

Spotlight on ISS: Atlanta’s Security Cluster - rjurney
http://techdrawl.com/spotlight-on-iss-atlantas-security-cluster/

======
angelbob
Paul Graham wrote about how the internet revolution may be relatively
localized -- Silicon Valley doesn't need many competitors. He has a point, but
this provides an interesting blueprint for an alternate vision.

Specifically, when they talk about Security being a good match for the Atlanta
mindset, they're giving an idea of how other regions can specialize themselves
in a way that makes them more attractive to other companies.

Granted, most attempts along these lines haven't done well. But it's
heartening to see that Atlanta has.

------
tptacek
First: in case you're wondering, this is not a complete or even representative
history of the early days of ISS. I like Chris fine, but there was a long time
ISS ran as a 2-3 person company and those people are the ones HN folks
probably want to know about.

Second, while I admire the analytic approach, the raw data here isn't very
interesting:

* Most of these companies went nowhere.

* Many of them were never funded.

* Some of them aren't really security companies (for instance, Sonicity, which I cofounded, and Zoompf, Billy Hoffman's web performance startup, which has existed for I think a couple of weeks now).

* Most of them have nothing to do with ISS, and everything to do with GATech, which has been excellent on information security for a long time.

Finally, it's worth pointing out that every other tech hub is _also_ a
security hub; you can draw similar graphs for Austin, Boston, and of course
the Valley. Similarly, lots of other tech companies were funded in Atlanta.
WheelGroup/Cisco, TippingPoint, RSA, and @Stake/Symantec also shed lots of
little spinoff companies.

At the end of the day, security products are just a uniquely easy way to suck
large amounts of money out of large corporations using small dev teams and
small direct sales teams.

Some quick notes:

* Zoompf isn't a security company. * WebTone isn't a securty company * VistaScape is physical/plant security, not IT * Starpound isn't a security company * Sonicity isn't a security company * Kaneva is Chris Klaus' video game company * Steelbox isn't a security company * Omnilink is a physical/plant security company, not IT * Virima isn't a security company

And then:

* ScannerX was a services company * RBTI was a VAR * Errata is a services company * Vigilar is a services company * Infoweapons is a VAR

Finally:

* NMotion never appears to have launched or gotten funded * I can't find Key Connections * Pramana doesn't appear to have gotten funding

Some genuine Atlanta security startups w/ traction (he's not making up the
fact that there is a security scene in Atlanta):

* ISS (IBM) * SPI Dynamics (IBM) * CipherTrust (McAfee) * Damballa (still a going concern with serious funding) * Reflex (still a going concern [limping] with serious funding) * Oversight (and, actually an ISS relationship)

I think he's got a point about Atlanta but a little bit less of a point about
ISSX.

~~~
rjurney
Its not possible to cover all aspects of a company in a couple of paragraphs,
but if you look at the dates - they are entirely consistent with operating as
a small company for 2-3 years: security scanner released in 1992, no funding
until 1996. As to interest - maybe Hacker News is interested in the early
days, but as that kind of thing is covered over and over it is of no interest
to me. Thats not what I'm researching.

Second: Most tech companies everywhere go nowhere. What is interesting is that
in 1986 there were a lot of computer companies in Atlanta, but only (so far as
I can tell) one security startup. ISS made the market hot, and a new cluster
formed where there was not one before. As to the idea that work experience at
a startup that sells for $1.3 billion has 'nothing to do with' it... I
politely disagree. Whether you can draw a security hub in other places - you
could NOT draw one in Atlanta before ISS. That is why it interests me -
because it is new. As to its importance - I spoke with founders across the
cluster, and yours is the first opinion that is so dismissive of ISS.

As to your other comments, I'll just quote me, since you didn't read the
article:

"This is an incomplete founder map of security companies in Atlanta. Each link
indicates that a founder worked at one company (as employee or founder), then
went on to found another company. When 3+ executives came from another
company, as in the case of Damballa, I’ve drawn a link and marked it as such.
A few nodes are missing founder links, and that means I haven’t found any.
Note that if you were to plot links between companies in terms of all
employment, boards of directors, boards of advisors and investors, this web is
so dense as to be incomprehensible. Also note: When founder paths cross in and
out of the cluster, I’ve included the complete path, whether they remained in
Atlanta or not. This means that a few of these companies, such as ZScaler,
aren’t Atlanta companies, and that a few companies like Starpound, aren’t
security companies."

I'm actually particularly interested in offshoots that aren't security
companies, as well as flows into this cluster, and so I've included them. And
I haven't filtered small/failed startups, because they're still important in
showing a vibrant ecosystem.

~~~
tptacek
Ok, but Russell, you're leaving out the fact that you couldn't draw a cluster
of security startups _anywhere_ before ISS. The only companies that truly
predate them in the space are TIS and Secure Computing, both of which were
pre-startup-culture companies.

I'm not refuting you, I'm just saying that I think GATech has more to do with
the Atlanta security scene than ISS does. Several of major companies on your
list --- Lancope and the Jay Chaudhry graph clique, for instance --- have no
genetic material from ISS at all.

