How British Columbia became an important part of the world’s cybersecurity ecosystem
A look into the local cybersecurity ecosystem in the Canadian province of British Columbia, the factors shaping it, and where we can go from here
Welcome to Venture in Security! Before we begin, do me a favor and make sure you hit the “Subscribe” button. Subscriptions let me know that you care and keep me motivated to write more. Thanks folks!
A huge thanks to Amiran Alavidze and Alex Dow for being so generous with their time and helping make this article a reality.
BC’s Cybersecurity Ecosystem: Quick View
2022 BC Cybersecurity Market Map
There are over 25 companies in BC that build security products; some are headquartered here while others have a local office. Additionally, there is a large number of service providers and consultancies, including managed security service providers (MSSP), incident response (IR) firms, digital forensics (DF) firms, boutique consultancies, risk management, and IT firms, as well as freelance consultants ready for vCISO engagements and other.
Below is the 2022 BC Cybersecurity Market Map I prepared based on the information from the open sources. You can access the living version of the map with URLs & more in this Google sheet. Please add comments to the sheet if you see things that should be added/adjusted/removed and I will use that for the next iteration of the map.
Key Highlights:
There are over 50 cybersecurity companies in BC, including 25+ companies building products and even more security consultants and security service providers
There is a noticeable lack of venture capital and government support for the cybersecurity space in BC
The immigration policy as well as the establishment of the new educational programs enables BC cybersecurity space to grow
BC cybersecurity ecosystem is fully bootstrapped — by those who have a vision about the future of security and are stubborn enough to make it happen, against all the odds
Tech giants such as Amazon, Salesforce, and Microsoft have a large presence in the province. The pandemic has impacted but hasn’t stopped the expansion; for example, Amazon continued expanding its Vancouver presence in 2021. Canadian telecom providers such as Telus, have a wide variety of cybersecurity employment opportunities as well.
Cybersecurity Companies Hiring Remotely
A wide range of international (predominantly US) companies hire BC-based employees remotely — this trend has accelerated since the start of the pandemic. A quick LinkedIn search reveals several enterprise companies and cybersecurity startups that have people working remote from Vancouver showing that there is enough local talent to satisfy demand.
Factors impacting the growth of the BC’s cybersecurity ecosystem
Distribution
The cybersecurity companies in BC are located in two areas: Greater Vancouver and Victoria (the capital of BC). In many cities, the firm size is often inversely correlated with proximity to the city center. Vancouver-based security companies are relatively small, so many are centrally located. Fortinet office is located in Burnaby, British Columbia while firms like MasterCard (NuData Security), Absolute Software, Cisco, Trulioo, D3 Security, and many others have their offices around Vancouver Downtown area.
The work from home policies since the start of the pandemic are impacting the way companies see their offices, and most will likely be converting their traditional office spaces into flexible coworking-like arrangements.
When analyzing the dynamics of the largest cybersecurity industrial clusters (San Francisco Bay Area, Washington D.C., and Israel), Tali Hatuka and Erran Carmel introduced the following three-step framework.
Viewing the cybersecurity industry through the lenses of the infrastructure, social capital, and institutions, highlighted the following factors.
Infrastructure & Policy
Tech industry leaders working together with the federal & local government, have tried to turn BC into a tech hub, by launching and growing a number of initiatives including those outlined below.
Innovate BC (a crown agency of the Province of BC) offers hiring as well as R&D grants, among other opportunities.
New Ventures BC is the best-known local startup competition. In 2020, a Nanaimo-headquartered cybersecurity startup aDolus Technology has been crowned the winner of the competition, taking home more than $135,000 in cash and prizes. This is an exception rather than the rule as there appears to have been no other cybersecurity companies winning in this competition for about a decade.
BC Tech is the largest member-led technology non-profit in British Columbia, and its focus is to help startups grow. In the past, BC Tech Association run the BC Tech Innovation Hub which closed in 2020. Absolute Software, a cybersecurity company, is one of the sponsors of the BCTech4Startups program.
Another public-private partnership, Digital Technology Supercluster, received up to $173M in funding. It does not appear like there are any cybersecurity companies among its 40+ supported/funded projects.
Scientific Research and Experimental Development Tax Incentive Program (SR&ED) has been actively used by Canadian startups to finance R&D. However, not all innovative cybersecurity work can be reimbursed by this program.
It is fair to note that while some areas such as cleantech have received a lot of attention in BC, cybersecurity has not been one of the segments actively supported by the government.
There have been some movements around the public-private partnerships to advance cybersecurity:
In 2019, Palo Alto Networks partnered with British Columbia and IBM Canada to launch Canada’s first cybersecurity high school program.
