EmeSec CEO/President and Navy veteran Maria Horton never imagined she would be an influential, name-to-know in Northern Virginia’s cutthroat cybersecurity corridor.
Beyond the battlefield, Horton served as an intensive care unit nurse at Walter Reed National Military Medical Center in Bethesda, Md., for more than 10 years. Today, as a female executive in the hyper male-dominated cybersecurity industry, her company of 34 employees is pulling in roughly $6M in annual revenue by helping protect federal agencies and corporate clients from hackers.
"This exposure to high-pressure environments required me to anticipate problems, proactively address potential risks and act decisively"
During her days as an ICU nurse, Horton worked on a daily basis with patients who were on the verge of death—caught somewhere between frantic, brightly-lit emergency rooms and closely monitored hospital beds. At times, these difficult experiences in the halls of Walter Reed admittedly challenged her grit and determination to succeed, but in 1999 the stage changed.
“As a nurse, you need to be able act quickly, stand by your decisions and be capable of always providing a frank analysis …This exposure to high-pressure environments required me to anticipate problems, proactively address potential risks and act decisively. In the end, these skills have helped me tremendously as a business owner—and I honestly believe that all nurses have those skills,” Horton told DC Inno.
As a Navy Nurse Corps Officer, Horton was selected to complete a Masters degree at East Carolina University. During her time on campus, she conducted research related to telemedicine—a burgeoning industry at the time—that hoped to connect doctors with patients in new ways. In a still-young, post-internet era, the research encouraged Horton to foster an interest in security and information technology. In 1999, she left the nurse coat behind to join the Navy’s Medical Information Management Center.
Horton was the first Nurse Corps Officer to become the chief information officer (CIO) of the National Navy Medical Center (NNMC), now the Walter Reed Military Medical Complex.
“During my time with NNMC, I witnessed the need for IT Continuity of Operations and critical infrastructure protection following the destruction of the Pentagon on 9/11—as well as the response for initial HIPAA privacy compliance. In was in that moment, that I recognized security and privacy expertise would be the foundation of all businesses or organizations in the future,” Horton told DC Inno.
Entrepreneurialism
Women are greatly underrepresented in the tech sector and even more so in the cybersecurity field. In fact, according to a recent study by (ISC)2, women represented only 11 percent of U.S. information security pros compared to the 25 percent that hold computing occupations across the board.
Horton’s EmeSec is effectively challenging the status quo.
The Reston, Va.-based co. is a rising cloud data cybersecurity firm that provides system architecture and consultation services. About 80 percent of EmeSec’s current clients hail from the federal space, while the remaining 20 percent are private tech companies. Horton added that there’s a growing list of prospective commercial clients and that she believes will be a larger aspect of EmeSec’s business in the future.
As an imposing wave of both private and public enterprises begin to enter into this new era of floating data storage and information sharing enabled by cloud computing, so too does the demand for effective network security. And EmeSec has been able to take advantage of this trend from the get-go. Founded in April 2003, the 12-year-old company began as an information assurance provider and yet, over time, Horton pivoted EmeSec to bank on cloud security. That bet has paid off but it’s been a process.
“This shift in the scale and economics of computing results in innovation and business enablement at lower overhead costs. From a security standpoint, the cloud represents a new frontier with secure governance, access to data and applications, controls over key business systems and potential liabilities related to how cloud solutions are applied to business,” Horton described of the migration to cloud storage.
"There were several individuals that didn’t think our niche or boutique practice would gain traction or even survive the early years"
In essence, EmeSec offers services that assist in protecting a company’s critical information, data and assets via risk mitigation strategies and by helping them comply with cloud security standards for liability purposes. Customers who receive consultation services will be able to better understand and manage cyber risks and their related liabilities.
Being able to meet specific federal compliance standards for cloud data storage is an especially important prerequisite for any company that’s storing sensitive data, like customer files, financial records or defense-related information. In an environment where headlines and lawsuits are directed at this gap in security, organizations are increasingly reliant on compliance adherence to manage the damages levied by malicious and opportunistic hackers on their businesses.
FedRAMP is currently the most prominent government compliance standard that provides a unified approach to cloud security assessment and authorization. The important program provides some baseline for addressing security requirements.
As one of only a handful of accredited FedRAMP third party assessors (3PAOs), EmeSec has carried an advantageous sort of “seal of trust” for several years, Horton explains. This seal has been especially important in acquiring new government clients and for commercial client who then market the documentation as a requisite for better business practices.
Reflection
“When I founded the company, I didn't know what it took to be a real entrepreneur. It’s been a fun and challenging experience that I think overall, has tended to rewards those that work hard,” Horton told me during a phone interview at 5:30 p.m., as the sun began to set over Washington.
When she first launched EmeSec, there were only a handful of companies specializing in cloud cybersecurity services. While there were doubters, the region’s subsequent growth in cloud-focused cyber startups has certainly served as a vindication—the demand is obvious, today.
“There were several individuals that didn’t think our niche or boutique practice would gain traction or even survive the early years. I expected solid organic revenue generation–but even I really didn’t anticipate the saturation of the cyber marketplace like where it is today,” said the EmeSec CEO.
Interestingly, EmeSec has never raised private investment, and Horton said that’s likely not going to change.
“While we are not actively looking for a financial investment currently, EmeSec would certainly be open to creating a partnership or evaluating a fundraising option in the future if the right opportunity presents itself,” Horston said.
VIDEO:
