Innovation and international cooperation: notes from CyberMaryland 2016.

Birmingham to Baltimore, the Midlands to Maryland.

The English Midlands were prominently represented at CyberMaryland. Centered on Birmingham, the Midlands are home to a number of innovative start-ups and established companies with the academic structure behind them to back research and labor force development. We spoke with Linda Smith about the Midlands Engine and what the region it represents brings to the sector.

Both QinetiQ (who exhibited at the event) and BAE have significant operations in the Midlands, as does CapGemini, which also has a significant foothold in the US cyber security market. Among the smaller companies that have grown up in the region are Borwell, Cyberowl, Deep Secure, Eminent Crisis Management Group, IceBlue, Innova Engineering, and Titania. The University of Wolverhampton and Coventry University are both heavily invested in cybersecurity research and education.

Smith sees a natural affinity between the two regions. She noted that Midlands companies are now actively selling into thirty-nine US Government agencies. They've been working closely with UK Trade and Investment, and the companies and universities participating in the Midlands Engine are looking for US partners, both business and academic.

Spin-outs as a strategy: a conversation with MasterPeace.

We sat down Thursday with MasterPeace Solutions' Drew Cohen, who described his company's new accelerator. MasterPeace is a Government services contractor focused on the Intelligence Community. They'll be launching, on November 3, an accelerator designed to give their people support to innovate and spin-out their products in new businesses. The first two spin-outs will be SRCLIght and Zul.

To take the Ghostbusters-namechecking Zul first, this company will offer two products, Gatekeeper and Keymaster, both designed to contribute to securing the industrial Internet-of-things at scale. One use case involves configuring connected busses, which would use their connectivity for passenger Wi-Fi, fleet management, networked security cameras, and so on. You wouldn't, Cohen says, want to send IT support out to configure each bus, and Zul's products would enable a tech to do so from a secure phone connected to an identity management system.

SRCLight is an open-source support marketplace. "Think of it as Uber for open source," Cohen said. It takes advantage of a deep relationship with repositories to enable technical support providers to bid on projects, and it also incorporates a crowdfunding element.

Both Zul and SRCLight are founded on ideas of MasterPeace engineers, Cohen explained, going on to call the concepts "highly relevant to the security centric work done for Government customers. He sees this sort of opportunity to develop and spin out technology as an "attraction magnet" for innovators. MasterPeace takes an equity stake in the spin-outs. "They usually start with four or five good engineers," Cohen said. "We teach them how to be business people, and we also provide them with some reach-back capability."

Why would a company look to spin-out as a strategy? Cohen says it's now easier to spin out a new company than to create a division. It's easier, he believes, to let innovative technology go and foster it in this way than it is to keep everything in-house.

Anomaly detection and venture capital: a conversation with Nehemiah Security.

Nehemiah Security, based in Tysons Corner, Virginia, recently acquired a company we've grown familiar with at earlier meetings of CyberMaryland: Triumfant. We spoke to Nehemiah's Paul Farrell about his company's technical and business goals.

Nehemiah was formed by enterprise executives from other software sectors with the backing of venture capitalists who were looking for a promising field for investment. They decided on cyber security, and believed they could address an unmet demand for software professionals with the sophistication to manage mathematical algorithms used particularly in anomaly detection.

Their product, Atomic Eye, is an anomaly detection solution that, Farrell says, detects zero-days, and is sophisticated enough to handle what he characterizes as the coming wave of exploits. It does address insider threats, and Nehemiah, while it intends to operate in a number of markets, has retained Triumfant's strong presence in the media vertical.

Farrell agrees with the prevailing sentiment that the days of customers buying a large number of point solutions are soon to pass. He sees Nehemiah working in the context of a comprehensive threat mitigation and risk management approach.

Secure voice messaging: a conversation with KoolSpan.

KoolSpan is a leading provider of secure voice messaging solutions. We caught up with the company's CEO, Nigel Jones, and asked him about what makes their solution different. He said that giving an enterprise the ability to have lockdown control over the background of its infrastructure was the differentiator. Their solution is flexible, permitting multiple ways of implementing protective cryptography.

He sees them as an enterprise-grade solution for ministries of defense and Fortune 500 companies. While the solution is device agnostic, they have partnered with Sirin Labs in their very high-end Android phone, Solarin.

Jones sees KoolSpan as especially appealing to large government organizations in Latin America, the Middle East, and Southeast Asia. The company's defensive solution is of great interest in these areas where eavesdropping is of much greater concern than it is in the US. "The consequences can be much more serious than a simple breach of privacy," Jones said, and individual agencies in such countries are taking their own initiative to secure their voice communications.

Asked what he thinks people miss about mobile security, Jones said that too many have been lulled into a false sense of security because they operate in 3G or 4G networks. What they miss is the persistence of legacy SS7 protocols that allow seamless interoperability. Many exploits build against SS7 therefore threaten 3G and 4G users as much as they do those still working with 2G. We need, Jones thinks, greater awareness of mobile vulnerabilities. In many cases "all you need is the ten-digit phone number to implement an SS7 exploit."