Michael Hawkins launched the cybersecurity company Netizen nearly a decade ago in the Lehigh Valley. (Photo/Glenn Koehler)

Editor’s Note: Lehigh Valley Suite Spot is  a monthly interview series featuring Lehigh Valley executives from a wide range of industries and company sizes.

As a young teen in the 1990s, Michael Hawkins recalls playing on the web, then in its infancy, and making a game out of his friends’ naivete. He would pose as an email administrator to obtain their passwords and then send mischievous messages from their accounts.

In the decades since, Hawkins has turned that puckish prank into one of the fastest-growing businesses in America. Netizen, a cybersecurity company headquartered in South Whitehall Township, helps the military, manufacturers, regional banks, health care providers and more prevent cyber breaches with security monitoring, compliance and vulnerability assessments, and penetration tests.

“We monitor all of their network traffic, their IT equipment and make sure no one is breaking down the doors and kicking in the windows so to speak,” Hawkins said. “We also act like hackers to prevent hackers.”

Hawkins, who had been an information systems security officer and Military Police investigator in the U.S. Army, leads a team of about 40 engineers, computer analysts and more at locations in Pennsylvania, South Carolina, Virginia, Florida and New York. As founder and CEO, Hawkins built the business initially on defense contracts, some as big as $12 million. The military work, and the security clearances that went along with it, boosted the firm’s reputation to land commercial customers, now its fastest growing segment.

In the nine years since its founding, Netizen has landed twice on Inc. Magazine’s annual list of the nation’s 5000 fastest-growing private companies and is poised for expansion in a time when cybercrimes threaten industries that are increasingly more reliant on technology and connectivity. It has also been named a Best Workplace by Inc. Magazine and Veteran-Owned Business of the Year by the Lehigh Valley Chamber of Commerce, among more than a dozen other accolades over the year.

Last year, cybercrime complaints to the FBI rose by 7% to 847,378 with major breeches at U.S. Colonial Pipeline and JBS meat-packing company making national headlines. The $185 billion cyber security market is expected to increase by 12% a year through 2030, according to a recent report by the U.S. market research firm Grand View Research.

Hawkins is positioning his team, skilled at identifying malicious software and building “fortresses” around company networks, to take a bigger chunk of that market.

From “daily scrums” with his team to penetration testing “missions” deployed on deadline, Hawkins’ military background informs his leadership style as he battles foreign enemies who seek to steal military secrets from manufacturing contractors or cyber criminals who would hold hospitals ransom by shutting down medical devices.

Hawkins recently sat down with the LVEDC to talk about his company and industry trends.

How did your military background prepare you to launch a cyber security company?

I was actually a military police investigator in the Army. My background was technically law enforcement, but they found out I have unique skills when it comes to technology. I was appointed the information security systems officer for basically every unit I was in. I did similar work for the Department of Veterans Affairs in Philadelphia once I got out of the military.

How are foreign enemies targeting the private sector?

A lot of the nation’s adversaries – North Korea, China, and Russia – often target private companies. They are typically the “softer” targets. Especially in certain sectors here: finance, defense, manufacturing.

Say you have a manufacturer that’s a third-tier subcontractor that makes a highly specific type of bolt, for example. But that bolt goes to the F-35 Joint Strike Fighter. China wants those plans. They want the design specifications for that bolt and will target the company to get it. Target enough companies, and you can assemble the design of the entire aircraft.

If any manufacturer has inklings to sell to the federal government or anything like that, especially for defense purposes, they will automatically become a target of malicious actors in cyberspace.

Is there a common theme in the cyber threats companies face?

A lot of times people will think it’s some sophisticated hacker sitting there, typing away lines of code hour after hour. It’s not. It can be a 14-year-old in mom’s basement sending emails. It’s that easy now. The human element is typically the weakest link in cyber security right now. It’s like phishing campaigns, for example. An email blast that costs nothing to send out can cost targeted business millions of dollars through scams, the syphoning of sensitive information (which hackers then sell), and ransomware.

Netizen has offices in Virginia and South Carolina, close to military contracts that you have. Why are you still headquartered in the Lehigh Valley?

The reason we stayed is the proximity of everything. The cost of living is so much less here compared to major metros. It’s also very fast growing, very dynamic. There’s a lot of buzz about the area, too. The higher educational institutions are also outstanding, and we work with a number of them helping tailor their curricula, perform research and development, and aid in making their students more competitive in the technology and, specifically, cyber security job markets.

What is special about the talent Lehigh Valley’s colleges and universities are graduating?

A lot of colleges aren’t preparing students for work in the industry appropriately. But here they are, especially at the two-year colleges in the region.