In 2020, Mastercard announced its Intelligence and Cyber Centre in Vancouver. Due to the pandemic, its scope & future remains unclear.
According to the BC Government, there is a forecasted global shortage of 3.5 million cybersecurity professionals by 2021 and in Canada alone, we are estimated to require 8,000 by 2022. One of the ways in which the government is looking to fill the gap is immigration.
Through programs such as Global Talent Stream, Canada creates opportunities for tech workers, including security professionals, to work in the country. Category B of the program, for example, enables employers to hire skilled foreign workers which include:
Computer and information systems managers;
Database analysts and data administrators; and
Computer programmers and interactive media developers.
By gaining Canadian work experience, security professionals should be able to qualify for immigration programs such as the Canadian Experience Class (CEC).
One of the pathways for immigration is education. For example, graduates of the Master of Science in Cybersecurity from NYIT are eligible for immigration under the BC Provincial Nominee Program.
Canadian immigration policy is an important factor that makes many people choose Canada over the US. Many tech workers who had their H1B visas denied have found a home in Canada.
What is seriously lacking in the province is access to venture funding. Ambitious entrepreneurs are forced to look for investors in the US as their local networks, unfortunately, are not sufficient.
Social Capital
13% of the working population fall under the “professional, scientific, and tech” category — the largest category of workers in BC. Local residents are highly educated with 37% of the population possessing a university degree (for new immigrants, the number is as high as 55% which shows that Canada attracts highly educated professionals).
BC has enough student mentors open to sharing their experiences with aspiring security professionals and community events for those looking to start their own ventures. However, there is no sufficient number of startup mentors who have scaled and existed their businesses, and who can help the next generation of founders to do the same.
As some Canadian industry leaders note, “cybersecurity professionals have been working in the shadows for a long time,” and are not as tightly connected to peer groups, or enterprises as startups in other industries, like FinTech.
Institutions
Over 15 educational institutions, including traditional universities & colleges as well as short-term bootcamps, offer education around cybersecurity (diplomas, courses, certificates, and degree programs). The vast majority of them launched in the past two to three years.
The University of British Columbia, the largest university in the province, does not currently offer any graduate or undergraduate degrees focused on cybersecurity, only courses as a part of their CompSci program. It is launching the UBC Micro-certificate in Cybersecurity Strategy and Risk Management in April 2022.
Canada has several country-wide programs supporting cybersecurity education:
CyberTitan for middle and secondary school students
CanHack for Canadian secondary school students
Cybersecurity Classroom Training Program (CCTP) for high schools
Cyber∗Sci for post-secondary students
Rogers Cybersecure Catalyst at Ryerson University for Canadians looking to start careers in cybersecurity
In other Canadian provinces, there has been a large emphasis on cybersecurity in recent years, which manifested itself in the establishment of:
In BC, there appears to be only one research initiative with a focus on cybersecurity — The International CyberCrime Research Centre (ICCRC). Some local educational institutions are members of CANARI, while some security companies support the In-Sec-M initiative.
Neither Vancouver nor Victoria are located around the military or intelligence hubs that have historically been found to support the growth of cybersecurity (Communications Security Establishment, The Canadian Centre for Cyber Security (Cyber Centre), and Canadian Security Intelligence Service are located in Ontario).
Events, Meetups & Media
Security professionals in BC are incredibly active and good at self-organizing. BC is a home for BSides Vancouver, CanSecWest with its Pwn2Own, and VIPSS, among other security-related events & meetups.
I’d like to start by briefly talking about the history of the local community. Any attempt to summarize history is destined to be subjective, so you can skip the next two paragraphs if you want.
Security professionals lived & worked in BC for quite some time, and at the beginning of 2010, the need for community started to grow stronger. The Vancouver 2010 Winter Olympics brought many security people to British Columbia for a temporary assignment. After the games ended, some professionals chose to stay, thereby growing the number of security folks in the province.
In 2013, BSides Vanvouver was born. After a 100-person event in 2013, a monthly pub night was established — VanCitySec. Shortly after, MARS was founded as a not-for-profit to continue growing the security community. Every year, BSides kept on growing bigger & bigger, building the reputation that allowed it to bring some notable names as keynotes and expand the reach (the last 2019 in-person event brought together ~600 attendees).
BSides Vancouver is organized by the Mainland Advanced Research Society that describes itself as a “volunteer driven, non-profit organization focused on researching new ways to protect ourselves online, educating, and supporting our communities”. It’s a community-supported cyber security conference in Vancouver and part of the worldwide Security BSides movement.
