graphical user interface, text

The Enduring Challenge of Scaling Cybersecurity

It was late 2015 and I had run out of talent, there was no more to be found. We had trained as many people as we could, as fast as we could. Many were trained in intense real world scenarios, for them it was trial by fire. Our crack recruiting team was tapped out. I was running a global cybersecurity consulting practice at defense contractor meets consulting firm Booz Allen Hamilton with customers in multiple states, and supporting efforts overseas. I was having to tell customers no for the first time, or beg employees to fly to two cities on opposite coasts for meetings the same day. These were mostly on-site engagements that required real people to be at real client sites everyday hunting for bad guys on networks that ranged from nation state intelligence services to criminal gangs. We were building defensive strategies, synchronizing cybersecurity tools with actionable intelligence, and performing any number of other scenarios for our clients. Some of our work was delivered remotely via a 24 hour cyber threat intelligence monitoring center in McLean, VA, but our commercial customers, just like our government customers, were really paying for us to deliver the top talent they couldn't find on their own to them in person wherever they might be.

Part of our strategy was to cross pollinate talent between our newer and smaller commercial and massive legacy government business practices as needed. Booz Allen had created what I believe at the time might have been the largest standing trained cyber army of talent in the world outside of Russia or China, and even with that, I could no longer scale human capital at the pace I needed to deliver for my customers. Not to mention, how would I continue to rapidly climb the corporate ladder if I couldn't onboard new customers or deliver for the ones I had.

To add to the problem we were creating a highly talented, sought after, workforce, with the amount of training and real world cyber experience they were receiving. Many had been manning the cyber trenches of the U.S. government security apparatus and were now itching to man the cyber front lines in the corporate world. The theory was that we could move them back and forth as desired and required. Easier said than done as bigger pure play cyber companies and our own customers were hiring them away from us with salaries we couldn't compete with.

In 2015 everyone in the cybersecurity community was thinking about the issue of scaling cybersecurity capabilities as they are still today. The lack of trained talent has only become more pressing. Most of the cyber technology tools our customers were using to help scale their defenses were point solutions designed to address one threat vector at a time. With the scale of the problem growing as fast as the advisory could monetize their efforts through their unending onslaught of successful breaches, I decided I wanted to focus my attention on building world class cybersecurity technology tools that help organizations from government to the commercial world scale their security. Security tech that enhanced humans and in some cases replaced them was imperative if we were going to keep up with our adversaries in cyber. Throwing more people at the problem alone was a fool's errand. It was clear we were diving head first into a machine-on-machine cyber war era back then, and with the rise of AI in 2023 it is only accelerating.

In early 2016 I got serious and was lucky enough to help pull together a small group of industry professionals and a mission focused limited partner (LP) to quickly get Strategic Cyber Ventures off the ground. Our goal as the world's first VC fund dedicated to cybersecurity was to build tools that scaled our defenses at machine speed and allowed one cybersecurity operator to do the job of ten or more. My roots as an Army Intelligence Officer at the start of my career had instilled in me a mission driven ethos, and my brain wired to always ensure time spent building complicated things has been assessed to be truly tied to mission requirements.

As we move forward into 2024 and our 8th year, Strategic Cyber Ventures is more focused than ever on investing in founders and technology that are mapped to the most pressing cybersecurity challenges of scale. With America's National security apparatus being pulled in more complex directions than ever, and sophisticated threat actors targeting the private and public sectors en masse, our mission of rapidly fueling security innovation is more important than ever. With advanced AI as our newest partner, and as a collective cybersecurity community of private sector and government expertise, we can take on and defeat our adversaries in cyberspace at the tactical, operational, and strategic level! All The Way in 2024!

Written By: Hank Thomas, Managing Partner at SCV


Cybersecurity is national security, and we are a D.C.-based venture capital firm on a mission to find cutting-edge startups that help us make an impact. We go beyond the check to help our founders win by leveraging our industry connections and experience as cybersecurity veterans to fuel their companies from inception to exit.

To learn more about our investment strategy and portfolio, explore or connect with us on Twitter @SCV_Cyber to be part of our mission in shaping the future of cybersecurity.