts, the panels left attendees with many lessons to digest.
The discussions underscored the rich value of the DMV's unique position at the intersection of government, industry, and innovation. As the region continues to flourish as a cybersecurity hub, the insights shared by industry leaders, government officials, and entrepreneurs paint a bright future.