Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

First: in case you're wondering, this is not a complete or even representative history of the early days of ISS. I like Chris fine, but there was a long time ISS ran as a 2-3 person company and those people are the ones HN folks probably want to know about.

Second, while I admire the analytic approach, the raw data here isn't very interesting:

* Most of these companies went nowhere.

* Many of them were never funded.

* Some of them aren't really security companies (for instance, Sonicity, which I cofounded, and Zoompf, Billy Hoffman's web performance startup, which has existed for I think a couple of weeks now).

* Most of them have nothing to do with ISS, and everything to do with GATech, which has been excellent on information security for a long time.

Finally, it's worth pointing out that every other tech hub is also a security hub; you can draw similar graphs for Austin, Boston, and of course the Valley. Similarly, lots of other tech companies were funded in Atlanta. WheelGroup/Cisco, TippingPoint, RSA, and @Stake/Symantec also shed lots of little spinoff companies.

At the end of the day, security products are just a uniquely easy way to suck large amounts of money out of large corporations using small dev teams and small direct sales teams.

Some quick notes:

* Zoompf isn't a security company. * WebTone isn't a securty company * VistaScape is physical/plant security, not IT * Starpound isn't a security company * Sonicity isn't a security company * Kaneva is Chris Klaus' video game company * Steelbox isn't a security company * Omnilink is a physical/plant security company, not IT * Virima isn't a security company

And then:

* ScannerX was a services company * RBTI was a VAR * Errata is a services company * Vigilar is a services company * Infoweapons is a VAR

Finally:

* NMotion never appears to have launched or gotten funded * I can't find Key Connections * Pramana doesn't appear to have gotten funding

Some genuine Atlanta security startups w/ traction (he's not making up the fact that there is a security scene in Atlanta):

* ISS (IBM) * SPI Dynamics (IBM) * CipherTrust (McAfee) * Damballa (still a going concern with serious funding) * Reflex (still a going concern [limping] with serious funding) * Oversight (and, actually an ISS relationship)

I think he's got a point about Atlanta but a little bit less of a point about ISSX.



Its not possible to cover all aspects of a company in a couple of paragraphs, but if you look at the dates - they are entirely consistent with operating as a small company for 2-3 years: security scanner released in 1992, no funding until 1996. As to interest - maybe Hacker News is interested in the early days, but as that kind of thing is covered over and over it is of no interest to me. Thats not what I'm researching.

Second: Most tech companies everywhere go nowhere. What is interesting is that in 1986 there were a lot of computer companies in Atlanta, but only (so far as I can tell) one security startup. ISS made the market hot, and a new cluster formed where there was not one before. As to the idea that work experience at a startup that sells for $1.3 billion has 'nothing to do with' it... I politely disagree. Whether you can draw a security hub in other places - you could NOT draw one in Atlanta before ISS. That is why it interests me - because it is new. As to its importance - I spoke with founders across the cluster, and yours is the first opinion that is so dismissive of ISS.

As to your other comments, I'll just quote me, since you didn't read the article:

"This is an incomplete founder map of security companies in Atlanta. Each link indicates that a founder worked at one company (as employee or founder), then went on to found another company. When 3+ executives came from another company, as in the case of Damballa, I’ve drawn a link and marked it as such. A few nodes are missing founder links, and that means I haven’t found any. Note that if you were to plot links between companies in terms of all employment, boards of directors, boards of advisors and investors, this web is so dense as to be incomprehensible. Also note: When founder paths cross in and out of the cluster, I’ve included the complete path, whether they remained in Atlanta or not. This means that a few of these companies, such as ZScaler, aren’t Atlanta companies, and that a few companies like Starpound, aren’t security companies."

I'm actually particularly interested in offshoots that aren't security companies, as well as flows into this cluster, and so I've included them. And I haven't filtered small/failed startups, because they're still important in showing a vibrant ecosystem.


