When Terry Gudaitis launched her business, Mindstar Security & Profiling, in March 2013, the IT security expert had previously racked up roughly two decades of experience in organizations big and small, including Cyveillance, SAIC and even the U.S. Central Intelligence Agency.
“A number of things came together all of a sudden,” says Gudaitis of the decision to launch her sole proprietorship, Mindstar, which handles custom security training, consulting and threat assessment for the commercial sector, including large corporations and government agencies. “I had gotten so much good experience at a number of places and as time ticked on I realized that while I had had so many fabulous CEOs and managers, I was done working for somebody else.”
Indeed, Gudaitis represents a small but growing niche within the IT security ranks: female executives who are striking out on their own – either running early-stage companies or starting up their own firms. While these women – some with 30 years of experience, and some just starting out in their careers – point out that starting up a technology business is always a challenge, most claim that they see this as the best path to building or furthering their career in cybersecurity where women are few in number and typically don't enjoy the same career trajectory as men.
For , often being the “only female in earshot” at conferences or business meetings had become commonplace enough that it didn't faze her to become a female executive running her own firm in a predominantly male-dominated field. “I have found that people typically remember me as having been beneficial to them,” Gudaitis (left) says. “And being the odd man out, no pun intended, usually helps – as long as you have the skills behind you.”
In a little more than six years, rising IT security star Georgia Weidman had already done gigs as a security consultant and engineer managing network and application penetration testing and vulnerability assessments for IBM, Gemini Security Solutions and Neohapsis before founding her first start-up in January 2012, Bulb Security, for which Weidman is also CEO. The firm specializes in research, development, penetration and security testing. More recently, in March 2015, Weidman launched a second company, Shevirah, which is squarely focused on the fast-growing area of providing testing tools and managing risk for mobile devices in enterprises, and testing the effectiveness of enterprise mobile management solutions. Herndon, Va.-based Shevirah was one of five companies selected for this spring's Mach37 Cybersecurity accelerator program, which seeds security startups.
“By going out on my own I am finally able to focus on the sorts of things that are interesting to me, such as vulnerability research and tool development,” Weidman says. “And it is where I can really provide differentiating value to the private and public sectors, rather than being a cog in a corporate wheel facilitating established, conventional practices.” There's a tremendous benefit to being at the helm of a start-up in the IT security business, which, as Weidman points out, “requires swift strategy and response.”
“Often, customers have relied on Bulb Security because they get frustrated when directed to a customer support person before talking to the point of contact and get lost in the shuffle,” Weidman (right) says. Projects might turn out longer and more inflexible than they should be. As a small company, she says that Bulb Security can provide more customized offerings in areas such as penetration testing and security training, which are generally “not cost-effective options at larger firms.” As a small consulting firm, Bulb Security can provide a lot of extra attention and flexibility to customers, she adds.
As for her latest start-up, Shevirah helps clients' security teams better integrated mobility into their risk management and penetration testing programs. (The company name, a Hebrew word for “the shattering of the vessels,” refers to a section of the Jewish holy book, Kabbalah, that discusses a disruption that enables the world to be reformed more efficiently.)
“It made sense to me to provide tools and methodologies to fill in the testing gap for bring your own device [BYOD],” she says. “With so many institutions adopting BYOD, many are inadvertently putting their employees and customers at risk because they don't understand the devastating result that can happen if vigilance takes a back seat.”