Person working on laptop (Photo by Burst on Unsplash)

(Updated at 4:55 p.m.) Arlington Public Schools experienced a data breach this week affecting information it collects for visitors to school buildings.

The school system notified people of “externally exposed” data in a message sent this afternoon (Friday). The breach is part of a broader leak, reported this morning, affecting some schools in the U.S. that, like APS, use a visitor management system from Raptor Technologies.

“Arlington Public Schools was contacted this week by our Visitor Management System vendor, Raptor Technologies, regarding the discovery of some APS data that was externally exposed for an unspecified timeframe,” Chief Operating Officer Dr. John Mayo said in the message, which APS shared with ARLnow.

“At this time, we do not know what specific APS information was exposed or if it was accessed by anyone,” he continued.

The leaked information could relate to government-issued IDs.

The visitor management software that Raptor Technologies offers screens each visitor’s government-issued ID card against sex offender registries in all 50 states and “an unlimited number of custom databases,” according to its website.

This information is collected when visitors enter and exit a building, according to someone familiar with how APS uses the system. The technology also scans APS ID badges, for those who have them, and is used partly for substitutes to record when they show up for work.

Visitors receive a badge with their photo, name, role, destination and date and time of entry, according to Raptor.

APS says Raptor took action after learning of the breach.

“Upon learning of the breach, Raptor secured the accessible information and initiated an investigation,” Mayo’s message said. “This issue has affected many school systems nationwide, not only APS. For your awareness, this system is used to manage visitors and volunteers entering our facilities. APS utilizes a limited number of services offered by Raptor, compared to the full range of its capabilities.”

The school system says it is working with Raptor and will give updates as it learns more information.

“The safety of our students, staff and community is our utmost priority, and we will continue working with Raptor to ensure that all necessary steps are being taken to safeguard the information in Raptor,” Mayo said.

This was not the only tech issue that APS faced this week.

It appears APS used up all of its allotted Google cloud storage space — 122 terabytes, or roughly 5 gigabytes per user — according to June Prakash, the head of the local teachers union, Arlington Education Association.

“Some staff could not access email or other documents including plans for the upcoming days,” she said.

On Saturday, APS got to work to resolve issues some users reported, including being unable to save documents, according an email sent to staff. By Monday, “the issue reported with Google has been resolved,” a follow-up email said.

An APS spokesman later said the brief disruption was caused by a “service subscription issue between our retailer and Google,” and the school system worked to ensure the service was restored on Monday morning.

Photo via Burst/Unsplash


Washington-Liberty High School in the snow (staff photo by Jay Westcott)

Last month, a peculiar cybersecurity incident derailed class at Washington-Liberty and prompted a police investigation that is ongoing.

Around 10:10 a.m. on Nov. 30, police were dispatched to the school for “the late report of suspicious circumstances,” says ACPD spokeswoman Ashley Savage.

“The preliminary investigation indicates that between 10:45 a.m. and 1:30 p.m. on November 29, a student inside Washington Liberty High School utilized an electronic device that caused nearby iPhones to turn off,” she said.

“Police identified the involved student and the manner of intrusion that impacted the iPhones,” she continued. “Based on the preliminary investigation, there is no ongoing threat to the community related to this incident.”

Although ACPD identified the student involved, no charges have been sought at this time because police are still investigating the incident and any impacts to affected devices, says Savage.

Later that week, on Dec. 1, Arlington Public Schools shared a message from ACPD to the W-L community, seeking to find more potentially impacted phones. The message, shared with ARLnow, advised recipients of the incident and asking anyone whose cell phone turned off while at the school on Nov. 29 to file an online police report or contact the tip line at 703-228-4180 or [email protected].

“Victims have been identified and efforts to identify potential additional victims are ongoing,” Savage said.

ACPD did not provide additional details, such as what kind of device might have been used, citing the need to preserve the integrity of the ongoing investigation. A cybersecurity expert contacted by ARLnow declined to speculate on how a student might have turned off nearby iPhones.

The police department did note that it is not currently investigating any similar incidents. ACPD also shared some general cybersecurity tips.

“Police recommend community members always ensure their electronic devices are up to date with the latest software provided by their manufacturer and/or service provider,” Savage said. “Additional cybersecurity best practices include using strong passwords, thinking before you click on suspicious links, and using multi-factor authentication.”

The unusual incident comes as Arlington Public Schools have seen multiple lockdowns, some due to gun-related threats, particularly this year, while others have been chalked up to “swatting,” or hoax calls to 911 about school threats intended to elicit a large police response.


Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring Three Ballston Plaza

As more modern conveniences and critical infrastructure connect to the internet, increasingly commonplace objects — like electric vehicles — can be hit with cyberattacks.

In this ever-changing landscape, Ballston-based cybersecurity company Fend has put forward a new piece of technology to protect large systems and small devices alike from offenses launched by alleged thieves, cybercriminals and nation state actors.

It recently patented a microchip that allows Fend to protect a wider variety of goods. Any manufacturer can embed the chip into small-scale products, such as medical devices and delivery drones, to keep them secure.

“We’re talking about cars, power plants, and other machines that keep the economy going,” CEO and founder Colin Dunn said in a press release. “Our users will be able to feed data into next-generation AI tools while permanently keeping attackers out.”

Like its first product — a “data diode” that looks like an internet modem — the new chip dictates how devices “talk” to the internet, such that hackers cannot find a way to wrest control.

“Because we maintain that physically applied, one-way data flow, that means nobody from the outside can ever hack in, and that’s a bold claim but it’s the sort of thing that our infrastructure needs,” Dunn told ARLnow.

Amid reports of continued attacks on national infrastructure, he said, governments also have to protect their older systems, such as energy plants, which have been retrofitted for internet connectivity.

“These are folks that have big, important equipment that makes modern life possible, whether it’s making the goods in our homes or bringing clean water to our neighborhoods,” Dunn said. “And they also have a big target on their back as well from those who would like to disrupt their operations.”

This is Fend’s fifth year in Arlington. The company is in the midst of fundraising, with the goal of expanding further.

“We’re excited to have the opportunity here to — really from almost the very beginning — do this in Arlington, and make a contribution to the security of our country and around the world right here from home,” Dunn said.

An engineer works on Fend’s data diodes (courtesy of Bryant Cox)

Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring Three Ballston Plaza

A Green Valley-based nonprofit is encouraging kids to dream about working in tech the same way they dream of being a doctor or lawyer one day.

To help launch them into those career paths, MySecureKid — which also educates families about internet safety — connects children and teens with programming, apprenticeships and mentors.

Since founding the organization in 2018, Quiana Gainey and JaLisa Johnson have focused on supporting children from underrepresented backgrounds. While cybersecurity and technology are projected to grow more than 13%, they say a “knowledge gap” is holding back Black and Hispanic people, as well as people with disabilities, from riding that job growth wave.

“We were the first IT apprenticeship in D.C., and we were servicing a population that was what they consider disenfranchised. We just said that they’re undiscovered,” Gainey said.

Gainey and Johnson have both founded for-profit companies in cybersecurity and healthcare tech, respectively. Using that experience, plus their backgrounds in government contracting and military service, the duo say they created curricula for students to bridge that knowledge gap.

“We want them to see that there’s a shortage in cybersecurity [and that] our infrastructure, our country needs this,” Gainey said. “So let’s start with building that into the curriculum, building partnerships with community, with nonprofits like ourselves, so that we can help the next generation realize their dreams and also help them not go into all traditional [careers].”

Co-founders Quiana Gainey (left) and JaLisa Johnson (right) (courtesy of Quiana Gainey)

MySecureKid offers apprenticeship programs for teens as well as summer cyber camps and after-school programs for younger children. They pair high school students with mentors and provide scholarships to those pursuing education in IT, emerging technologies, healthcare, cybersecurity and entrepreneurship.

It also has worked with Arlington Public Schools for three years and has plans to partner with their apprenticeship program in the fall.

With these programs, Johnson says she hopes that students gain hands-on skills over time — similar to a trade school.

“We make things fun but challenging,” Johnson said.

She and Gainey also make sure parents have opportunities to learn about tech issues, such as internet safety.

“I always tell parents, when you give your childhood phone, it’s like leaving them in the middle of the intersection, and telling them to find themselves their way home,” Gainey said. “Now, you wouldn’t do that, right. So when you give them that cell phone, it’s time to have that conversation.”

Their space in Green Valley, which they call the “360XP Zone,” is self-sufficient, powered with renewable energy and connected to its own water supply. It features learning, retail and event spaces and is equipped with a full-service kitchen and bar. Small businesses can even rent these spaces and benefit MySecureKid in the process.

Calling on her healthcare background, Johnson designed the space to include clinics that she says meet Centers for Disease Control and Prevention standards.

“We always say, ‘I don’t wait for someone else to do something. You can be the change you want to see,” Gainey said.

