Simon Everett, Ltd.

Simon Everett is an analytic design firm. We structure and implement analytic engagements to help government agencies, businesses, and non-profits solve problems, large and small. Whether our clients seek to create capabilities, improve processes, or inform decisions, we offer the proven ability to address their needs. Our consultative approach blends analytic agility with interdisciplinary expertise to produce functionally and aesthetically impactful results. We are successful when our clients tell us they can achieve better outcomes.

Filtering by Tag: cyber

Net effect

Several weeks ago, I had the pleasure of participating in a panel discussion at the University of Maryland’s first annual Executive Cybersecurity Summit. There, I was able to share some insights our team has gained through supporting several statewide and regional efforts focused on advancing cybersecurity industry ecosystems. Notably, many of these insights run contrary to what we’re used to seeing in the DMV (for our non-Washingtonian friends, that refers to the DC, Maryland, and Virginia nexus). For example:

  • Cyber industry growth across the US isn’t always sparked by cybersecurity concerns. In our beltway backyard, cyber industry growth is mostly responsive to technical needs, particularly to fulfill network security requirements for federal agencies. But outside of the DC area, many cyber ecosystems have flourished in response to concentrated economic and workforce development initiatives. Cybersecurity professionals earn more than double the average salary in many parts of the country, indicating the industry’s effectiveness as a targeted lever for advancing a community’s workforce and economy. Accordingly, the Commonwealth of Kentucky commissioned us to conduct a statewide cybersecurity industry analysis as a means of assessing the career field’s viability for targeted workforce diversification. Similarly, California’s cyber initiative is as focused on education, innovation, and workforce development as it is on technical implementation.   

  • Cybersecurity initiatives aren’t always driven from the top. Just as federal government requirements play an outsized role in shaping the direction of the DC-area cyber industry, governors’ offices often drive successful statewide initiatives such as those seen in Virginia and Indiana. But in other areas, more localized efforts — often with the leadership and support of academic institutions — are making a splash. The Colorado Springs Chamber of Commerce and Economic Development Corporation, in partnership with Pikes Peak Community College, engaged us to map out the area’s cyber ecosystem and develop a strategic plan aimed at attracting cyber executives, investors, and workers to the region. And South Carolina’s statewide cyber initiative was born out of organic efforts within the University of South Carolina.

  • Just “doing cyber” won’t put you on the map — but specialization will. We’ve all heard about executives who decide they need to “get some of that social media” without having a plan for why — and the same goes for locales that plan to “get into the cyber game.” But areas that carve out a niche cyber application, a targeted industry angle, or a differentiating value proposition can more effectively coordinate resources and stakeholders according to a coherent strategic plan. Once again, DC’s federal (and security clearance-heavy) market serves as its own differentiator. But absent such an inbuilt distinction, Michigan has become known for its Cyber Civilian Corps and Cyber Range; San Antonio has built a strong cyber education system to complement its defense assets; and Augusta (Georgia) and Colorado Springs both advertise quality-of-life as a differentiating factor for cybersecurity professionals seeking a new home.

It’s worth pointing out that there is no single correct pathway for building a cybersecurity ecosystem. At one end of the spectrum are jurisdictions that test the waters by commissioning exploratory studies to assess the industry’s economic impact before determining whether a next step is even prudent. Moving along that spectrum, we find highly sequenced initiatives such as California’s CASCADE program, which began with supply chain mapping; then moved to strengthen the provider network through diversification efforts; and now leverages that improved network to offer more robust cybersecurity services, workshops, and assessments to wider industry across California. And at the other end of the spectrum, New York’s cyber thrust comprises an interconnected series of initiatives that marshal the unparalleled wealth and diversity of its economic resources. 

If there has been a consistent factor for success, it might be the assistance of the Department of Defense’s Office of Economic Adjustment (OEA). Through one of several types of grant programs it offers communities, OEA has funded efforts in many states aimed at enhancing the resilience of the defense supply chain — in which cybersecurity companies play an important role. Whether seeking to help separating military personnel find a second career in the cybersecurity industry, or to help the cybersecurity industry itself decrease its reliance upon defense spending, OEA has enabled many cyber economy initiatives across the country to initiate and grow towards self-sustainability. And no matter your personal thoughts on the right amount of US defense spending, decreasing our national workforce’s reliance upon it — while also improving cybersecurity capacity and capability in dozens of states — is a good thing.   

Cyber health in the Commonwealth

Cybersecurity is big business. Worldwide spending on goods and services to protect digital information is estimated to reach $1 trillion between 2017 and 2021. As companies, governments, and individuals make this tremendous investment, policymakers are looking to the industry to catalyze economic growth within their communities – and to cultivate the capabilities needed to meet the security demands of an increasingly digital society.

Recognizing the opportunity inherent in the cybersecurity sector, the Commonwealth of Kentucky commissioned Simon Everett and our partner kglobal to conduct Kentucky’s first-ever statewide study of cybersecurity. The Kentucky Commission on Military Affairs, which sponsored the study with a grant funded by the Office of Economic Adjustment, sought a broad-based analysis designed to serve three related objectives: strengthen the economy by creating an environment conducive to the growth of the cybersecurity sector; protect critical infrastructure by promoting a healthy cybersecurity ecosystem; and make the defense industrial base more resilient by helping defense companies better assess growth and diversification opportunities in this adjacent industry.

After more than eight months of research, stakeholder interviews, and outreach, we recently concluded our work with a briefing to government leaders in the historic State Capitol in Frankfort. The 190-plus-page Kentucky Cybersecurity Industry Study is in fact a composite of ten smaller studies, each addressing a different facet of the state’s cybersecurity landscape. For example, we assessed the industry’s economic impact in Kentucky, analyzed the cybersecurity workforce, and reviewed risk management and governance frameworks.

Guided by our analysis, the study makes dozens of specific, actionable, and practical recommendations for Kentucky to realize the economic and security benefits of a vibrant cybersecurity sector. With purposeful action tied to strategic direction, Kentucky can become a hub for cybersecurity companies and talent, and it can be a leader in protecting citizens, businesses, and infrastructure from cyber risk.

Click here to view the Executive Summary of the Kentucky Cybersecurity Industry Study.

Crossing t's and dotting coms

We are pleased to announce that the United States Trade and Development Agency (USTDA) has awarded Simon Everett a prime contract to conduct a desk study review of Kenya’s National Cybersecurity Master Plan.

This project is particularly exciting for us, since Kenya is at the leading edge of cyberspace in Africa. Although it has long been a regional finance and technology hub, Kenya’s reputation as an incubator for emerging technologies leaped after the 2007 launch of M-PESA - a platform that is now recognized as a mobile payments pioneer. But in Kenya as elsewhere, the transformative promise of innovative information and communications technologies (ICT) goes hand in hand with cybersecurity risks.

In 2011, USTDA awarded a grant to the Government of Kenya to procure technical assistance with national-level cybersecurity planning. USTDA sponsors projects like this all over the world - in order to both spur economic development and expand the global market for American goods and services. As both a force for growth and a force for good, USTDA represents a salient success story for American foreign policy: the agency indicates that it is now generating $76 of returns for every $1 invested in international programs.

To ensure that its investment in Kenya’s cybersecurity future maps to the objectives of the grant, USTDA has retained Simon Everett to critically review the Master Plan and its associated components. We have developed an analytic framework that enables the technical expertise of our team to be applied in an objective, constructive, and logical fashion. Although this is the final step of this particular grant process, it’s just the beginning of an enhanced cybersecurity posture for Kenya and a new period of opportunity for cutting-edge American cybersecurity firms in East Africa.

2019 footer.png