This article originally appeared in the Tampa Bay Times on October 27, 2017,
Florida probably isn't the first place that comes to mind in terms of a strong cybersecurity industry. In fact, it has a somewhat insecure reputation — the Sunshine State had the second highest rate for identity theft complaints in 2016, according to the Federal Trade Commission.
But local stakeholders are looking to change that, and Florida is making slow but incremental progress on a few fronts.
"The mission that was given to us is make Florida the leading state in cybersecurity," said Sri Sridharan, executive director of the Florida Center for Cybersecurity.
The University of South Florida-affiliated center, which is hosting its annual cybersecurity conference Friday, was established by the Florida legislature in 2014 to "position Florida as a national leader in cybersecurity."
That title comes amid stiff competition. The Northeast and California have deeply established communities for cybersecurity, anchored around schools — such as Johns Hopkins University or Carnegie Mellon University — or natural hubs — government agencies in Washington, D.C., and tech giants in Silicon Valley.
What the state lacks currently, said Sridharan, is a talent pool of mid-career professionals who already have strong training.
But Florida isn't completely out of this game. Firms such as Tampa-based ReliaQuest have set up shop in the state. IBM, which has a focus on cybersecurity, has an established presence in the state with an office in Tampa. And KnowBe4, a Clearwater-based cybersecurity training firm, announced this week that it received a $30 million investment from Goldman Sachs Growth Equity.
What Florida may have to offer is its large student population and amenable business climate.
Education is the cornerstone of local stakeholders' efforts to put Florida on the digital security map.
Florida currently has 13 schools that the National Security Agency has designated as centers of academic excellence in cybersecurity education or research. Around 40 cybersecurity-related programs for graduate and undergraduate studies have been implemented in Florida state colleges.
"Students learn cybersecurity very easily," Sridharan said.
His approach at the Florida Center for Cybersecurity is to get schools and students on board with cyber, and shape the curriculum around what the industry currently wants.
"Will you hire them?" That's the question Sridharan asked of 18 security employers when USF was shaping its curriculum.
Training the workforce early — as early as kindergarten and grade school — is also a priority.
While the center hosts boot camps for high school students, digital security company ReliaQuest recently set up shop in JA Biztown, a Junior Achievement play city where students take charge for a day to learn economic concepts.
ReliaQuest's storefront mimics the company's real office. Their youth "employees" help other businesses in the town identify and fix security issues on their equipment.
"They're using devices more than we are," ReliaQuest CEO Brian Murphy said. If kids can build good digital security habits now, he said, when they are older, "they can operate devices with a professional skepticism."
Beyond education, entrepreneurs such as Adam Sheffield, a former intelligence collector for the Army, are looking to supplement the academic approach here by creating a cybersecurity hub.
Sheffield is working on hosting "boot camp-style" training programs, meet-ups and events in Ybor City, calling the concept "Cybor."
One area for improvement is Florida's privacy climate. Industry professionals often consider security and privacy to go hand in hand, and state laws often shape how companies approach issues such as securing personal information and disclosing to consumers when their data has been leaked.
"A lot of it has to do with the attorney generals involved," said Bob Siegel, president of Delray Beach-based Privacy Ref.
Siegel is a member of the International Association of Privacy Professionals and part of their training faculty.
One of the reasons California has become a privacy and security hub, Siegel said, is because of its attorney general's strong stance toward digital privacy.
California is considered to have some of the most consumer-friendly privacy laws. It requires companies that operate in the state to post a particular notice about how they respond to consumers' Internet browser's requests to not be tracked with digital cookies. It also allows children under 18 years old to have their personal information deleted from social media networks.
But Florida, he said, is slightly less progressive in this area. For example, the state data breach law considers an information leak to be a "data breach" if the information was electronic. That doesn't account for information on paper, such as paper forms filled out.