A recent article on Nasdaq.com speculates merger and acquisition possibilities for Northrop Grumman, a top-five U.S. defense contractor. Popping up on the radar screen is Long Island, N.Y. based Code Dx, a small firm specializing in the fast growing cybersecurity market – which is expected to reach $170 billion by 2020.
Alex Gennaro, who covers ETF investing, portfolio strategy, long/short equity, aerospace and defense, describes how Code Dx would bolster Northrop Grumman’s :
“Code DX is a provider of a robust suite of fast and affordable tools that help software developers and security analysts find, prioritize, and visualize software vulnerabilities. It is a private small to mid-cap cyber security firm with a growing backlog of orders. Code Dx has been awarded multiple SBIR grants from the US. Department of Homeland Security (DHS), totaling millions of dollars. This company is also headquartered out of Northport, N.Y., near the NG Bethpage location. With many Northrop Grumman offices still on Long Island, integration of Code DX into the larger NG family would be a relatively smooth and easy transition for both parties concerned. Besides a bolstered cyber security for government contracts, its central location on Long Island would also allow access to the greater New York markets for private commercial contracts which could potentially generate hundreds of millions, possibly billions, of dollars for NG.”
When this was brought to her attention, Anita D’Amico, CEO at Code Dx said “Holy mergers, Batman. I have to find out who to talk to at Northrop Grumman.” D’Amico may have been jesting, but she is one serious cybersecurity executive. It is rare to come across someone with a background like hers. She refers to herself as “a starter-upper” who develops a vision and fuels it with the energy, communication and leadership needed to make that vision a reality.
Code Dx is a vision turned into reality by Anita D’Amico. She has worked for more than 20 years in the cybersecurity field – coincidentally starting as the head of Northrop Grumman’s first Information Warfare team. D’Amico is a human factors psychologist, a specialist in situational awareness, and a security researcher. On top of that – she is the chief rainmaker at Code Dx. But don’t mistake that for a flashy salesperson. D’Amico spearheaded Code Dx’s efforts to win the SBIR grants from DHS — and that means extensive proposal writing, and consulting, plus marshaling the technical experience of others at her firm.
So how is it that a small cybersecurity firm like Code Dx can potentially be so valuable to Northrop Grumman or another acquirer? Most computer security incidents can be traced back to weaknesses in software that were inadvertently put there when the code was developed. Poor software development practices may be the biggest cyber-threat of all. DHS states that 90% of security incidents result from exploits against defects in software.
The Code Dx product was partially funded by the DHS Science and Technology (S&T) Directorate due to the dire need to increase software assurance for critical infrastructure and secure the country’s software supply chain. As a result, Code Dx addresses the needs of a variety of users who influence software security decisions that affect an organization’s exposure to cyber attacks or liability associated with such attacks. These include: software developers, security analysts, software testers, quality assurance engineers and chief information security officers (CISOs).
“The security industry is overly-focused on testing and scanning for known vulnerabilities in software after it’s been released, and under-focused on poor software development practices that lead to vulnerable applications that hackers can exploit” says Frank Zinghini, CEO of Applied Visions, Inc., a software development company providing solutions in cyber security, business applications, and command and control systems to government and commercial customers worldwide. Code Dx was started up as a division of Applied Visions several years ago, and then spun out on its own as Code Dx, Inc. last year.
Despite its government-backed roots, Code Dx has a potentially larger market opportunity in the commercial sector. Northrop Grumman created a new business unit in 2015 that looks like an entirely separate company –– to pursue the commercial cybersecurity market. The unit is led by a CEO with a big name in the commercial sector – Kris Lovejoy – who was previously general manager of the IBM Security Services Division, charged with development and delivery of managed and professional security services to IBM clients world-wide. Perhaps NG is whispering in Acuity’s ear about the small cyber firm.
Code Dx may be on a short list of potential cyber acquisitions by the other top U.S. defense contractors as well. Although Lockheed Martin, Raytheon, Boeing, and General Dynamics have struggled in the commercial cybersecurity market, they have substantial businesses around protecting U.S. federal agencies against cyber threats – a major focus area for the Long Island upstart.
The market opportunity for Code Dx is so great, it is hard to measure. Just think, the world’s software code is their market – or total addressable market in venture capital nomenclature. No wonder this little company is showing up big on the investor radar screen.