BSides Victoria is a similar event organized by the Vancouver Island Security Research Society.
Vancouver International Privacy & Security Summit (VIPSS) — an event that offers a platform for over 1000 security and privacy professionals from around the world to discuss important issues on how we securely live, work, and play as the move to digital platforms accelerates.
VanCitySec — a Vancouver-based social meetup for security professionals. A great place to meet new people & chat.
DEFCON Group Vancouver (DC604) hosts monthly meetups & educational (often technical) workshops. DC604 Meetup page lists ~700 members.
Vancouver Security Special Interest Group (VanSecSIG, SecSIG, or just SIG) is an unincorporated not-for-profit organization that also organizes events & meetups for security professionals.
OWASP Vancouver chapter & OWASP Victoria chapter serve BC’s application security community. There are also ISACA Vancouver & ISACA Victoria chapters with a focus on IT Risk, Governance of Enterprise IT, Information Security Management, and IT Assurance.
There is also the Okanagan Information Security Group (OISG) based in Kelowna. Ongoing discussion, coordination, and meeting announcements for the OISG are in Kelowna Technology Slack’s #infosec channel. The Kelowna Tech Slack is at
https://kelowna.slack.com
The Mining and Metals ISAC (MM-ISAC) is a non-profit, industry-owned corporation established to improve the cybersecurity of metals and mining companies. Its goal is to protect members against incidents that could impact safety, environmental sustainability, or operational productivity. The MM-ISAC is a global organization headquartered in Vancouver.
A number of local cybersecurity professionals produce great content, for both technical & for the non-technical audience. For example, the Cyber Security Matters podcast is hosted by Dominic Vogel & Christian Redshaw, two Vancouver-based cybersecurity leaders.
MARS Community Slack channel is also the best online community to join if you want to connect with other cybersecurity professionals in BC.
Conclusions
I think there are five factors worth highlighting as we look towards the future:
It’s all about people
There were more than 2.8 million STEM graduates in Canada in 2016. Combined with the fact that Canada is one of the most educated countries, it makes it easy to argue about the growing workforce in the country, and subsequently in BC. I think what’s even more important is that people in cybersecurity are incredibly driven and self-motivated.
This drive & the desire to help are the main factors behind the vibrant cybersecurity community in BC. It hasn’t been the government grants or the university research labs but the independent security researchers, passionate technologists, CTF and conference volunteers, and community leaders of all sorts that made BC an emerging cybersecurity ecosystem we know today.
Despite the lack of support and venture funding, local entrepreneurs have been hustling day and night to bootstrap their startups or to raise financing from VCs and angels in other countries (mostly the US).
I think it’s fair to conclude that the BC cybersecurity ecosystem, in general, is fully bootstrapped — by those who have a vision about the future of security and are stubborn enough to make it happen, against all the odds.
Economical drivers matter
For entrepreneurs, cost competitiveness makes BC a great place to start a company, especially if they are working with American investors.
For those looking to build security careers, or work remotely for global security firms, cities like Victoria or Kelowna could be a great fit.
BC will continue to attract people
Vancouver has been ranked as one of the best cities in the world, according to Resonance Consultancy’s World Best Cities 2021 report as well as many other sources listing Lower Mainland and the British Columbia at large as great places to live. Supportive immigration policies, as discussed, make it easier to relocate to Canada compared to other countries (and the neighboring US).
Not only one can enjoy the amazing views but also build a great career in tech. Whether we are talking about Vancouver, Victoria, or almost any other city in BC, the proximity to the US, supportive community, and the same time zone as San Francisco make it a great place to build a tech career.
Education will make a huge difference
While this hasn’t been the deciding factor before, I think it will be soon. Most local educational programs in cybersecurity were launched in the past few years. I think we will be seeing the true effect of these changes in 3–5 years when then-senior and accomplished professionals will go on to start their ventures.
Some key ingredients are lacking
As discussed before, some ingredients needed for a tech ecosystem to mature are lacking — this includes access to venture capital, startup mentors, as well as government policy to encourage investment and new businesses in the area of cybersecurity.
Career Resources
For professionals considering starting a cybersecurity career in British Columbia, Canada, I would recommend this resource put together by the BC Government.
For Canadians looking to move into cybersecurity, I recommend Ryerson’s Accelerated Cybersecurity Training Program, an intensive training/certification program designed to give learners from diverse backgrounds the skills they need to launch careers in the cybersecurity sector.
The province’s emphasis on privacy, digital infrastructure, and government support has solidified its position as an important player in the world of cybersecurity.