Inside one of the learning pods at MySecureKid’s facility in Green Valley (staff photo by Jay Westcott)

Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring Three Ballston Plaza.

Cybersecurity company Shift5 is experiencing rapid growth as it develops technology to safeguard the world’s military fleets, plane and train systems.

The Rosslyn-based startup has been steadily raising money, including $33 million last month, adding to $50 million raised last year. Shift5 has ridden this wave of investor interest, using it to expand its office space, add employees and, most recently, launch a new program to predict and avoid failures in military, rail and aviation technology.

“This [funding] has allowed us to invest in not just our employees, but also the greater Arlington community,” Shift5 CEO Josh Lospinoso told ARLnow. “Our expanding presence in Arlington enables us to continue driving the pace of technology outside the Silicon Valley while keeping an active pulse on the decisions being made at the Pentagon to improve and advance critical infrastructure.”

Lospinoso says Shift5 nabbed the extra $33 million because investors are interested in its stability and connections.

Shift5 CEO Josh Lospinoso (via Shift5)

“We’ve seen tremendous benefit from strategic investor involvement and wanted to expand their participation. Shift5 has eliminated bottom-line risk, found strategic points of connection with other industry leaders and brought them into our Series B funding,” Lospinoso said.

The most recent fundraising round, led by Moore Ventures with contributions from JetBlue Ventures, Booz Allen Ventures and Teamworthy Ventures, brings its total Series B fundraising to $83 million.

Within weeks of the funding news, the company had another announcement: a new program that will use artificial intelligence to improve maintenance and the operational intelligence services Shift5 provides, a spokeswoman said.

“Fleets generate enormous amounts of data that can be game-changing for how they’re maintained and secured, but most operators only have access to a small fraction of this data,” a press release said. “Shift5’s module will unlock this data, arming operators with the insights and context needed to secure their assets, improve performance and prevent system failures.”

While the company has racked up investors, in the last year it has also more than doubled its annual recurring revenue and number of customers representing the military and private companies.

Lospinoso said the additional $33 million will go toward making sure the company can meet the needs of its growing customer base.

“It will help us double down on our mission to unlock onboard data and increase observability for rail, aviation and military systems operators,” he said. “More specifically, as customer demand increases this extension funding will provide Shift5 additional runway to innovate for our customers and invest in our business and team.”

Shift5 founders deploy their product on a train during COVID-19 (courtesy of Shift5)

Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that highlights Arlington-based startups, founders, and local tech news. Monday Properties is proudly featuring 1515 Wilson Blvd in Rosslyn. 

Arlington-based CyberVista announced it is providing free cybersecurity training through a new partnership with a D.C. area nonprofit.

The cybersecurity workforce development company located in Rosslyn (1300 17th Street N.) is making available two courses to participants in Black Girls Hack. The Alexandria-based nonprofit provides training and resources to encourage Black girls and women to be engaged in STEM fields, with a focus on cybersecurity and executive suites.

“There is a critical shortage of black women in the cybersecurity industry. BlackGirlsHack’s mission is to bridge this gap by creating a source of shared knowledge and resources that can enable black girls and women to break the barriers,” said BlackGirlsHack Founder and Executive Director Tennisha Martin in a written statement.

For CyberVista, the partnership complements its work to support STEM education.

“Our partnership with Black Girls Hack goes hand-in-hand with CyberVista’s goal to close the skills gap in cybersecurity by measuring and upskilling underrepresented groups of talent,” CyberVista CEO Simone Petrella said. “We support organizations that invest in their communities by elevating STEM education that will enable a better and more diverse cybersecurity workforce.”

A Black woman coding (via Unsplash/[email protected])

Its two courses — Cybersecurity Matters and Security Essentials for IT — are aimed at supplementing the training that BGH provides to current members.

Cybersecurity Matters, which is designed for a non-technical audience, provides foundational knowledge of common cyber attacks and defensive techniques. The company says the course “helps learners understand the ‘hows’ and ‘whys’ of cybersecurity, and their role in keeping the organization secure.”

Security Essentials for IT, designed for information technology professionals, addresses cybersecurity threats related to protecting business data and maintaining business systems.

“We are excited to partner with CyberVista, an organization recognized for making inroads to eliminate the skills gap,” Martin said. “The resources they are providing our members will help us open the doors for more black female professionals in cybersecurity for today and tomorrow.”

CyberVista, founded in 2016, is the sister company of the 85-year-old tutoring and training platform Kaplan. It recently merged with Maryland-based CyberWire, an audio-based cyber media company to form N2K Networks, or “news to knowledge” network, the Washington Business Journal reports.

