I was just getting on my flight to the RSA Security Conference in San Francisco on Monday morning when I received an email announcing an intriguing cybersecurity deal. Defense contractor Raytheon announced its acquisition of security veteran Websense for approximately $1.6 billion. Vista Equity Partners, Websense's previous owner, also contributed $335 million and will retain some skin in the game.
When I arrived at the RSA Conference, I asked a number of my contacts with deep federal experience what they thought of the deal. For the most part, the common response was something like, "every federal integrator has tried to crack the commercial market and everyone has failed. This won't be any different."
Yes, it's true. Lots of giant federal integrators claim that they sell into the commercial market, and they probably do, but their buyers are typically ex-government executives with whom they have existing relationships. Beyond this limited pool, however, the Washington crowd has really struggled to understand how to communicate with the private sector and how to sell and deliver focused solutions rather than project-based tool kits.
I agree that history supports the common doubting Thomas response, but Raytheon seems to recognize this consistent pattern. This is why Raytheon is already moving toward a new model with its acquisition by taking the following steps:
- Websense will not merge with Raytheon the defense contractor but rather with Raytheon Cyber Products, which is already focused on cybersecurity.
- Raytheon is giving Raytheon Cyber Products the resources and support necessary to become a commercially-successful venture on its own. This was true before the Websense acquisition and will continue in the future.
- The Raytheon Cyber Products people I've met come from the commercial sector and are pretty experienced in this area. In other words, Raytheon isn't moving its government managers into the commercial sector, but rather hiring the right team with commercial market chops.
- When you combine the portfolios of Raytheon Cyber Products and Websense it spans across cybersecurity infrastructure products, analytics, threat intelligence, and professional services. In other words, the combined entity has the right stuff to become a player in the commercial market.
Of course, Raytheon needs to give the new cybersecurity entity the continuous freedom to operate as a commercial market vendor. This means Raytheon can't mess around with the cybersecurity division's culture or position the cybersecurity product and services with the same military-industrial complex language that it does within the mother ship. And it goes without saying that Raytheon has to execute on its plan and make this combined entity successful in a very competitive market.
Yes, Raytheon is swimming against the tide, but it is doing so by recognizing previous failed efforts and actively changing its model to avoid previous pitfalls. A few final thoughts:
- This model is not unprecedented. On a much smaller scale, federal contractor KEYW followed the same recipe when it created Hexis Cyber Solutions, a company that is now active and successful in the commercial cybersecurity market.
- I've got to believe that the Raytheon/Websense announcement has initiated lots of meetings and financial modeling projects at BEA, Booz Allen, Lockheed, and Northrop since Monday. It's likely that one or several other federal integrators will follow Raytheon's lead.
- Finally, there is a lot of cybersecurity expertise focused in Washington that hardly touches the commercial market. If Raytheon (and others) can change their federally focused stripes and align their deep cybersecurity experience with the commercial market, the whole cybersecurity community stands to benefit.