When we bring someone on from certain big-name colleges, they might know the theoretical stuff, but we have to train them from scratch: how to use certain types of systems, how to conduct a penetration test, how to document and scope things appropriately, even how to use basic tools. Basic, elementary things. A lot of them have also never had to take a coding class, so they have no idea how software works which makes it hard to describe the inner workings of malware.

The community colleges are focusing on certification paths and hands-on education here, however. Certifications are gold in our industry. They make candidates so much more competitive because they require them to demonstrate actual knowledge and experience.

Nearly half your employees are veterans. You connect with some through military networking events and others through college programs. What makes veterans so attractive in this field?

If you hire someone coming out of the military, you know what their skillset is, you know what their mindset is. You know what their work ethic is, what their so-called “hard” and “soft” skills are. Hard skills can be taught, soft skills can be much, much harder to teach but they are ingrained in you in the military.

If you tell a veteran this company or person has an emergency, that this is now our mission focus and it needs to be done by this date, then it’s done by that date. The mission-focus and team orientation is really beneficial in this industry.

Has Netizen returned to the office?

It’s more hybrid. Out of the 12 people we have in this area, we really only have three of four in the office at any given time. And a lot of that is providing that level of flexibility has helped us attract great talent and retain great talent because it’s something employees are coming to expect right now. It’s not something that would just be a nice perk. It needs to be a key aspect of the job.

What about collaboration in a hybrid environment?

It can be tough but I’ve been doing it so long I’ve picked up a few things to perfect it. Process and structure is critical to ensuring teamwork and collaboration. In the past where you can call a meeting and sit around a conference room and hash something out – that’s a little bit more difficult now. You have to have more structured meetings, but newer technology really enables this.

We have a daily scrum at 9:30 a.m. In the military we called them standup calls. They last no more than 15 minutes. You go around the room and talk about what you did, what you’re doing and any issues you have. That’s it. We started establishing some of that to keep in contact with people, to make them feel connected. Then we started implementing Microsoft Teams software. We use it for everything now — all remote teleconferencing, video conferencing. All that stuff. That really replaces a lot of in-person stuff we did. I wouldn’t say it’s 100% but 95%. Sure. Hybrid is a good model and you get a lot of the benefits of both worlds using it.

What are the limitations of working remotely?

On the business development side, we do have to be close to our customers. Customers want to know that when something goes wrong at 3 a.m. you’re close. The commercial work ties us to this area because of how many customers we have here that are within a two-hour drive.  We’re not going anywhere because of that.

All procurement is also based on relationships. It’s all who you know and how you know them, even in federal markets. There are $300 million contracts being awarded to companies because of how well the customer knows the staff at a certain company and knows their competencies. They find ways within the regulations to award things to companies whom they trust. So, because of this, we attend a lot of events in-person. This way our peers and prospective customers get to know us at a much deeper level.

What business opportunities did remote work present?

Pre-pandemic, a lot of companies simply weren’t prepared for it at all.  There weren’t remote access protocols or their remote access protocols, if they had any, were very antiquated. There wasn’t anything on how they control their data on personal devices. How do you access email on your phone? How can you control that if it’s stolen? The “Great Remote Work Experiment” as I called it meant that a lot of companies needed guidance on what to do, how to manage their data, etc. So that provided us a lot of new opportunities to help secure these companies who were now working well outside of their typical office environment.

Who are your competitors?

Smaller specialized cyber security companies typically in 10-to-30 employee range are probably the most aggressive. They’re the ones coming up with unique solutions that are doing some interesting things and coming out with great products the same time. The larger ones that have been around for a while they’re kind of stuck in their ways. They move slower. Not to say they aren’t competitors, but they don’t adapt as fast typically so it’s those small and mid-size cyber-specific companies that are really moving the needle in this industry. They are who I watch more closely.

What advice would you give entrepreneurs?

Just don’t quit.  A lot of people will hit a hard patch and turn around, never knowing how close you were to striking it. There were times, especially in the beginning, when I thought we’re not going to be able to do this. We’re not getting anywhere, and BOOM! Next thing you know a $10 million contract lands on our lap, and then another, and another. And it’s really just because we stuck it out. We did other things, too. But we stuck it out and that’s what really made the difference. You just have to keep pushing forward, don’t run away, don’t retreat, just keep moving. There’s going to be a lot of hurdles – more than you could possibly anticipate – issues managing growth, conflicts with partners, shady tactics by competitors, difficulties hiring the right people, etc. But you persevere by doing what is necessary to make it through to the next day, the next week, the next month. That’s one of the things the military really ingrained in a lot of people.