One point worth adding to your analysis (it supports your argument and not
mine) is that part of the cluster owes to Sigma Partners, early backers of ISS
and enthusiastic supporters of an Atlanta security scene.

~~~
rjurney
SecureIT sold ISS's stuff - but you're right - there is no genetic link. Jay
did acknowledge that ISS made the market hot and showed the potential. Anyway,
that is perhaps the most interesting part of the graph. Multiple root nodes
sprung up as the market exploded - and the cluster sustained in Atlanta,
whereas other dot com clusters did not. I don't think thats coincidental - I
think security is a good fit for Atlanta, and so it prospered.

I haven't said so - but I take it for granted that Georgia Tech is behind all
of this. It is widely acknowledged that a solid research university is a
prerequisite for these clusters to form.

A founder map is just one way to look at this data. If you look at all
employment overlap, funding, etc. the web gets very dense, and you see many
more connections between these companies. The executive overlap in particular
is very strong. When I started this, Linkedin's API was not open, and so I did
this one manually because it is at a scale I could manually aggregate. Now
that its open, other kinds of maps are possible.

This is just an introduction, I'm going to be digging in deeper in later
articles.

~~~
tptacek
I _really_ hate to admit it, but Hotlanta has a real startup scene. Maybe part
of what's happening is:

* Many of the other major CS/EE research universities are in cow towns like Ann Arbor, Chambana, and Madison.

* Many of the other non-Valley tech centers happen to be in places, like Atlanta, Seattle, and Austin, where a research university coincides with a thriving metro area.

* The few places that don't have startup scenes proportional to their population size and University caliber are, like NYC and LA, prohibitively expensive.

I like the work you're doing. I'm just pointing out that there's a _huge_
biasing effect with ISS. It's the first successful IT security startup (the
Netscape of its field), which sets you up for post-hoc-ergo-propter-hoc. Even
its GATech roots are easy to overstate (much of its original talent came from
Arizona and California).

~~~
rjurney
Yes, Atlanta has a real startup scene across several clusters. It doesn't have
one across all clusters - and many people are in denial about this, and what
it means to them personally.

ISS is just a starting point. As a writer, its easier to approach a
complicated topic with a hook - ISS is the hook. But I don't think its
coincidence that ISS was the netscape of its field, and the fact that we have
a sustaining cluster in security.

I agree that bringing in talent from afar happened - that seems to have been
key to many of the offspring.

~~~
tptacek
Ok. So, if it's not a coincidence that ISS was the Netscape of security _in
Atlanta_ , what do you think the reason is?

(If you can't tell, I'm somewhat closer to the history of ISS than most HN
readers, and not just because I'm in security).

~~~
rjurney
I think Atlanta was very lucky to have Chris Klaus and ISS, but it also
happened to have Jay Chaudhry and Michael McChesney. It happened to have Tom
Noonan, Sig Mosely and John Imlay, who were visionary enough to see the
potential of Chris's product. It happened to have MSA. It happened to have an
existing workforce in network communications and finance with transferrable
skills, and it happened to have Georgia Tech.

I think that all adds up to a good fit. I think Atlanta wanted to birth a
security cluster. I think there were vectors in place, pushing Atlanta the
whole way.

~~~
tptacek
Tom Noonan is a very good point. There were Chris Klauses in at least 3 other
places at the same time, but only one ISS and only one Tom Noonan. ISS was
also managed very differently than their mid-'90s competitors, in ways you can
trace back to Noonan.

Noonan is also definitely a product of Atlanta.

~~~
rjurney
Tom also invested in and advised many companies after ISS. The founders of SPI
dynamics are doing the same thing. Lots of the founders of these companies
that exited have done that, or gone on to found more than one company. Its
what sustains the cluster.

------
jasonlbaptiste
Spot on. Draw those graphs for other cities and you can see how strong they
are as a startup community and/or a specific tech sector. Every city needs a
patient zero company- one with a sizable exit that lets their founders invest
back+create new startups in the area. I've often professed that sadly Miami
has no patient zero in the web startup space. Silicon Valley can probably be
tied back all the way to fairchild semiconductor.

~~~
rjurney
Thanks!

There's a poster of the 'Fairchildren' that inspired this one - that shows the
explosion of companies from Fairchild Semiconductor (if anyone has a link, plz
post it). There is also a more comprehensive poster of Atlanta technology
companies - showing how they all trace back to MSA/Scientific Atlanta:
<http://www.charbaxter.com/timeline/timeline_poster.pdf>

I think you could monitor these graphs as they change and new 'root nodes'
emerge, and you could early detect cluster formation and direct stimulus
accordingly.

~~~
jasonlbaptiste
You're welcome! I would love to see a Grad research project and/or group of
entrepreneur enthusiasts put a graph like this together for most startup
cities. You could probably equate some mathematical values to it as well to
give an overall "startup friendly" score. That might be hard to objectify
though. Keeping it open is also key. Think about the past few years and what
has happened. Within 2 months after selling Mint, Aaron Patzer already made
his first angel investment.

~~~
rjurney
I'm hoping to construct one of these for Atlanta's clusters in finance and
network hardware/software as well. In practice, they overlap a great deal.

And I agree - I think that not only can you rate startup friendliness this
way, but you can directly measure 'startup wealth' and detect cluster
emergence.

~~~
celiadyer
Russell, this is an awesome and very thorough visualization and analysis of
Atlanta's cluster of security-focused companies. Luckily for Atlanta, the
emerging convergence of TV-mobile-computer to a single device presents a
tremendous need for more and more security products. Too, the threat of
Internet terrorism does the same. Great job. Fascinating visualization.

