The computer screens on the walls of Edge Networks paint a picture of an industry’s ongoing battles.
The screens are digital maps of the world, showing cyberattack after cyberattack. Like flight paths, the attacks cross land and sea before landing, in a small burst, at their destinations. Mark Tishenko, Edge Networks’ founder, points out how many attacks hit northern Washington state, a hub for technology giants like Microsoft, Amazon, Facebook and Google.
The nearby windows, though, bring it home. They peer out from the second-story office, a repurposed apartment on Washington Street. The company’s headquarters are right on top of Little Italy restaurant, looking across the street at Compass Coffee.
Though the company is small by design, Edge Networks is poised for success as members of an emerging cybersecurity industry. As the internet grows, experts say the need will rise for firms that can protect people and businesses from metastasizing threats.
Punching above its weight
Tishenko founded Edge Networks in 2006 and today employs seven people in downtown Vancouver. Its revenue sources range from providing internet access to certain housing developments and selling antivirus software.
The growing facet of its business, however, is on-call cybersecurity assistance. Tishenko said that since adding that service in 2016, revenues bumped up 20 percent.
Though it’s small, he said the company punches above its weight class in terms of cybersecurity. At the same time, Edge’s line of work is one where you only notice if things are going wrong.
“We do work constantly in the background,” he said. “It’s in our best interest to keep you as stable as possible.”
The 33-year-old Tishenko said he seemed predisposed to this line of work. As a kid, before his family emigrated from the former Soviet Union’s Georgia region, he “adored” playing with the family vacuum and its inner workings.
The family moved to the Felida neighborhood in the late 1980s. He remembers how in his younger years he would unearth old computers from garage sales. He’d meet up with friends at a nearby computer store, tinker and split a dial-up internet connection.
He started his first tech support company at 18, and dropped out of school at Clark College and Washington State University. He would make more ventures — “Three that actually made money,” he joked — including selling funeral supplies over the internet at 24hourcaskets.com.
Companies would either be sold or dissolved until he was left with Edge Networks, which didn’t hit its stride until 2007. Tishenko said they started landing contracts to provide high-speed internet in Corvallis, Ore., specifically at housing developments for students.
Today, though, the cybersecurity business is taking off.
“It’s morphed by adding services nobody else would provide,” he said. “We thought about how we protect our customers. About 90 percent of security is people. How do we protect them from themselves?”
Million workers needed
Industry experts say there is a gulf between the number of jobs in cybersecurity available and people to fill them. Barbara Endicott-Popovsky, director of the Center of Information Assurance and Cybersecurity at the University of Washington’s Bothell campus, said jobs outnumber applicants 2-to-1 across the country.
“In three to five years, there will be a need for 1 million people (in the cybersecurity industry) that cannot be met,” she said. “We’re so far behind as a society it’s mind-boggling.”
According to Cyberseek.org, there are more than 6,400 job openings in Washington state alone, and 4,800 in Oregon. Four thousand of those jobs can be found in the Vancouver-Portland metropolitan area, compared with 5,500 jobs around Seattle.
“I think the unemployment rate in cybersecurity is zero,” said David Derigiotis, an executive with the insurance firm Burns & Wilcox, whose portfolio has grown to insure businesses against cyber threats.
Cyberseek.org is a joint venture from market analysts, a computer industry association and the National Initiative for Cyber Security Education, an ancillary organization from the U.S. Department of Commerce.
As it stands, though, the industry is pretty small in Southwest Washington. There are 75 workers in the “information security analyst” occupation, according to the latest data from the state Employment Security Department. That industry only became tracked separately from other computer-related occupations four years ago.
Part of the gulf could be attributed to the abstract nature of cybersecurity. It’s an industry that’s constantly changing, said Asaf Cidon, an executive with the firm Barracuda Networks, which has a small presence in Vancouver.
“It’s a cat-and-mouse game,” he said.
According to Cidon, malware is written to exploit the tiniest openings in the chain of connections that bring devices to the internet. Particularly disruptive malware, like two ransomware attacks that spread globally, will be shut down by the community at-large and the openings are shored up.
Then new malware is written “and the cycle begins again,” Cidon said.
Evolving battle
Cidon, who earned his doctorate in electrical engineering from Stanford University and worked in the intelligence arm of the Israeli military, said that’s been the story of malware since the widespread adoption of the internet.
“The classic attacks were spam and the Nigerian Prince (scam), that would send millions of emails and hope that 0.01 percent would open … they could build a small business out of that,” he said.
Today’s attacks trend toward “spearphishing,” where emails are sent to financial executives or someone in the accounting department forged to look like an email from their boss. It might say they are late on a payment to this account, so wire some funds into this or that account.
“It turns out these attacks work really effectively because security companies aren’t looking for them and recipients don’t expert their CEO to be a fraudster, or pretend to be a fraudster,” Cidon said. “This personalization trend is definitely going further.”
Also complicating the nature of the attacks is the pervasiveness of internet-connected devices. Today, our phones are computers, as are thermostats, refrigerators and more.
“On every single (request for proposal) we see coming in from our operators, security is very, very high on the list,” said Jeff McInnis, whose company, Vancouver-based SmartRG, engineers hardware to help connect devices to internet modems.
Hackers can breach a home network and hijack these devices. They may look through security cameras or collect whatever data, but they can also use an army of these devices to send connections elsewhere. Such attacks, called a distributed denial of service attack, cause ostensible traffic jams and lead to service shutdowns.
McInnis stressed, though, that it’s important for customers to be educated.
“Most people aren’t educated enough to change their password,” he said. “How do we ensure that we secure the router as much as possible and educate people on changing their passwords, knowing that if an attack does happen, how to mitigate that attack as much as possible?”
