• United States



Pure play cybersecurity firms in your backyard

Nov 25, 20153 mins
CyberattacksCybercrimeData Breach

These are cyber fighters you can dial up if the growing cybercrime epidemic has you on the edge.

cybersecurity boards
Credit: Thinkstock

Let’s put a stake in the ground right here and now at CSO and officially coin the phrase “Pure Play Cybersecurity Firms”.

Who’s a pure play cyber firm?

Pure play cyber firms are an inch wide and a mile deep in defending enterprises against hacks and breaches. These firms were born and raised as cybersecurity advisory and consulting services providers, and their primary business is counseling clients around cyber threats — and providing services to protect against and respond to hacks and breaches. 

Some pure play cyber firms have add-ons to that bio — including managed (outsourced) security services, product(s) recommendation and implementation (which are not influenced by any vendor certifications or quotas), and some times even their own cybersecurity products or productized services.

Who’s not a pure play cyber firm?

Cybersecurity hardware and software product vendors, value-added resellers and systems integrators who resell and implement cybersecurity products from specific vendors as their primary business, large technology companies with cybersecurity divisions or business units, and big defense contractors who provide cyber services mainly to federal agencies.

The cybersecurity market is still a cottage industry with many pure-play cyber firms. A picture is worth a thousand words. Here’s a look at five of the more experienced pure-play cyber firms in the U.S.:

Clearwater Compliance (Nashville, Tenn.) has helped hundreds of organizations of all sizes including hospitals, health plans, law firms, private equity firms and Fortune 100 companies, with their information risk management requirements.

Praetorian (Austin, Texas) enables clients to identify and manage information security risk. Their services include security assessments, penetration testing, code reviews, secure software development lifecycle reviews, regulatory compliance solutions, and incident response.

Ridge-Schmidt Cyber (Washington, D.C.) advises corporate and government leaders on developing and leading resilient organizations. Their personnel have amassed unique information security and risk management experience after serving at the highest levels of both government and industry.

root9B (Colorado Springs, Colo.) sends specialized cyber operators into corporate networks — to hunt for and stop intruders. root9B’s technical teams are comprised of cybersecurity professionals who honed their craft securing DoD networks and communications.

Stroz Friedberg (New York, N.Y.) is a global leader in investigations, intelligence and risk management. They are a collection of the brightest minds in the fields of digital forensics, investigations, forensic accounting, incident response, security, compliance, data discovery, intelligence and due diligence.

The pure play firms are not household brand names and may not bring the name recognition of a big tech company or major security product vendor — but they are the local cyber fighters you can dial up if the growing cybercrime epidemic has you on edge.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.