After spinning out from a Maryland government contractor and garnering seed investment and support from venture firm Squadra, the team at Sicura is setting out to grow a new startup focused on security and compliance automation in Baltimore.
With Squadra applying a new studio model and Sicura seeing early market adoption, the team is working to build a high-growth company around software developed inside the Maryland community of technologists that work to secure and protect the nation’s cyberspace.
Sicura originated inside Onyx Point, an 11-year-old government contracting company based in Hanover that focuses on IT infrastructure and security. After a team led by Onyx Point cofounder Trevor Vaughan created a research project to tackle problems they found while working with the National Security Agency, the company worked with the Fort Meade agency to open source the software through its Technology Transfer Program. Now, that open source technology is the core of Sicura, with the company’s product focused around automating compliance.
To bring it back to basics: Cybersecurity might seem like it’s about chasing down enemies, but for security engineers like Lisa Umberger, it’s more about keeping systems from allowing anything malicious to get in.
But engineers don’t have to start their processes over each time there’s a new system. Rather, the key is to ensure systems are in compliance with the cybersecurity best practices that are widely available. These guidelines are released by central institutions like the Gaithersburg-based National Institute of Standards and Technology and the Center for Internet Security. Different industries have specific frameworks, as well, like healthcare’s much-discussed HIPAA regulations.
Especially in heavily-regulated industries like government and finance, these frameworks aren’t optional. So companies put a lot of energy into making sure they’re complying with the guidelines, and keeping systems safe. Ultimately, it’s up to security engineers and DevOps teams to put the regulations in practice, and those professionals are ultimately who Sicura’s technology is supporting.
“As a security engineer, I feel like the product is built for me,” said Umberger, a University of Baltimore alumna and former VP at Onyx Point who is now Sicura’s chief product officer.
“As a security engineer, I feel like the product is built for me.”
Sicura helps to “translate” which of the guidelines map to configurations in a system. And it offers more specific remediation data than what’s available from a typical report produced by scanning software. Overall, the focus is on ensuring that systems remain compliant even after they are deployed.
“It’s great if you start compliant, but these systems need to stay compliant,” Umberger said.
The Sicura team worked together over three years, further developing the product. They added a user interface, as well as integrations with different scanners and servers. Eventually, it was offered to businesses beyond the government, and became a sizable revenue generator for Onyx Point — the company added clients like IBM and a global investment firm. In all, it made nearly $1 million in revenue, without a sales and marketing team beyond Umberger.
That led the team at Onyx Point to seek ways to spin out the product, which ultimately brought them to the team at Baltimore-based investment firm Squadra.
Before running exited cybersecurity company Red Owl, Squadra Managing Partner Guy Filippelli previously spun out BTS Software Solutions from his prior firm Berico Technologies. That deal was a government services firm spinning out a product — the same type of venture that the Sicura team was looking to create.
Now, the product will grow within Squadra as a Baltimore-based company. The firm is providing seed funding and making the company the first under its startup studio model.
With the investment, for which the dollar amount was not disclosed, the team is looking to grow business and sales capacity, advance product development, execute quality assurance testing and continue to advance the company’s core product.
It is also looking to add to the team of 13. It has added three team members since spinning out, and currently there are openings for a full stack developer, a technical account manager and a business development account exectuive.
But the support goes beyong capital. Squadra’s team is also bringing business acumen. Filippelli is now the interim CEO of Sicura and portfolio operations associate Arianne Price joined the company as director of operations. The companies will be co-located at Squadra’s forthcoming offices at North Baltimore’s Village of Cross Keys. Rather than a typical investor-company approach, they’re building side-by-side.
There were a couple factors that went into the decision to not just invest, but to get directly involved in the day-to-day of the company’s growth, Filippelli said. For one, the product proved to be sophisticated, and showed two potential avenues for growth for the company, both by offering it to enterprises and augmenting firms’ services offerings.
Another was the existing Sicura team, which stood out as “smart, passionate … earnest group of highly technical people,” Filippelli said. “They’re amazing to work with and they’re inspiring.”
That the team had achieved revenue without sales and marketing also showed an opportunity for venture backing to provide resources that could help it grow. The direct involvement also means Squadra can share leadership and approaches from experience growing such a company.
Eventually, the idea is that the company reaches a new phase of growth.
“My objective is to work myself out of a job as quickly as possible when the time is right,” Filippelli said.
It’s all working toward building a tech company in a way that’s uniquely suited to the region’s strengths. In Maryland’s active world of cybersecurity-focused government contractors that congregate around NSA headquarters at Fort Meade, there has been talk in recent years of sprouting more product-focused startups with spinouts from services firms. Squadra’s approach shows one way the tech community can play a direct role in helping them blossom.