Derek Harp had big plans for building out cybersecurity products for a very specific market: the nation’s critical infrastructure systems and its power grid. But he needed a certain type of security professional to help him realize those goals.
A meeting with former Internet Security Systems Co-Founder Tom Noonan convinced Harp that he would find those people in Atlanta. Noonan led ISS towards an eventual acquisition by IBM, while also laying the foundation for Atlanta as a cybersecurity hub.
“I came here for the talent. I was not coming for the capital,” said Harp, co-founder and executive chairman of NexDefense. Noonan, as it turns out, now sits on his board of directors.
Harp has also served as a mentor and early stage investor for other security-related startups. When advising entrepreneurs, he zeroes in on the importance of getting the right team members to join a founder’s journey.
“Getting players in the right seats on the bus, that’s tough,” he said. “The move to Atlanta was necessary to get the right teams on the bus. We wanted both infrastructure experience and control system knowledge, but also people who have released highly successful commercial software. We built a team from the ground up with deep wells in both areas.”
That team’s mission at NexDefense is to protect the kinds of automated industrial control systems like SCADA that manage long-distance power transmissions. Founded in 2012, NexDefense’s flagship product is Sophia software, which started life as a corporate/government research project before NexDefense acquired it. Sophia gives network operators “complete situational awareness in the communications of a control network,” Harp said. “These control networks are very different and they are much more resistant to technologies that could actually harm them while trying to do something good. We acquired this technology and have done a great deal of work to make them customized and specific.”
Sophia is now deployed in “multiple dozens of locations,” and what Harp calls “a significant infrastructure company” has adopted NexDefense technology. “We’re getting a lot of different use cases across different industry verticals. We feel like we’re breaking out right now as far as our startup story goes.”
Harp says he’s raised $5 million so far for NexDefense (“I have Atlanta investors, but also investors in a number of other locations,”) and expects “very significant seven-figure growth” in 2015. “We’re very optimistic about what this year will look like. We’ve all been through downturns. We’re looking at growing a high-value company versus huge launch parties.”
NexDefense has always been a response to potential weaknesses in the U.S. power grid, so the kinds of issues that former ABC “Nightline” newsman Ted Koppel brought up in his latest book, “Lights Out,” aren’t new to Harp, who met Koppel shortly after the book was published last November.
“He asked me, ‘What do you think about the position I’m taking?'” Harp recalled. “I think his core premise is pretty sound, but word choice is incredibly important. I think I’d characterize him as ‘leaning forward.’ I do generally agree. We’re extremely vulnerable. That’s the business I’m in.
“The tech involved in the grid is decades old, and some of the problems have been emerging for some time. Professionals in this space have been concerned for quite some time, but that concern is mounting.” Thanks in part to the rise of mobile devices, “there are more attack vectors, more ways of unintended connectedness, if you will, more information about third-party actors. It’s not a problem that’s standing still. It’s potentially getting worse,” said Harp.
“One thing Ted is right about is that we are a ‘just-in-time fulfillment society,’ and if you disrupt that you have a very big problem.”
Harp has been wanting to help address that problem since 1997, when he co-founded the IT security firm LogiKeep with Michael Assante as they were finishing up their years of service in the Navy. (Assante and Mike Sayre are co-founders of NexDefense.) They successfully navigated that company towards an eventual acquisition by Cisco Systems in 2006.
But Harp has also been active with the SANS Institute, a research/education non-profit and a credible source of cybersecurity information and training since the Internet’s early days. He helped to found SANS’ Industrial Control Systems (ICS) Security Business and serves as chairman of the Global Industrial Cyber Security Professionals certification program, which includes SANS’ experts.