Cybersecurity buzz could be a bubble

But probably not for a while

Is the current interest in cybersecurity only a passing fad, a bubble that, like the housing market, will burst?

Some experts think so. In a Washington Post article, Roger Novak, co-founder of a venture capital firm called Novak Biddle Venture Partners, said the proliferation of small and start-up companies seeking funding for cybersecurity products and services bears similarities to the dot-com bubble of the late 1990s and early 2000s.

"A lot of the early people made significant money, but there were a lot of 'me too' companies," he said in the Post article. "So a lot of people in the investment community probably absorbed losses in the space and began to move on."

For now, fueled in part by federal government needs, the market for cybersecurity firms is strong, the Post reported. "With the National Security Agency, the soon-to-be-relocated Defense Information Systems Agency and the newly-founded U.S. Cyber Command at Fort Meade; the Department of Homeland Security set to move to Anacostia; and the Pentagon just across the river, a region known for information technology is fast becoming a cybersecurity capital," wrote article authors Marjorie Censer and Tom Temin.

Web aggregator Slashdot linked to the article and collected some interesting comments. One Slashdot commenter, posting under the name "Glass Goldfish," said bursting bubbles are not as bad in labor-intensive fields.

"It will suck when people get laid off, but you're not buying a huge quantity of equipment that you have to sell at rock-bottom prices. Or entire streets of homes which won't sell even if they are heavily discounted," the commenter wrote. "You're probably ensuring that software is properly patched, hardware is not using default passwords and maybe some penetration testing. Apart from office furniture/computers, I don't see a great deal of capital investment. There may be investment in equipment, but that'll be for the client (government) to buy and maintain.

"Hopefully it'll create some work for people who desperately need it."

About the Author

Technology journalist Michael Hardy is a former FCW editor.

Reader Comments

Sun, Jul 11, 2010 Horace VA

I think there are several direct analogies between the cyber security bubble and the housing bubble: buyers were eager to get more than they could afford and fudged the numbers in order to get loan approval; lenders, hoping to make a quick buck, ignored falsified loan documentation and put unqualified buyers into homes they could not afford. Today's cyber security startups are similarly hiring as many IA "professionals" as possible, stressing quantity over quality. Resumes and credentials are rarely verified and exorbitant salaries are offered to underqualified cyber security "experts" in order to man newly-acquired contracts for DHS, NSA, etc. The bulk of today's cyber security professionals are nothing more than a false sense of security that will allow for plausible deniability when the first major cyber attack occurs. Until then, IA certification mills, so-called colleges and degree programs that churn out cyber security professionals who lack the skill and intelligence of most script kiddies will continue to proliferate, leading to the highly-inflated salaries that many of the menially-trained, non-college-educated employees in the field are earning. When this bubble bursts, we will see a crackdown on under-qualified cyber security professionals and/or substantial reductions in pay. With any luck, many of the credentials that make one an IA professional today (CISSP, CEH, Security+) will be recognized as having been poor measures of competence, and hiring and employment practices will rely more on thorough scrutiny of knowledge and actual job performance, and less on the certifications that a person brings to the table.

Thu, May 13, 2010 Aghilmort USA

Some extended thoughts on various facets of the blooming cyber bubble are posted @

Tue, May 11, 2010 KMO Portland,OR

Novak Biddle Venture Partners obviously have not been following the news or the significance of recent events. As the nation, both Federal and Civil Sector, becomes more dependent on technology, specifically internet communications, there is a documented increase in cybercrime and cyber espionage. This increase has not abated, quite the contrary it has by all measures increased. There is one thing that the Cybersecurity/Information Assurance community all agree on, networks connected to the internet can never be fully protected. This being the case there will always be a demand for cybersecurtiy products and services. The problem is an availability of qualified cybersecurity professionals. In a recent presentation by VADM McCullough, Commander of the Navy's US Fleet Cyber Command, he stated that the Federal government alone has an immediate need for between 20,000 and 25,000 cybersecurity specialists. This does not include private sector needs. A recent SANs study determined that in all of the NSA/DHS certified Information Assurance educational centers of excellence there are not even 1000 students in the pipeline! These numbers are self evidence that the cybersecurity industry is jin its infancy because just like other international crime issues (i.e. drug trafficking, terrorism, human smuggling, etc.) once you let that evil genie out of the bottle, you can never stuff him back in. That is why government efforts are entitled National Drug Control Policy and the International Organized Crime Control Policy. The Best you can hope for is to mitigate its effects to an acceptable level of tolerance. Such a problem is clearly not a "bubble issue" as the Novak Biddle Venture Partners inaccuratly predict.

Tue, May 11, 2010 shama Virginia

The dot com bubble was built on hype & creativity of become rich over night & unfortunately those trends still exist specially the financial tsunami was the outcome of both hype, greed & lack of integrity. As far as Cyber security is concerned, it is indeed not a bubble. Yes there is a mind set in the market place hat very much believe in making hay while the sun shines or making a quick buck. The startups on the Cyber security notion is very high because startups and certain short term mindsets think that Washington has a open check book and agencies & departments will frantically blindly sign off of on a new tool or new technology that can cure & address all ills. Friends I hope this time decision makers will make informed, well thought out, honest & ethical decisions before committing to a new toy, tool or technology that promises to be an encompassed solution to the Cyber challenges facing this Nation. This will be a big blunder & a big disservice to this Nation. If anything please look back to the events of 2002, 2003 when Sarbanes Oxley regulation was enforced, companies like Anderson Consulting, Enron, Worldcom faced dire consequences & disappeared, the public sector needs to learn from the SOX projects where millions & millions of dollars were spent, trees were killed anyone who could sell SOX could name their price and still all the promise of transparency & controls resulted in the recent financial Tsunami. Cyber Security is a absolute must & needed by both government & the private sector and across all verticals. To implement Cyber security in an organization Technology plays a key role as an enabler but the two main attributes absolutely cannot be ignored People & processes. It cannot be implement in a silo or within the USA companies & agencies need both cooperation & collaboration both within the USA & outside our borders. For the past few years I have observed a lot of lip service about security, transparency, accountability but no executable action plans. For the past two years I have met and seen thousands of vendors launch in DC with the hope of striking an exclusive deals. Within the DC parameters numerous members of the government have made great speeches, some retired or ex officials have established their own companies to get a piece of the government pie from their working friends, but the questions begged to be asked: Is technology or new tools be our magic wand to address the Cyber threats that faces us? This is also a great time to rethink & reevaluate all the multi years, multi million dollar long winded projects that have not added any value to all the existing Cyber Security challenges. It is high time the decision makers in the agencies are held accountable for wasting valuable dollars over bad causes. For additional information please contact me at:

Tue, May 11, 2010 Steve Jacek Ellicott City

I couldn't disagree with the writer more. People have a tendency to look at cybersecurity at enforcing password rules, assuring secure data transmission, protecting data at rest, minimizing the threat from hackers, and providing a secure facility. Unfortunately, today's efforts merely scratch the surface of a very complex problem. We live in an interconnected world which requires that we not only protect the assets we possess, but also assure rules associated with the data are enforced, like import / export compliance, a real problem in the aerospace and defense sector. Outside of good data security, today's data center management team are required to jump through hoops every time Congress or the States pass a new law. Most times, executive management wants these efforts to be funded within the existing budget, which is the real reason why many efforts sit idle. There is a lot of potential in this marketplace, it just requires a little time and a better economic outlook.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.


WT Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.