Dirty little secrets of the cyber business.

• Author: Erwin, Sandra I.
• Position: Defense Watch

* It is one of the unwritten rules of venture-funded technology companies that they should stay as far away from government contracts as they possibly can.

Unless they are cybersecurity contracts.

In the cyber business, in fact, the federal government can be the ticket to prosperity. Not so much for the amount of money it spends, but because government networks are ground zero for the cyber wars that are being fought on a daily basis and will continue to be waged for years to come.

"No other customer has tougher problems," says former U.S. Marine turned venture capitalist Nathaniel C. Fick.

"For an early stage cyber company, having government customers is great," he says. "Nobody is better than the Defense Department and the intelligence community."

Fick has drawn such conclusions after three years of running Endgame Inc., a 150-employee software company funded by Bessemer Venture Partners, where he remains an operating partner. The firm has bankrolled hundreds of the most successful companies in the United States.

Many tech companies see the government, with good reason, as an unattractive customer. It can take years to sign a contract, and buyers often demand customized features that make it hard to build a product that can be sold to others. But in the cybersecurity business, the government has more virtues than flaws, Fick says. "From the perspective of running a cyber company, I think the government is an awesome customer."

What makes the government valuable is its willingness in some cases to be an "early adopter" of cybersecurity products, he explains. "In most industries, the government is not a great early adopter. That is not true in cyber."

Fick has found that his defense and intelligence agency customers take chances on unfamiliar cyber technology even when the government procurement culture at large usually prefers to go with safer choices. Being risk averse does not pay in a world where threats move with lightning speed, and the traditional federal procurement system has come under political fire for buying products that are obsolete before they are even put to use. Fick cites research that shows that federal agencies whose networks are breached do not become aware that they are under attack until months later, as they lack adequate technology to monitor intrusions. The average "dwell time" for hackers is 300 days, says Fick. It takes about 200 days from breach to detection to recognize they have an intruder in the network...