Steve Jacyna is director of emerging cybersecurity solutions at Carahsoft, where he develops and facilitates sales and marketing strategies for a portfolio of cybersecurity and other technology vendors. He applies his extensive knowledge of government contract vehicles and procurement cycles to connect solution providers with the government organizations that can benefit from their offerings.
Jacyna recently participated in a Q&A conversation with ExecutiveBiz to discuss how Carahsoft works with emerging technology vendors, how its “better together” approach can benefit agencies and some emerging cybersecurity technologies agencies should know about.
You focus on cybersecurity, which certainly is top of mind for government organizations today. Tell us about your role at Carahsoft.
My team is primarily responsible for working in the cybersecurity sector and supporting both emerging and mature cybersecurity vendors. We spend a lot of time researching the capabilities of emerging vendors and how agencies can benefit from them. We follow the market closely, meet with venture capital and private equity firms and interact with startups.
The goal is to uncover the emerging technologies that are well suited to reducing the unique cyber risks agencies face today and will face tomorrow. We identify the vendors that have sound technology and strong potential for growth to make them reliable partners for government.
You work with a lot of startups. What kind of growth have you helped them achieve?
There’s a long list of cyber vendors we’ve helped grow in just a few years, from very small companies with a limited profile in public sector, to very large companies with a massive footprint. Some of these would include companies like Zscaler, Infoblox, Exabeam, Okta, Trustwave, Radiant Logic and Recorded Future. We’re focused on identifying the vendors we believe will see rapid growth based on the technology they offer and their commitment to the government market.
We often advise startups to plan on what we call a “two-September process.” In other words, success takes time, and they shouldn’t expect a big contract in their first year of a public sector sales program. But by the second September, prospective customers will have had time to evaluate their products and potentially include them in the budget cycle. The vendors committed to the long haul are the ones who achieve success.
Carahsoft works closely on go-to-market strategies for the technology providers in its portfolio. What does that collaboration look like?
We provide what we like to call white-glove service. I’ve been with Carahsoft for 16 years, during which time we’ve grown from 50 to about 2,800 people, and the focus and energy around delivering that level of customer service hasn’t changed.
We give vendors access to marketing programs, contract support, industry trade shows and prospective customers. We do everything we can to set them up for success and guide them through their evolution from public sector startup to established enterprise.
A good example is the way we support vendors interested in achieving Federal Risk and Authorization Management Program authorization. FedRAMP is a complex, time-consuming and expensive process. Because we’ve helped a lot of companies through it, we can share insights and lessons learned. For instance, some smaller vendors partner with established companies that can host their solution in a FedRAMP-compliant cloud, so the vendor doesn’t have to pursue its own FedRAMP authorization.
Many of the vendors you work with also collaborate with one another to service customers more effectively. How does that process work?
At Carahsoft we call this “better together.” There are a lot of vendors with complementary technologies that—when combined—become force multipliers. Because these vendors coexist within the Carahsoft ecosystem, we can bring them together to create co-branded, “better together” stories we can take to the marketplace.
In fact, one of our core strategies is identifying the inflection points where combined technologies provide agencies with greater benefits. For instance, we’ve been working with Okta, Zscaler and CrowdStrike on a better-together story around zero trust. Of course, zero trust isn’t a solution that agencies can buy, but a framework they should adopt. These vendors offer complementary solutions that each cover a pillar of the zero trust architecture. Because the solutions work well together, agencies considering one solution could realize greater advantages by adopting all three.
Because cyber threats are always evolving, so are cyber solutions. What are some technologies agencies should keep their eyes on in the near term?
One area that’s getting new attention is identity verification — solutions that use biometrics or credential scanning or other technology to enable users to verify who they are. This has become an important capability at all levels of government as agencies work to combat fraud.
We’re also seeing more agencies adopt threat intelligence solutions. Some larger cyber providers have threat intelligence components, because they see a lot of traffic they can analyze to identify emerging threats. Smaller vendors are now specializing in threat intelligence, scraping the dark web and conducting other research to anticipate the next type of exploit. They provide this intelligence to analysts working in agency SOCs, or security operations centers, so they can continually fine-tune agency protections.
Finally, quantum cryptography is getting a lot of attention. Forthcoming quantum computers will likely be able to crack existing encryption codes. There’s a race to develop quantum-level encryption solutions to keep ahead of that potentially very serious threat, and agencies will want to watch that space.