There is enormous potential for Australia to be a cyber security powerhouse in a hundreds of billions of dollars market. AustCyber’s Sector Competitiveness Plan talks about the cyber security challenges Australia and the rest of the world face and the solutions and innovation coming from our domestic market.
I see one of the biggest challenges we need to overcome is removing the market barriers for Australian cyber security companies to scale, mature and export.
AustCyber’s plan explains how “Australia struggles to translate its academic strengths into marketable solutions”. While it is true that with strong collaboration between researchers and industry, great technology can be built. With strong relationship between startups and customers a great industry can be built. The SCP also states “giving companies the opportunity to test their technologies must be a priority”
Research and development does not just happen in a lab. The aim of R&D is to produce products to be bought in the market. According to AustCyber, the top buying-driver for Chief Information Security Officers and Chief Information Officers is technology effectiveness - does it actually solve the problem?
Initial minimal viable products (MVPs) are based on incomplete and incorrect assumptions. This is even true for probably the most successful technology products in the market today. Assumptions can only be tested, and customer problems uncovered, by getting the technology in the hands of users. For products to be mature and solve industry’s problems, they must be tested by industry users and exposed to industry problems.
But the benefit of industry engaging with early stage innovation does not swing only the innovator’s way. Benefits for organisations integrating cyber security innovation with their organisation are many but importantly as the future cyber workforce is being developed, there are important benefits for the development of future cyber operators being exposed to new innovation.
It is important to remember innovation is not just ‘a better horse’ - innovation is disruptive and transformative. It changes the way people go about their work and behave, interact with one another and the world. In the world of cyber security, innovation is really not a more efficient intrusion detection system, a more scalable firewall, or a faster log searching system. Cyber security innovation changes strategies, IT and workforce structures. It even requires new skills and knowledge - sometimes making existing knowledge and skills redundant. Innovation is disruptive, but also innovation can be displacing.
Here lies an important lesson for students entering the cybersecurity workforce. My advice is as they move through their career working in cyber security, where innovation is occurring all the time, embrace it. It is critical to career success and satisfaction to become comfortable with the discomfort of keeping up with emerging technologies and techniques in the cyber security domain.
Cyberspace is a conflict zone. Not all, but many sophisticated cyber adversaries are in a constant state of innovation to invent new technologies and techniques. If they are not learning everyday then they are falling behind. They need to push themselves, their teams and organisations to embrace innovation.
Working with cyber security startups benefit organisations in ways that extend beyond the workforce. Keeping up with the innovations in technology to stay competitive is demanding in terms of time and money to CISOs and their staff. Cyber security technology and application stacks never stop growing and the thought of a startup coming to you with another idea or product often seems like a distraction. But taking that meeting and becoming an ‘early adopter’ organisation can be advantageous.
These are just some of the benefits:
There is risk in trying and testing new technology. But there is also risk in not taking the chance to be at the front of something transformative.
There is a lot of talk about venture capital in the innovation and startup scene, but I encourage organisations to become ‘venture buyers’.
If businesses think like Venture Capitalists, where they looked to ‘invest’ their time and some of their budget to providing early stage startups with small contracts for testing and maturing their products, those businesses may find a startup willing and capable to tailor its technology, to solve a deep problem no other technology can. They may be able to deliver that solution at a fraction of the cost of another product in the market while providing you better support long into the future.
There is always a flip side. There will be startups that will not gain traction in your organisation for whatever reason and perhaps that startup will not succeed at all. But, your business will have learnt something, and so will the startup entrepreneur. Perhaps their next attempt will be better because of your encounter.
Uncertainty is unavoidable in such ventures. But I ask organisations, if you don’t already, to venture out a little bit - with your technology, budgets and personal reputations. Because “nothing ventured, nothing gained”.
Australian industry needs to develop a little bit of healthy nepotism if we want to accelerate our tech sector growth. We look overseas at cyber startup regions such as Silicon Valley and Israel as exemplars. But what they excel in is maturing products and companies through a supportive network of customers. The products and companies coming out of these regions we look at with awe, were once just like the products and companies you encounter today. A world-class product is the result of half nature and half nurture.
Some startup technologies will not look as slick as international market-matured products. They will have bugs. They may cause frustrations with your staff. But all those highly mature products in the market now went through that development stage. Both startups and the customers endured growing pains to build a capability together.
So I throw down a challenge, a call to action for industry buyers. Talk to a cyber startup innovator. Take a meeting, give an hour, be prepared to be disrupted. Actively seek to be disrupted. Do this to maintain a competitive edge for your organisation in the cyber fight. Do this so your workforce will continue to learn and be better.