A Reston compliance, security and IT services provider has taken on another private equity investment to fuel development ambitions ahead of an expected increase in demand from clients seeking federal cybersecurity certifications.
BV Investment Partners, a Boston-based middle-market private equity firm with strong ties to the cybersecurity industry, has acquired a majority stake in CyberSheath, the companies announced this week. It's just the second PE investment CyberSheath has received since it was founded in 2012; the other came three years ago from Lightview Capital of West Palm Beach, Florida.
CEO Eric Noonan declined to share the size of the investment but told me the funding will help the company scale its product offerings to meet the cybersecurity compliance sign-off demands of federal contractors. Verification of these requirements is one of several services CyberSheath offers, and that piece of the business is expected to grow amid an edict from the Biden administration that requires more government contractors to have minimum cybersecurity protocols in place in order to bid on contracts.
"At some point in the very near future, it's going to be table stakes that if you're a federal contractor, you're going to have to meet mandatory cybersecurity requirements before being awarded a contract," said Noonan, who is one of CyberSheath's co-founders. "I think many folks would probably be surprised to learn today that that's actually not the case."
He said the Department of Defense is the furthest ahead in this effort, given its Cybersecurity Maturity Model Certification program, a pre-award cybersecurity verification requirement that contractors must comply with before any business with the DOD can be executed. However, more federal agencies are expected to follow suit as a result of the president's March 2023 directive.
"There's an enormous demand and a tremendous addressable market that needs to be served ultimately," said Noonan, whose firm has about 50 employees.
According to proposed guidelines, the Department of Justice will use the False Claims Act to pursue civil actions against any government contractors that fail to meet outlined cybersecurity obligations. This will task the DOJ to hold account "entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cyber incidents and breaches," per an excerpt from a section of the White House's National Cybersecurity Strategy Implementation Plan published May 7.
CyberSheath is among several Greater Washington companies that have recently received PE investments.
This month, Australian financial services giant Macquarie Capital bought a controlling stake in Laurel-based government contractor Earth Resources Technology and Arlington IT consulting firm Excella landed an investment from McLean's Attain Capital to help it advance its artificial intelligence capabilities.
And in late April, D.C.-based, remote-first marketing firm The District Communications Group nabbed outside investments from two private equity groups. The fast-growing company is considering using a portion of the funds to open a physical office in National Landing.
