Defense and Cybersecurity in Virginia
G2Ops, Virginia Beach
The field of cybersecurity is as old as the computer, but it’s only in the past decade that it went from being a periphery issue to a cornerstone of government budgets and one of the fastest-growing career fields. Anchored by the Pentagon, various military installations, and a variety of research hubs in between, Virginia is leading the fight to protect and defend in the cyber domain.
When it comes to cybersecurity for defense, Virginia is a leader for several reasons: its proximity to the nation’s capital, its concentration of military facilities, its cyber workforce and university system, and the breadth of companies of all sizes taking on cybersecurity challenges.
The 2021 federal budget proposal included a significant 6% increase in U.S. Department of Defense cybersecurity spend. The request comes after years of relatively flat cyber requests and signals growing concerns about the effect a cybersecurity breach could have on national security. The $10.4 billion includes $5.6 billion to protect IT systems, $2.5 billion for workforce development and new cybersecurity specialists, and various IT modernizations and advancements. When it comes to cyber, demand has likely never been higher, and when it comes to cyber investment, interest, and risk, the mantra is this: There’s nowhere to go but up.
“I’ve been in technology my entire career. We’ve always had to be concerned about security,” noted Tracy Gregorio, CEO of G2 Ops Inc., a Virginia Beach-based company that helps companies stay ahead of IT crime and cyber threats. “But for a long time, it was only an IT concern. Now everyone in your company needs to be aware, trained, and on alert — starting with the CEO.”
Virginia is arguably the birthplace of cybersecurity, dating back to the Pentagon’s Advanced Research Projects Agency Network (ARPANET), an experimental computer research network from the 1960s that connected the Pentagon to research facilities across the country. That legacy of cyber innovation continues today with initiatives positioning Virginia as a leader in cybersecurity, including the Commonwealth Cyber Initiative (CCI) and the Cyber Veterans Initiative, which commemorates five years since its implementation this Veterans Day in November.
Virginia has the nation’s second-highest active-duty service member population and the fourth-largest population of working-age veterans in the United States, with large clusters in Northern Virginia, home of the Pentagon, and Hampton Roads, home to the world’s largest naval base, Naval Station Norfolk.
Keeping that talent in the state after service is key, and cybersecurity firms like Sera-Brynn in Suffolk see value in taking “that highly trained and highly skilled competency and redirect[ing] it to the private sector,” according to CEO Rob Hegedus, himself a former U.S. Air Force intelligence officer.
“It was important to us to make sure that population didn’t leave here when they left military service, but built careers here,” said Penny Gross, a member of the Fairfax County Board of Supervisors and chairman of the Northern Virginia Regional Commission’s Community, Military, and Federal Facility Partnership.
Collaboration and Community
A key part of Virginia’s leadership in the defense cyber space comes from its proximity to the federal government, as well as the research chops it brings through area universities. The CCI connects efforts across the entire state and ensures research, technological advancement, and talent development happen collaboratively.
“We leverage resources from DoD, private industry, and government,” said Liza Wilson Durant, associate provost for strategic initiatives and community engagement at George Mason University and director of the Northern Virginia CCI node. “We’re trying to get folks to work together so we can have a bigger impact.
“We have to work together, not siloed. It’s collaborative work, marshalling assets and expertise so we can amplify the impact.”
The CCI has three main efforts: cybersecurity research focusing on physical systems, cybersecurity talent and workforce development, and security entrepreneurship and innovation. But because of the very nature of the work being accomplished, you won’t necessarily see the state’s cybersecurity efforts making headlines.
Sera-Brynn, Suffolk
Virginia is the security capital of the United States. You have security professionals, the federal government – who is all about security – and a legacy of security practices that cyber has grown out of.
“It’s hard to talk about because the nature of cybersecurity work is that it’s classified,” Durant said. “Some of the leading-edge work we’re doing at George Mason University, you’re not going to read about in the newspaper.”
Even some of the requests for proposals the government is releasing in cybersecurity are classified — meaning that the public doesn’t even know the work exists, with everything from proposal development to contract implementation occurring behind the closed doors of a secure facility.
360IT Partners, Virginia Beach
America's Security Capital
“Virginia is the security capital of the United States,” said Ernie Magnotti, chief information security officer at Arlington-based defense contractor Leonardo DRS. “You have security professionals, the federal government — who is all about security — and a legacy of security practices that cyber has grown out of.”
The Pentagon recently took further steps to put teeth behind its security practices with its implementation of the Cybersecurity Maturity Model Certification (CMMC). The interim rule went into effect in November 2020 and is expected to be included in all defense contracts by 2026. For requests for proposals with CMMC requirements, compliance is required in order to bid on the contract. That means Virginia contractors who want to stay competitive are having to get up to speed on CMMC — quickly.
“The government has been looking at its supply chain and saying, ‘Hey, this is a weak link.’ Everybody takes that seriously,” said Justin Carter, chief technology officer at 360IT Partners, a Virginia Beach-based IT services company. Carter noted that more than half of the projects they’re working on today are for CMMC compliance.
“Security is a cultural thing within an organization, and the culture of an organization is defined by its leaders,” said Carter. “You cannot be successful with a good cybersecurity program within an organization without the leadership’s buy-in.”
Service members and veterans are immersed in that culture of leadership, stability, and security. Virginia’s concentration of military facilities is positioning the Commonwealth to lead the way on critical cybersecurity issues.
