National Security Agency alumni are coming to a tech startup near you.
Lots of them.
America’s largest intelligence agency found itself mired in scandal since contractor Edward Snowden stole and leaked some of its darkest secrets last year.
But instead of concealing their backgrounds, many leaving the secretive NSA are proudly promoting their espionage backgrounds. These people have serious chops in Internet security, data-mining, pipeline-tapping, and software development — skills that are quite valuable in the private sector.
It is a massive sea change from the days when former NSA staffers were forbidden from telling friends, family, and prospective employers what they did for a living.
“I’ve noticed this a great deal. It’s been interesting to see how people, who would never before have mentioned where they worked or what they’re doing, are posting everything online and you can read all about it,” said author James Bamford, widely considered the world’s foremost expert on the NSA. “Like LinkedIn, where they [NSA alumni] are basically posting their entire résumé.
Above: James Bamford
Image Credit: Courtesy James Bmaford
“Now, with the enormous amount of money going to the private sector from NSA, there’s an enormous amount of people that are putting their resumes in places they wouldn’t have before.”
Besides boasting of their credentials, former NSA staffers are increasingly departing the government sector, securing venture funding, and launching their own startups. Not surprisingly, many of those startups are security-centric: email encryption, database protection, firewall software. The startups have names like Sqrrl, Virtru, Hacksurfer, Synack, and Praxis.
Indeed, about 40 percent of U.S. security IT startups come from former NSA staffers or others from this country’s enormous intelligence community, said Hacksurfer founder Jason Polancich, who left the NSA in 2012 after spending 22 years there.
Polancich, 46, is emblematic of many who inherit the NSA landscape: middle class, tech savvy, and highly educated.
He grew up in Birmingham, Alabama, studied Russian in college, and joined the Army in 1994. The Department of Defense “loaned” the Southerner to the NSA because of his language skills, and he later also learned Arabic. While inside he became a serious techhead and learned the ins-and-outs of database building, encryption, and analytic-data architecture.
“This isn’t Apple. It’s a different world,” Polancich said. “In that context, it becomes difficult to understand. I really loved working there. We got to deal with, and tackle, problems no one else could. It is unique resume fodder.”
Hacksurfer employs 20, with around half coming from NSA and half from the private sector.
Out of the shadows
The longstanding joke is that NSA stands for “No Such Agency.”
But after years of secrecy, the NSA was thrust abruptly into the spotlight last year. Never before has it faced such scrutiny — all thanks to Snowden’s leaks that disclosed some of the agency’s metadata collection programs.
In 1952, an executive order from President Harry S. Truman created the agency. Today, from its headquarters at Ft. Meade, Md., known as the Puzzle Palace, the agency employs around 35,000 staffers and 15,000 contractors. Another 10,000 in the U.S. Cyber Command are also under the NSA’s purview, according to Bamford. Employees within both organizations are spread around the globe.
The agency’s budget is classified, but Bamford, who has written five books on the NSA and knows the inside of the agency like no other, pegged it at $10.5 billion for fiscal 2013.
While people leave the NSA for the private sector, the flow goes in the other direction, too, when the agency hires from the corporate world.
The constant back-and-forth of employees and contractors to the NSA and the private sector and back to the agency is of enormous benefit to the NSA. It is one way to get a sense of what others in the private tech sector are building and doing.
“What NSA people learn in private industry is brought back to NSA and vice-versa. It’s a huge revolving door. So what private industry is doing, the NSA has a good way of knowing about it because a lot of those people like that go back to NSA,” Bamford said.
Many join the agency right out of college, where prospective students are discovered by academic talent spotters with extant NSA and intelligence community relationships.
Or at college job fairs, which is where Adam Fuchs discovered the agency and joined at 21. The 32 year old is now the chief technology officer at Sqrrl, a NoSQL secure-database startup that uses Apache Accumulo, an open-source platform Fuchs worked on while it was being hatched at the NSA.
The NSA did not get back to us by press time.
Above: Former NSA employee Adam Fuchs.
Image Credit: Courtesy Adam Fuchs
Fuchs, who studied computer science at the University of Washington in Seattle, greatly enjoyed his 10-year stint at the agency. While many of his friends took high-paying jobs at Google, Fuchs instead chose to devote himself to, as he put it, “service to my country.”
“It had its ups and downs. It’s actually a really great culture. A lot of brilliant people there are experts in their field. There’s a great sense of mission. So I enjoyed a lot of those aspects,” Fuchs said. “But it’s a different lifestyle working for the government. I spent a lot of my time working in a basement with no windows. I would certainly choose something different from that.”
Accumulo was an NSA in-house database constructed as an open-source platform to serve certain sectors of the agency. Work on Accumulo at NSA began in 2008, and today it is the backbone of Sqrrl.