Ok, but Russell, you're leaving out the fact that you couldn't draw a cluster of security startups anywhere before ISS. The only companies that truly predate them in the space are TIS and Secure Computing, both of which were pre-startup-culture companies.

I'm not refuting you, I'm just saying that I think GATech has more to do with the Atlanta security scene than ISS does. Several of major companies on your list --- Lancope and the Jay Chaudhry graph clique, for instance --- have no genetic material from ISS at all.

One point worth adding to your analysis (it supports your argument and not mine) is that part of the cluster owes to Sigma Partners, early backers of ISS and enthusiastic supporters of an Atlanta security scene.


SecureIT sold ISS's stuff - but you're right - there is no genetic link. Jay did acknowledge that ISS made the market hot and showed the potential. Anyway, that is perhaps the most interesting part of the graph. Multiple root nodes sprung up as the market exploded - and the cluster sustained in Atlanta, whereas other dot com clusters did not. I don't think thats coincidental - I think security is a good fit for Atlanta, and so it prospered.

I haven't said so - but I take it for granted that Georgia Tech is behind all of this. It is widely acknowledged that a solid research university is a prerequisite for these clusters to form.

A founder map is just one way to look at this data. If you look at all employment overlap, funding, etc. the web gets very dense, and you see many more connections between these companies. The executive overlap in particular is very strong. When I started this, Linkedin's API was not open, and so I did this one manually because it is at a scale I could manually aggregate. Now that its open, other kinds of maps are possible.

This is just an introduction, I'm going to be digging in deeper in later articles.


I really hate to admit it, but Hotlanta has a real startup scene. Maybe part of what's happening is:

* Many of the other major CS/EE research universities are in cow towns like Ann Arbor, Chambana, and Madison.

* Many of the other non-Valley tech centers happen to be in places, like Atlanta, Seattle, and Austin, where a research university coincides with a thriving metro area.

* The few places that don't have startup scenes proportional to their population size and University caliber are, like NYC and LA, prohibitively expensive.

I like the work you're doing. I'm just pointing out that there's a huge biasing effect with ISS. It's the first successful IT security startup (the Netscape of its field), which sets you up for post-hoc-ergo-propter-hoc. Even its GATech roots are easy to overstate (much of its original talent came from Arizona and California).


Yes, Atlanta has a real startup scene across several clusters. It doesn't have one across all clusters - and many people are in denial about this, and what it means to them personally.

ISS is just a starting point. As a writer, its easier to approach a complicated topic with a hook - ISS is the hook. But I don't think its coincidence that ISS was the netscape of its field, and the fact that we have a sustaining cluster in security.

I agree that bringing in talent from afar happened - that seems to have been key to many of the offspring.


Ok. So, if it's not a coincidence that ISS was the Netscape of security in Atlanta, what do you think the reason is?

(If you can't tell, I'm somewhat closer to the history of ISS than most HN readers, and not just because I'm in security).


I think Atlanta was very lucky to have Chris Klaus and ISS, but it also happened to have Jay Chaudhry and Michael McChesney. It happened to have Tom Noonan, Sig Mosely and John Imlay, who were visionary enough to see the potential of Chris's product. It happened to have MSA. It happened to have an existing workforce in network communications and finance with transferrable skills, and it happened to have Georgia Tech.

I think that all adds up to a good fit. I think Atlanta wanted to birth a security cluster. I think there were vectors in place, pushing Atlanta the whole way.


Tom Noonan is a very good point. There were Chris Klauses in at least 3 other places at the same time, but only one ISS and only one Tom Noonan. ISS was also managed very differently than their mid-'90s competitors, in ways you can trace back to Noonan.

Noonan is also definitely a product of Atlanta.


Tom also invested in and advised many companies after ISS. The founders of SPI dynamics are doing the same thing. Lots of the founders of these companies that exited have done that, or gone on to found more than one company. Its what sustains the cluster.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: