Coalfire acquisition tracks with Veris Group's founding principles

When co-founders David Svec and Douglas Greise created Veris Group in 2005, the idea was to build a firm that would help contractors meet the cybersecurity mandates to do business with the federal government.

A decade or so later that is still a driving principal behind what they do but cyber landscape has shifted dramatically.

“We’re a couple of former Booz Allen guys,” Svec told me. They aren’t selling software or technology or any kind of products. But they are selling the cyber consulting and expertise needed in the market today.

The company’s early success was as the first FedRAMP third-party assessment organization or 3PAO. AT&T was an early client. They were followed by the likes of Amazon Web Services, IBM, Microsoft and a long list of others.

While FedRAMP will remain an important part of what Veris does, it also has expanded beyond that.

“You can map our work along three lines – compliance, engineering and advanced technical assessments and testing,” he said.

Now the company has taken another step in its evolution. At the end of 2016, it was acquired by Coalfire, a competitor but also one with complimentary offerings and customers.

Being acquired opens a new chapter for Veris Group, which for now operates under the Veris name, and provides several things Svec knew they needed.

“We wanted national scale and we needed a larger sales force,” he said. Coalfire provides that.

Svec is now vice president of Coalfire Federal, and Greise is vice president of Coalfire Labs, which absorbed Veris’ adaptive threat division.

“We knew Coalfire well – they were our biggest competitor for FedRAMP work – but we had a lot of respect for them,” he said. “And we are a good fit for them because they are more of a pure play commercial company.”

For Svec, the FedRAMP certification work is what he calls commercial business because the customer is another company, not a government entity. When the company does work directly for an agency – for example, doing a cyber risk assessment – that is what Veris considers government work.

Right now about 40 percent of the work is commercial and 60 percent is federal, he said.

As Veris grew, Svec said he knew it was time for them to find a partner.

The combination with Coalfire opens larger markets for Veris. In addition to work with cloud service providers and the public sector, Coalfire also works in the financial services, health care and life sciences, payments, and hospitality industries among others.

The combination will help Veris expand what it has been providing: technology enabled services such as security engineering, policy development, incident response analysis, etc.

The need for cloud services will continue to grow, so FedRAMP is here to stay and Svec said he sees a growing demand to share best practices between the commercial markets and the federal market.

Veris can tap into Coalfire Labs which provides penetration testing, social engineering, digital forensics and analytics. They also provide hunting services, which look for anomalies inside a customer’s network to spot problems early.

The company also can take CoalfireOne, a set of security tools, to market.

While Veris was doing similar work on its own, with Coalfire, the scale is just much bigger, Svec said.

The deal was funded by new equity investments by the Carlyle Group and the Chertoff Group, two private equity groups with deep roots in the public sector market.

“This really is a window of opportunity for us,” Svec said.

Customers, both commercial and government, face quickly evolving threats. “The attacks are much more complex and sophisticated,” he said.

Often what customers need is a trusted partner and that’s the role that Coalfire and Veris are trying to fill.

“There are so many technical solutions and people are just inundated with stuff,” Svec said. “They need someone who understands them and understands the right solutions.”