The new cyber media and education brand has raised a $5.4 million round of funding.

The company that owns Kaplan and CyberVista, Graham Holdings, previously owned the Washington Post.

Flickr photo by wocinthechat


Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring 1515 Wilson Blvd in Rosslyn.

Cybercriminals are not the stereotypical teen in their mom’s basement wearing a hoodie.

Cyber crime has become a highly organized business, with people specialized in different parts of the process, nonprofit Cyber Threat Alliance President and CEO Michael Daniel said. And cyber threats, such as ransomware, have exploded as people are more connected to the internet and can move money more easily.

“We’ve entered a stage where cyber crime poses a very significant threat to the global economy and the global system, equivalent to what normally would only be associated with nation-states,” Daniel said. “And so that’s a big challenge and a big change.”

Based in Clarendon, Cyber Threat Alliance enables cybersecurity companies to share threat information with each other quickly to prevent and respond to these attacks.

“No individual company has a complete view of what’s going on in cyberspace, so in order to be able to protect your customers, or work with the government, law enforcement agencies or others to help disrupt the bad guys, you need more information,” Daniel said.

Cyber Threat Alliance CEO Michael Daniel speaks during a presentation (courtesy of Cyber Threat Alliance)

People who work in cybersecurity policy talk about information sharing a lot, but there wasn’t anyone dedicated to it for the industry until the nonprofit was formed five years ago with its six founding members — Palo Alto, Fortinet, Check Point, Cisco, McAfee and Symantec.

“The leaders of those companies really understood that talking about information sharing in cybersecurity, well, everybody talks about it, but it’s hard to do,” said Daniel, who worked in federal government for 20 years, including as former President Barack Obama’s cybersecurity adviser.

As for locating in Arlington, where Daniel and his wife had settled, the decision was simple.

“This is a great place for getting started and working in the cybersecurity industry because the Washington, D.C. area is the hub for policy and other kinds of development,” he said. “And this is really home for us. It’s not really more complex than that.”

Now, CTA has 34 member companies, which are required to share a minimum amount of threat intelligence each week, and employs seven people. Its members are headquartered in 11 countries around the world and run the gamut of household company names, like Cisco, to relatively smaller cybersecurity companies.

There’s a list of companies in the pipeline to become members, which opens up possibilities for hiring additional staff and offering more services, Daniel said.

In the upcoming year, CTA hopes to add technological capability to its sharing platform and is involved in projects, including one with the World Economic Forum’s Centre for Cybersecurity to understand the criminal ecosystem so it can support government action against cybercriminals.

“Ransomware is a huge problem, cyber crime is a big problem, and it’s something we need to really tackle if we want people to be able to use the digital world in the way that we want,” he said. “Cyber threats are not a problem that we’re going to solve but it’s a problem that we’re going to have to manage. We are building for the long term.”


Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring 1515 Wilson Blvd in Rosslyn.

Cybersecurity company Shift5 has raised $50 million in a Series B funding round to protect planes, trains and military weapon systems from mounting threats.

The round was led by private equity and venture capital firm Insight Partners, and follows up on a $20 million Series A funding round last fall.

“Shift5’s experienced founding team with deep national and cybersecurity experience, plus early success, makes the company a standout in the industry,” Nick Sinai, a senior advisor at Insight Partners who will join Shift5’s board, said in a statement. “We’re excited to work with Shift5 as it fills a crucial space in defending national infrastructure.”

Shift5 intends to use the funding to new products and hire new employees to keep pace with demand for its services across transportation and national defense industries. It works with some notable clients, including the U.S. military’s Special Operations Command.

The Rosslyn-based startup, headquartered at 1100 Wilson Blvd, currently offers a platform that identifies the weak points in the systems making planes, trains and militaries run, and wards off cyber threats. It began selling this product last year, and reported netting tens of millions of dollars in revenue.

The commitment to hiring staff comes after the company doubled the size of its team in 2021.

Airlines, train operators and militaries often rely on outdated operational technology to power their fleets, according to Shift5. As more of these operational systems get connected to the Internet, they become more vulnerable to cyber attacks — which can cost them millions of dollars in losses, remediation and ransom payments.

And soon, they may have a human cost, as these attacks could result in injuries and deaths by 2025, according to research firm Gartner.

