Top 100: How Raytheon's big cyber bet is paying off

Raytheon is known as one of the world's biggest weapons makers but its big bet on cybersecurity is expanding its reputation into another lucrative market area.

Raytheon is a perennial top five weapons maker in the United States and top 10 on a global basis but the Waltham, Mass.-based company also continues to bet big on cybersecurity and what it calls “high-end” technology services.

The maker of missiles is aiming to become just as synonymous with cyber and certain technology services even as arms sales continue to drive growth. Raytheon expects total revenue to climb 9.1 percent this year to around $26.2 billion mainly on weapons sales.

Within Raytheon, its $6.2 billion intelligence, information and services segment contains the cyber business, builds specialized high-end technologies for U.S. government platforms and updates military systems with new tools to extend their lifespans.

That composition of Raytheon’s services portfolio sets it apart from other similar businesses within a larger prime contractor, IIS President Dave Wajsgras told Washington Technology. Specifically because the company largely stayed out of commoditized enterprise IT work that includes maintenance and operations, Wajsgras said.

“We are a solutions and services organization but it's very high-end what we do... we don't do the commodity IT,” Wajsgras said.

Raytheon comes in at No. 5 on the 2017 Washington Technology Top 100 rankings on $4.3 billion in unclassified prime contracts for fiscal year 2016. The company climbed one spot from last year’s Top 100 and registered a 19.4 percent increase from the prior year in those contracting dollars.

What sets Raytheon apart in the government services market is that the company has largely avoided investor speculation that it would exit that business like its major defense peers Lockheed Martin, L3 Technologies and Harris Corp. have over the past two years.

Lockheed, L-3 and Harris left that market in light of margin pressures on their services businesses as agencies changed their buying mechanisms and sought to reduce spending. They got out to focus on higher-margin platforms and that has spurred analysts to wonder if General Dynamics or Northrop Grumman would do the same.

In that time, Raytheon executives have touted to investors their having “never went down the path of getting into fed IT business,” as CEO Thomas Kennedy said in a 2015 earnings call. Namely, he said then, because “we saw that would eventually get commoditized.”

Wajsgras shed more light to Washington Technology on how Raytheon positioned its services business as not what observers “typically think of a Fed IT company doing.” In one example he offered, Raytheon modernizes all elements in a software baseline of an Air Force command-and-control system.

IIS takes over the modernization and sustainment work on Raytheon missiles once in the field, Wajsgras said. IIS also sustains and modernizes components on the V-22 Osprey tilt rotorcraft, he added. Raytheon does the same on the Air Force's RQ-4 Global Hawk unmanned surveillance aircraft.

In essence, Raytheon works to make platforms more resilient and bring mission applications up-to-date with new technology platforms and software code. IIS' focus in government technology falls in a more specialized and narrow focus than other services businesses, according to Wajsgras.

“Services is a hundred miles wide, there's a thousand different ways to define the sub-elements of services and solutions,” Wajsgras said. “I think some people just shortcut what the definition really is so you have to have enough energy to peel the onion back at least one layer.

Cybersecurity also is an example that can fall within that wide scope of services, Wajsgras said. IIS handles much of Raytheon's cyber work for federal agencies such as those in the classified domain and Raytheon's Forcepoint joint venture it owns 80 percent of handles product sales to both government and commercial agencies.

And as of last week, Raytheon can finally include in its portfolio the potential seven-year, $920 million Homeland Security Department contract known as “Domino” for cyber services to DHS and 100 civilian agencies. Raytheon held onto Domino after an almost two-year protest process with numerous challenges from Northrop Grumman.

Raytheon also is building an entire cybersecurity system that includes firewalls and other defense tools for an entire country. Neither Wajsgras nor Raytheon will name the country or size and scope of the project due to customer sensitivities and other security concerns. But the project has helped bolster the company's reputation in cyber.

“That has turned out to provide an enormous amount of credibility for the company and we are now getting serious opportunities with other countries to do something similar,” Wajsgras said.

Close to 17 percent of Raytheon's total corporate sales in 2016 were in the classified domain, according to the company’s annual 10-K regulatory filing. Within IIS, Wajsgras said the segment’s classified programs represent almost half of its portfolio.

Raytheon's cyber strategy in fact traces its roots to the mid-2000s and Wajsgras helped shape that as corporate chief financial officer for nine years until he became IIS president in 2015. The company made 14 cyber-related acquisitions during his CFO tenure and also made internal investments, Wajsgras said.

“The theory of the strategy was that we would build capabilities that made us world class in aspects of cyber from the sword to the shield,” Wajsgras said. “And we would be able to offer those capabilities to our domestic and international customers.”

And there is also the Forcepoint venture that rebranded to its current name at the start of 2016 from its former Websense identity. Raytheon put $1.9 billion toward the venture in 2015 for its majority stake. The former majority owner of Websense, Vista Equity Partners, holds the remaining 20 percent.

Austin, Texas-based Forcepoint competes in the same spaces as the likes of Symantec or Palo Alto Networks, Wajsgras told Washington Technology. The venture's product portfolio spans the firewall, insider threat and automated scans for malware.

Forcepoint and IIS share cyber offerings and ideas with each other, as well as access to many government customers, Wajsgras said.

Raytheon has in recent times become the lone prime defense contractor to keep its commercial cyber footprint as many of its peers have exited. Boeing acquired Narus in 2010 then sold it to Symantec five years later, General Dynamics bought Fidelis in 2012 then divested three years later.

Northrop Grumman built up an internal commercial cyber practice now known as BluVector over two years then sold it to LLR Partners in January of this year.

Forcepoint is different than the rest, Wajsgras said, because of its largely independent and joint venture status from Raytheon's four other business segments including IIS. Raytheon reports Forcepoint's financial results separately as a fifth segment with $566 million in sales last year.

The venture has its own executive team and five-member board of directors that includes Wajsgras. Kennedy is chairman, two Raytheon board members and a Vista representive are also on the Forcepoint board.

Commercial cyber has a “different pace, different cadence and a different objective typically” than that of the defense market, Wajsgras said. The time-to-market in commercial for a product is “a fraction” of that in defense because of different product objectives, he said.

Other defense companies managed commercial cyber under defense governence policies and procedures “that just don't apply” in commercial, according to Wajsgras.

“I don't think it has anything to do with whether you are successful with cyber in the commercial marketplace, I think it's a management structure,” Wajsgras said. “You can't try to manage a commercial enterprise the way you manage a defense business.

“We have succesfully broken the code and are doing it the right way.”