Ross Wilkers
David Svec and his partners at Veris Group formed the Vienna, Virginia-based cyber consulting firm in 2005 to help public and private sector organizations adapt their enterprises to a new cybersecurity landscape.
Svec’s government and business career includes stops at Booz Allen Hamilton as a risk management consultant and the White House in a critical infrastructure analysis role.
In this conversation with ExecutiveBiz, Svec discusses the firm’s cyber market strategy, the kind of workforce it wants and offers a five-year outlook.
ExecutiveBiz: What opportunities led you and your partners to found Veris Group? What demand is the firm seeking to fulfill?
David Svec: We recognized three primary changes in the marketplace that prompted us to found Veris Group. First, there was a growing demand from customers to hire a company that delivers the right balance of technical, strategic, and analytical expertise on cybersecurity engagements. We’ve been successful by solving cybersecurity challenges through technical and non-technical means, and I believe it’s that balance that customers appreciate.
Next, the growing funding levels and overall awareness of cybersecurity led us to establish the company. We deliberately work to position ourselves to be a market leader by being at the front of the line in different markets. This has been the case with FedRAMP and more recently Information Security Continuous Monitoring (ISCM). Last, our company has also been lucky to benefit from an environment that is increasingly small business-friendly in recent years.
ExecutiveBiz: How are you looking to complement the cyber market in the federal arena with that and some of the adjacent commercial markets?
David Svec: Our FedRAMP services have changed the dynamic of the company greatly. We have become a full-service provider of governance, risk, and compliance (GRC) services to include NIST, FedRAMP, HITRUST, PCI, ISO, and others. Half of our revenue is generated by providing an array of cybersecurity services to some of the largest companies in the world. Our GRC team’s goal has been to be the premier trusted advisor or assessor of several compliance frameworks and standards.
Our Cyber Automation & Modernization team is assisting Fortune 1000 companies to implement ISCM programs, while our Advanced Persistent Threat and Security Engineering teams are exposing, prioritizing, and helping correct serious vulnerabilities. What’s unique today is that many of the federal cybersecurity standards and practices are more innovative and mature than commercial ones, so we are well-positioned to serve those commercial markets.
ExecutiveBiz: What areas of cybersecurity are federal agencies increasingly seeking help in?
David Svec: As agencies build systems and migrate data to the cloud, they will continue to require assistance with programmatic, strategic, and technical cybersecurity issues. Through partnerships with companies like AWS, SalesForce, and IBM, we understand these environments well and are able to advise our government customers on best practices. Another area agencies are looking for help is implementing a Continuous Diagnostics and Mitigation (CDM) program and identifying and protecting against the insider threat. We also see growing demand in the defense segment for risk management framework implementation and cloud security services. Lastly, our overall GRC advisory and assessment services continue to be in high demand.
ExecutiveBiz: What kind of talent is Veris Group looking for as it pushes to expand?
David Svec: Veris Group is growing at an annual rate of between 50-60%. To sustain that growth, we need to continue hiring great people. We’re always looking for security professionals who want to be entrepreneurial and have a drive to understand and serve our customers. As the threats become more complex and cyber automation becomes more prevalent, the demand increases for professionals who understand new technology and trends in cybersecurity.
ExecutiveBiz: Where do you want to see Veris Group five years from now?
David Svec: Our goals are to stay focused on the principles that make our company strong, strengthen our share of the market, and continue being an innovative leader in cybersecurity. We will continue striving for excellence as a trusted advisor, assessor, and implementer of cybersecurity solutions and services among private and public sector customers. We have a true advantage of being able to share best practices among both sectors. Five years from now, I want our employees to feel proud of the company they have created and what they’ve accomplished. If we concentrate on our people, the rest will follow.
