JACKY FOX HAS seen attitudes towards cybersecurity change drastically throughout her career in companies such as Dell, Deloitte and her new role at Accenture.
As managing director of the security business in Ireland, Fox sees first-hand the challenges that clients face in securing their assets and how threats have changed.
She joined Accenture in July to head up its cybersecurity unit and flanked by a core team of 40, Fox assesses the security posture of clients for the firm and fends off attacks and threats.
“I think the big change is people used to just protect their perimeter. It’s like putting an alarm outside of your house saying you know what, hopefully, nobody will get in and not looking at what’s going on in the inside.”
For a long time, she says, companies were often pre-occupied with putting this baseline protection in place rather than specific protections of the “crown jewels” in the organisation. One size fits all doesn’t cut it anymore.
“I think the move from perimeter protection to whole network, holistic view would be how I would see things have changed since I’ve been involved in security.”
Headlines about critical cyber-attacks and hefty data breach fines are all fueling increased activity in the cybersecurity industry.
Accenture is just one of many large companies with a cybersecurity presence in Ireland, not to mention stalwarts like FireEye and Symantec all having offices in the country.
Fox also serves as vice-chair of Cyber Ireland, an IDA-supported group that promotes Ireland as a destination for security companies.
US firms like Tenable and ReliaQuest have opened offices in Dublin is recent years with Forcepoint opening a new centre in Cork last year with 100 jobs.
Dublin and Cork seem like the obvious locations for such companies but with those cities bustling under the pressure for talent and office space, the regions have become increasingly attractive.
Last month Pennsylvanian firm Security Risk Advisors (SRA) announced the opening of its first international office in Kilkenny where it plans to hire over 50 people.
“Initially they were looking to expand outside their borders in the US. The obvious choice was the EU, Brexit definitely played a factor and I think it came down to Germany and Ireland,” Lar Conroy, who is heading up the Kilkenny base, says.
SRA’s new Irish outpost will handle tasks such as information security analysis where analysts try to stay ahead of threats and monitor alerts for clients.
“Our team is looking at these large dashboards that aggregate and correlate (information),” Conroy says.
“It filters and manages the alerts and events and presents them to our analysts, our consultants and then they make a human decision whether to go and investigate and open a case on something.”
He adds that the company doesn’t subscribe to the philosophy that tech companies always need to be in the big urban centres.
“Kilkenny pretty much won out because of the fact that it’s equidistant between IT Carlow and Waterford Institute of Technology who both have really well-regarded and well-developed security programmes for students.”
The location, he says, gives SRA access to graduates as they emerge from third-level education while avoiding the high living costs typically associated with the capital.
Another US company that has followed a similar path is Skout, founded by an Irishman, which opened its European headquarters in Portlaoise in 2018.
Talent and funding
Regardless of location, the competition for talent remains an acute challenge for any cybersecurity company.
Accenture’s Fox, who also lectures at UCD, says there needs to be a greater push for diversity in the cybersecurity talent pool to fill an “intellectual gap”.
“We’re so short of talent in cybersecurity, if we don’t get women who have the acumen to come into the industry, then we’re going to have a problem because the attackers are going to keep attacking, it’s a big cat and mouse game,” Fox says.
SRA’s Conroy adds that cybersecurity needs to rely on its promise of a unique work environment with varied challenges to solve in order to lure people in.
“Somebody who is in IT will get up every morning and they’ll know they’re going to a good job that pays well but it’s very regular … that can become a little bit humdrum,” he says.
“In terms of security, it’s a different landscape. There are emerging threats, it’s very dynamic and exciting and scary at the same time. That attracts people to the business.”
Corrata, a mobile security software company founded in Dublin, has employed similar tactics, not letting its security pros feel “buttonholed into an existing role”, according to chief executive Colm Healy.
“We have to work that bit harder to access talent than we would have if we didn’t have the massive numbers of overseas companies here in Dublin,” Healy says.
Corrata raised €1.3 million last year and is in the midst of getting a foothold in the US market, where it recently inked a deal with mobile carrier Sprint to promote its product to business customers.
He says that the myriad mobile cyber-attacks over recent years have validated the need for products like Corrata’s but it’s a very “noisy” space.
“As someone said to me many years ago, you might have the cybersecurity equivalent of the cure for cancer but how do I know that? Because all the other guys tell me that they have the same thing too.”
For an Irish company taking on the US market, it can be like starting from scratch again. This is especially evident in the pursuit of venture capital.
“If you’re a very early stage US company, you could possibly raise $5 million where as an Irish company can only raise two.”
Another market, Israel, has possibly the world’s most advanced ecosystem for cybersecurity with very large VC cheques flowing into early stage and series A-stage companies.
“That’s where the challenge tends to be and we’re still at that relatively early stage,” Healy says.
Plugging funding gaps in Ireland for early stage investment isn’t unique to cybersecurity and the issue is frequently aired among the startup community – namely with criticisms of the terms in the government’s flagship programme, the Employment and Investment Incentive Scheme.
As next week’s budget approaches, the scheme is once again subject to calls for reform.
“The reality is that this stuff is extremely high risk and therefore the only way you’re going to get a volume of seed investors is to make it very attractive from a tax perspective because frankly it’s difficult to justify on the standalone economics.”