Overseas companies are welcoming the chance to discuss partnerships with Australian security startups that no longer see acquisition by overseas vendors as the most desirable endgame, the head of Australia’s industry-development body has reported after a successful trade mission that concluded at the RSA conference in San Francisco.
The two-week Australian Cyber Security Mission to the USA saw 32 Australian innovators – including Aleron, Cogito, CyRise, Forticode, Secure Code Warrior, DevSecOps innovator SecureStack, and others – travel to New York City, Washington DC, and San Francisco to talk with vendors and venture-capitalist firms.
The trip was the first time co-ordinating organisations AustCyber and AusTrade had taken delegates to New York City “so we didn’t expect too much,” AustCyber CEO Michelle Price told CSO Australia, “but we have already seen some pretty good outcomes.”
Firms like Tenable had been “surprising” in their openness to engaging with the innovators, Price said, and several Australian firms were already in “pretty detailed conversations” about potential partnerships with US-based organisations keen to tap into Australia’s cybersecurity talent without acquiring it.
The push towards partnerships was driven in part by increasingly emboldened local startups, who “are feeling more and more confident about being able to stay at home and export from home,” Price said, “rather than having to exit through rapid acquisition or enter the market through the US or UK.”
“The sector infrastructure that’s needed to grow and access new markets has never been there – but in two years of existing, we at AustCyber have completely reshaped that.”
Jamie Brown, Tenable’s director of government affairs, was on hand to meet with the Australian delegation at the company’s Columbia, Maryland headquarters and echoed Price’s enthusiasm about the opportunity for increasing industry collaboration through public-private partnerships (PPP).
“Given that the cyber threat is so pervasive, you have to put aside the competition you have in the marketplace to get the policy right and improve security across the board,” Brown told CSO Australia.
“The attack surface has expanded as we bring in IoT and operational technologies,” he said. “Whether nation-state or cybercriminal, or other types of hackers or hobbyists, in most cases they are attacking the same vulnerabilities.”
Conversations with the Australian delegation had demonstrated the country’s “very robust ecosystem,” he said, “and the conversations we were able to have demonstrated that you have strong, complementary capabilities. That’s important for Tenable as we look for international partnerships, based on the recognition that there isn’t just one cybersecurity silver bullet.”
Expanding security capabilities would support the efforts of Tenable and other industry organisations to work together to help customers understand that, despite the increasing complexity of attacks and looming nation-state attacks, “that can’t become an excuse for learned helplessness at a base level,” he said.
This delegation, the third run by AustCyber and AusTrade, was the first since Australia’s government passed its contentious encryption-interception legislation.
Tenable’s management is “on the record having some very strong concerns about that legislation,” Brown said. Yet this was not stopping the company from exploring potential opportunities with Australian security innovators.
Indeed, despite widely-shared fears of consequences by some Australian companies, the laws weren’t even mentioned at all during meetings in New York City; came up once in Washington, DC; and were only mentioned a few times in San Francisco in the context of understanding what was actually happening.
“The whole delegation had been briefed about where [the laws] were up to,” Price said. “We were a bit ‘team Australia’ on that point – but while there were some robust discussions between the Australians about its impact on their ability to do business offshore, when it came down to it there was no sign of that impact.”