“At NSA, we started looking at infrastructure and technology that some of the tech companies were publishing like Google. Distributed file systems and databases for example. We began looking at that as an opportunity to work with some of the stove-piping to consolidate databases and do more interesting analysis. We looked at how to do infrastructure for big data,” Fuchs said.
The effort to develop Accumulo, according to Fuchs, spanned across several different intelligence agencies. Today, having done his stint, Fuchs feels the tech acumen he accumulated at the NSA is an ideal fit for the commercial sector. Today, Sqrrl has offices in Cambridge, Mass., and in Maryland.
Nothing to hide
Will Ackerly spent eight years at the NSA specializing in cloud analytic architectures — specifically protecting the agency’s in-house data transfers. As soon as he left, he co-founded Virtru in 2012, and the startup has raised $4.2 million in venture funding.
Virtru is an encryption security startup focused on the secure sending and transmission of email across all major such platforms, including Gmail, Yahoo, and Outlook. Virtru encrypts the contents on your device then sends the transmission to the recipient — but it separates the encryption key from the message.
Like Fuchs, Ackerly was delighted at having served. But it was time to take his skill set to the private sector, he said.
“From the insight I received at NSA on protecting data, I really wanted to shift from working on government systems to the private sector,” said the affable Ackerly, whose brother, John, is the startup’s chief executive.
Sqrrl cofounder Ely Khan, who worked closely with NSA teams during his stint detailed to the National Security Council at the White House, said his clients aren’t concerned about reports of NSA hacking Google and Apple servers, or even monitoring the phone calls of bartenders and bank clerks. What they want, he said, “is NSA-grade security that we can provide.”
“We haven’t tried to hide our NSA heritage,” Khan, who originally hails from Boston, said.
Former NSA staffer’s interviewed for this article all resoundingly denied that NSA alumni were out to form companies with the express intent of spying on their clients. Some of the startups featured count banks, telecommunication giants, entertainment companies, and federal government agencies as clients.
Above: Jason Polanich
Snowden, from his dacha outside Moscow courtesy of host Russian President Vladimir Putin, said the NSA spies on everybody. But NSA insiders disagree.
“I’ll tell you this. I spent my career there. This international outcry of ‘they’re doing this, they’re doing that,’ is just horseshit. The NSA doesn’t care about 99 percent of this stuff,” Hacksurfer’s Polancich said.
As for the NSA, it has simply gotten too big to do the job it was originally formed to do: eavesdrop and spy on then Soviet diplomats and its communist military, according to Bamford, whose first book on the agency, The Puzzle Palace, was released in 1982. The book, an international bestseller, is widely credited as the first to pull back the curtains on the then ultra secret signals intelligence organization.
Much has changed since the 1950s, Bamford said, and pointed to three of the NSA’s most recent colossal failures: the inability to detect “Underwear Bomber” Umar Farouk Abdulmutallab in 2009; Pakistani Times Square bomber Faisal Shahahzad in 2010; and the bombing of the 2013 Boston Marathon by two terrorists from Dagestan, one of whom was killed by Boston-area cops.
“The NSA is focused on what [ex-NSA Director] Gen. Keith Alexander called ‘collect everything,'” Bamford said. “You can’t possibly have the ability to analyze it all.”
And collect it they do. With insertion teams operating in Yemen tracking Al-Qaeda in the Islamic Maghreb to the massive NSA eavesdropping facilities replete with massive intercept radomes in Australia, New Zealand, Japan, Canada and the U.S.
As for Snowden, a traitor to some and hero to others, former NSA staffers agree that the he stole agency property, but some were more circumspect when it came to calling him a Benedict Arnold who needed to hang by the neck.
“Snowden was in a position where he really understood all of the compliance requirements that were in place and all of the restrictions that were in place, and yet he decided to go outside the established channels,” Fuchs said. “At the root of this is the fact that the intelligence community had restrictions that had a balance,” between the Constitution and privacy rights.
“It’s safer if the terrorists don’t know what restrictions you have,” Fuchs added. “Can the public actually deal with these compliance restrictions being secret? So [for Snowden] to go outside these channels showed a lot of hubris. Showed a lot of ego. It was definitely criminal.”
Polancich said simply, “I’m forbidden to talk about it.”
For Will Ackerly over at Virtru, it’s a postive step that many are leaving the agency, with their knowledge and tech skills, and then entering the commercial sector to launch their own companies.
Many within the agency understand and care about ‘Net privacy and individual rights, he said. Those launching startups are in fact using these skills gleaned inside the NSA to create and build systems and platforms to thwart intrusion on their own communication channels in the real world, even possibly from the agency itself.
“It’s a good thing. A lot of the data breaches are putting a fine point that security is very hard to do well. Lot’s of people I know at NSA leaving to start their own companies have a specific expertise and want to help. There’s a huge benefit there,” Ackerly told VentureBeat.
“The biggest return on our investment is to get the best technology into the hands of people commercially to make sure the ‘Net is a good place for everyone.”