Shift5 founders deploy their product on a train during COVID-19 (courtesy of Shift5)

Cyber threats are becoming more commonplace, and demand for Shift5’s services is rising, the company says. Recent attacks have targeted pipelines and surface transportation, including New York’s public transit authority and a major port in Houston. Hacks into maritime operational technology have increased by 900% since 2017 and, overall, the transportation industry witnessed a 186% increase in weekly attacks from 2020 to 2021.

“If the past year has proven anything, it’s that the leading defenders in rail, aviation, and national defense see the prescient risks and are mobilizing to get ahead of costly damages,” said Shift5’s President Joe Lea in a statement. “We look forward to partnering with Insight Partners as we continue to grow and defend.”


Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring 1515 Wilson Blvd in Rosslyn. 

Some hackers exploit weaknesses in a company’s security to make money. But other hackers do so to help companies find their weak points.

It’s called “ethical hacking.” Local cybersecurity company SCYTHE has created a platform that emulates cyber attacks, using the work done by ethical hackers, to help companies find their own gaps in security.

“We collect all the information about new attack types, usually written up by the ethical hackers, who are called security researchers… [and] we break down the attacks into the individual steps so that our customers can rearrange the order,” says CEO and founder Bryson Bort. “This lets them make their own attacks so that they can test how effective their security is. The more different ways they can run attack steps, the more they understand how well everything works on their end.”

There’s growing demand for this tool, says Bort, who is hiring folks to meet that demand and add capabilities to that tool — to make it even easier for customers to test out their security — using $10 million it raised in Series A funding last November. This rapid growth, Bort says, has taught him the importance of ensuring team members feel valued and included and have room to grow professionally.

“I think that a lot of founders don’t alway realize when they start a company that while the technology can be unique, it’s really the people who make a company successful,” he said.

Bort — who served as a U.S. Army Officer during Operation Iraqi Freedom and one of 2020’s 50 top cyber leaders according to Business Insider — founded the company in 2017 to develop an idea born from his work at GRIMM, a cybersecurity consultancy he also founded.

And he wanted to make sure the companies were linked — with a sense of humor.

“SCYTHE was a product that came out of work we were doing at GRIMM,” he said. “GRIMM is a services company where it’s about people. SCYTHE is a product, a tool that GRIMM would use. When I created SCYTHE, I wanted to show that the two were connected but also show their differences.”

SCYTHE logo (courtesy photo)

The two companies are also linked through a mythical motif, so to speak. Unicorns.

“We did an annual T-shirt contest for the industry event DEF CON, the largest hacker conference in the world,” Bort said. “I came up with the idea of the grim reaper riding a unicorn because I liked the juxtaposition. The design blew up because other people also saw the humor.”

https://twitter.com/scythe_io/status/1463537412651589633

When he started his second company, he decided to incorporate unicorns into the logo and branded merch, which benefits “chubby unicorns,” or endangered rhinos. And Bort says the majestic, single-horned fantasy creature sums up what SCYTHE does and its goal.

“It just really feels like it’s the best way to describe the company,” he said. “We’re doing things no one else is doing and plan some day to be a literal unicorn startup.”

Unicorn startups are privately held startup companies valued at more than $1 billion, and are so named to underscore their rarity. (Arlington has one unicorn: woman-led financial technology company Interos.)

SCYTHE is hiring lots of positions to continue working toward that goal.

(more…)


Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring 1812 N. Moore Street in Rosslyn.

Hacks of infrastructure are on the rise, according to Ballston-based cyber security company Fend, which says the newly passed infrastructure bill with “unprecedented” cybersecurity spending couldn’t come at a better time.

Within the last year, criminals have realized that the business of holding billion-dollar infrastructure systems for ransom is a lucrative one, says Fend’s CEO and Founder Colin Dunn. Companies and government agencies work together to rustle up the ransom sum and put a halt to the chaos these attacks cause, such as the long lines at the pump after the Colonial Pipeline hack.

“They’re out for the money,” Dunn said. “It wasn’t until this year that they realized, ‘Oh, you can hold a pipeline company for ransom and everyone’s going to be really angry.’ I think we’re going to see more of it. Attackers are seeing how weakly defended these major major assets are.”

The $1 trillion infrastructure bill, signed into law last week, includes nearly $2 billion for cybersecurity. About $1 billion will go to state, local, tribal and territorial governments to modernize their systems to deter cyber attacks; $100 million will support a cyber response and recovery fund accessible to private-sector owners of critical infrastructure; and $21 million will go toward staffing the Office of the National Cyber Director, according to a U.S. Senate press release.

