Former Fort Meade Commander Ken McCreedy took the reins as director of the Maryland Department of Commerce’s (DOC) Division of Cyber and Aerospace in November. Since, he has been busy reviewing strategy and piecing together a vision for a more robust cybersecurity industry in the state.
In January, McCreedy convened with regional cybersecurity business leaders to share information on cyber-focused initiatives and 2016 legislative session priorities. Presented by the Cybersecurity Association of Maryland (CAMI) and its Buy MD Cyber program, the event took place at Praxis Engineering Technologies headquarters in Annapolis Junction.
Looking to grow, retain and attract cyber business to Maryland, McCreedy said his office is focused on cataloging industry assets, communicating with industry stakeholders and connecting people to workforce development, investment capital and tech transfer resources.
“This region’s strength is intellectual capital [acquired] principally doing work for the federal government,” he said. “Part of our role … is to assist in the process to take intellectual capital and experience and turn it out into the commercial sector.”
Part of that thinking came about from his own experiences with sequestration, McCreedy said. “A lot of you have felt the pain of working for the government as your sole basis for your business and are looking for opportunities to diversify.”
To get a handle on the state’s cybersecurity ecosystem, DOC has partnered with CAMI to promote the nonprofit organization’s Cyber Company Directory.
“The unofficial estimates are 600 cyber-related businesses in Maryland,” McCreedy said, with 169 currently listed in the directory. “I’d love to have 300 companies in the directory by July 1.”
Stressing the importance of breaking down information silos and sharing information, his division is recommending that cyber-focused organizations, such as the Chesapeake Regional Tech Council, the Tech Council of Maryland, the Northeast Tech Council and others, concentrate their efforts to produce larger events with larger turnouts as opposed to isolated, competing one-off events.
Likewise, he said, programs in state universities, the community college system and even K–12 STEM education should be linked to better address workforce development.
“One of the discussions we’re having with NSA now is how do you write some entry level jobs into contracts so you can hire kids right out of college, instead of every job requiring five to seven years’ experience,” McCreedy said. “We’re trying to grow some experience through the programs in academia.”
According to McCreedy, the National Cybersecurity Center of Excellence (NCCOE) will play a part in growing the state’s cyber industry, following its move to a new facility in Rockville in February that greatly expands its laboratory capabilities. Established as a partnership between the National Institute for Standards and Technology, Maryland and Montgomery County, NCCOE will focus on cybersecurity issues and create use cases that apply across 16 critical infrastructure protection sectors.
“We’re in the preliminary stages of putting together an innovation marketplace geared around use cases coming out of the NCCOE,” said LaToya Staten, program manager for cyber development at the DOC.
That information will be used to better inform assets such as the state’s Port Administration, automakers, the financial sector and others of what’s available and what they should be doing to protect their systems, she said.
CAMI Executive Director Stacey Smith noted that approximately 26 tech giants connected with the NCCOE also would be weighing in on issues, technology leads and ways to engage industry partners who can provide solutions. “It’s called a marketplace because [the DOC] wants sales to happen through this,” she said.
The state’s push for developing a more coherent cybersecurity ecosystem calls for eliminating dividing lines that separate activities taking place in Rockville, Fort Meade and other areas. “As we pick up momentum, how do we think of ourselves as a region and capitalize on the energy … as we try to compete with Massachusetts and Texas and California and market this as a place to go if you’re interested in cybersecurity?” McCreedy said.
Looking ahead, he identified internships and apprenticeships as key elements to creating jobs and work-ready employees, particularly in terms of creating entry-level positions that provide security clearances and train up employees for more advanced capabilities. “It’s that pipeline we’ve got to keep building [past academia],” he said.
“Some high school students intern at NSA in the 11th grade, but we can’t get our commercial companies to look at that same person in the same type of internship,” Staten said. “We need [commercial companies] to open up and let us know how we can better work with you [on this problem].”
Ed Rothstein, president and founder of ERA Advisory (and McCreedy’s successor as commander of Fort Meade), noted that other players, including the U.S. Naval Academy, are involved in the ecosystem as well. “The Governor’s Workforce Investment Board is another tool that our governor is looking at, trying to bring all this together,” he said.
McCreedy credited the Maryland Pathways Program, which links the state’s 14 community colleges together in cybersecurity programs, with creating a cadre of students with a strong cybersecurity background who are prepared to accept jobs that require technical certification, but not a four-year degree.
He also had praise for the emphasis the state began placing on K–12 STEM education beginning in 2004.
“[Chancellor Robert] Caret spoke to the BWI Business Partnership recently and said there has been a 50% increase in STEM majors within the University System of Maryland [since then],” McCreedy said. “It’s starting to have an impact, and now we’ve got to make sure those students have some rewarding jobs coming out of the other side.”
In the upcoming legislative session, the DOC will be advocating for more funding for the employee security clearance credit and Sensitive Compartmented Information Facility construction credits, Staten said.
More importantly, McCreedy said, the state still has a lot of work to do in terms of its own housekeeping.
“The new cybersecurity director told me there are 52 different [state-owned] networks, he said. “The state’s kind of where the military used to be up until a few years ago, where everybody’s got a server in their closet, and they don’t really know where all the networks are. They’ve got to bring that under control.”
Outside the state, he feels the emphasis should lie with promoting the Maryland brand.
“The CyberMaryland brand has a certain cachet,” McCreedy said. “If you look at strategic plans for Michigan and Virginia, a lot of it is mirrored on what we’ve done in Maryland. We’ve got to continue to be a thought leader in the industry and not fall back.”