Dunn is encouraged by the allocation, as well as similar allocations in the American Rescue Plan Act.

“This is really unprecedented,” Dunn said. “I think the administration has seen these attacks, like the one on Colonial Pipeline… and they’re taking it really seriously, knowing that’s a threat that our enemies and criminals can hold over us — hold billion-dollar assets for ransom.”

Colin Dunn of Fend at an expo this year (courtesy photo)

Having the conversation now — when new infrastructure is set to be built — means that cybersecurity can be embedded from the beginning, rather than retroactively applied after an attack, he says.

“So much of the infrastructure that we are seeing fall under attack… we’ve had to apply cybersecurity way after these facilities were brought online. Now we’re talking about doing that up front,” he said. “Baking that early in the conversation is a big step forward and will be good for our security overall.”

The bill could be a boon for Arlington, which is home not to numerous cybersecurity companies, but also to “big players in energy,” he says. It emphasizes cybersecurity workforce development, which could be good news for a state and region focused on creating a pipeline of tech workers.

“There’s pretty much zero unemployment in cybersecurity, and expanding that nationwide is going to be really important, and here, where it’s a stronghold,” he said.

The bill does include a preference for U.S.-made goods and services, such as Fend’s cybersecurity products, which Dunn says will be helpful for supporting American businesses rather than the great deal of overseas competition.

He said he hopes the spending helps protect the U.S.’s growing renewable energy facilities, such as the solar farms that Fend secures. Securing renewable energy has long been one of Dunn’s priorities.

“If we lose our renewables, we’ll go back to burning more fossil fuels,” he said.

In this new world of infrastructure hacks, Fend has gained traction and business, Dunn says.

Most recently, Fend — located at 4600 Fairfax Drive in Ballston — announced a partnership with Federal Resources Corporation, allowing Fend’s products to be sold to more government agencies, such as the Department of Defense. That’s fitting, he says, because government funding helped Fend get started.

“Between them and NASA, there’s lots of funding flowing, which helps make the product readily accessible,” he said.

Earlier this year, Fend completed some additional fundraising and attained its third patent, he added.


Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that profiles Arlington-based startups, founders, and other local technology news. Monday Properties is proudly featuring 1812 N. Moore Street in Rosslyn.

After several years of quietly building, a local IT management company — temporarily leaning into cybersecurity — is enjoying huge gains.

C3 Integrated Solutions, which helps government contractors use Microsoft cloud solutions, saw 172% growth over the last two years. According to the company, located in Rosslyn, those numbers make C3 the fastest-growing IT management company in Arlington.

Inc. Magazine ranked it the 69th fastest-growing company in the D.C. region for 2020 and ranked it among the top 2,000 companies nationally.

“I’ve been joking that it’s an overnight success 13 years in the making,” co-founder and president Bill Wootton said. And those numbers are for growth in 2019.

“2020 ended up being an even better year for us,” Wootton said. “Even with COVID-19, we had our best year ever last year, and this year, with some of the new services and solutions we’re about ready to roll out, we’re going to keep going in the same direction — up and up.”

C3 Integrated Solutions started a decade ago while Wootton and co-founder Kevin Lucier, an Arlington native, worked for cable and telecommunications company RCN. They wanted to give clients outside-the-box solutions and decided to start a company that would do just that.

When they took the plunge, however, they struggled to stay afloat in a mature industry crowded with similar companies. Three years in, Microsoft cloud services went online, which they saw as a lifeline.

Listening to some clients talk about the cloud, Wootton and Lucier saw a new opportunity and decided to jump ship. But there was one problem: neither had IT experience.

The duo hired people with the right expertise, including Kevin’s brother James — as well as long-time IT veteran Jason Tierney — and C3 Integrated Solutions was (re)born.

C3 focused on providing IT services to nearby companies, which, in Arlington, meant many of their clientele were defense contractors. That incidental relationship proved a huge boon to C3 a decade later when it found a new market to enter: cybersecurity.

Today, the company also helps government contractors keep their companies secure while meeting changing cybersecurity regulations. C3 is taking advantage of new cybersecurity regulations for defense contractors that the government codified in November, which Wootton and Lucier saw coming four years ago.

“We’ve been a mover in this particular solution set for three to four years now, and it’s just now starting to get mainstream recognition,” Wootton said. “We have a track record in an area where people are just realizing there’s a market shift.”

These regulations will take five years to roll out just for the defense industry, he said. The government is looking to expand these requirements to other departments, which means C3 is poised to ride this wave for a while.

(more…)


View More Stories