Understand the cybersecurity and compliance space with Aliahu “Alli” Bey!

BACKGROUND

Aliahu Bey is a US Army Veteran with nearly two decades of engineering and project management experience. 

He built his first business, Haight Bey & Associates, in 2014 and won his first contract worth more than $47 million a year after.

Bey also established Totem Technologies where they provide different cybersecurity services for small and medium-sized businesses using the compliance software that they created. 

When not actively involved in his two ventures, Bey is also helping other veteran-owned small businesses navigate the complicated worlds of government contracting and cybersecurity compliance.

“We were not strangers to our government customers. Our government customer had known me for 10 years. So, when people tell you that it’s all about relationships and relationships matter, it’s very true even in government contracting. If your government customer doesn’t know you, it’s hard for them to trust you.” 

CHALLENGES IN BUILDING HAIGHT BEY & ASSOCIATES

Alli Bey started Haight Bey & Associates in 2014 out of necessity. He just lost his job and all he knew was project management, so he decided to try the small business route in government contracting.

In the first few months, all he did was respond to proposals together with his small team. 

While doing that, he was even working at Tyson Foods on a midnight shift and at a ski hill fitting boots for younger kids, just to make ends meet. 

Luckily, in 2015, he won his first Department of Defense IDIQ contract worth more than $47 million.

However, because the government doesn’t pay in advance, Bey decided to go to a bank to ask for a loan for 90 days worth of payroll.

Although he was denied for the loan, his father-in-law allowed him to utilize his line of credit, instead.

This partnership was then able to help his company to pay six months worth for payroll, as well as investing on other infrastructure for his company. 

“Anyway, that line of credit, that’s how I paid the folks, that’s how we got started, the growth came through.”

BUILDING TOTEM TECHNOLOGIES FOR SMALL BUSINESSES

In executing their first contract, 30% of it was focused on cybersecurity, specifically, hardening some of the assets to support our country’s warfighters. 

So, when the National Institute of Standards in Technology (NIST) rolled out a list of cyber security controls for all contractors to ensure the country’s collective intellectual property is protected, they also made sure that they are compliant.

Because this requirement, together with the Federal Acquisition Regulation, is already so complicated, Alli’s first solution was to reach out to an IT support company. 

However, after finding out that no one knew NIST 800-171 as much as they did, Alli’s team decided to roll out their own solution. 

By the end of 2017, they had stacks and stacks of documents that helped prove their compliance and they decided to create a more manageable cloud-based solution for it.

At first, they thought of marketing it as a government risk and compliance tool, but decided to market it as a whole new company. This is where Totem Technologies came. 

With Totem Technologies, they train companies from the ground up about the basics of NIST 800-171 through a series of webinar-based training while also utilizing the tool that they’ve created.

“It’s just a dynamic shift in the way that we do business and we believe that small businesses simply need to understand that, and once they understand it, they can start working through that process and adhering to these new CMMC controls.”

WHY DO YOU NEED TO BE COMPLIANT?

On the toes of NIST was a compliance matrix called Cybersecurity Maturity Model Certification (CMMC). It was very similar to a software security model that contractors and the US government have been using for years. 

Basically, it’s measuring your cyber security maturity level and then basing that against the type of controlled unclassified information your organization is utilizing. 

For instance, if you allow folks to bring their own device to work, are you implementing MAC filtering? What type of information are you housing on your network? If you’re housing controlled unclassified information, is it segregated from everything else or is it just lumped in with all of your company data? 

Consider this, each government contractor houses small pieces of data in their system, however, if all of this information is stolen, it can be a huge problem to our country’s collective intellectual property.

This is why the F-35 Chinese variant looks very similar to our own F-35. We didn’t share that information, but they stole those little information and came up with a variant of a stealth fighter that is tens of millions of dollars cheaper than ours. 

So, what’s the danger in that? There’s a level of national security that should flag everybody.

“As a nation, as part of the defense industrial base, we need to make sure that we’re locking our doors, we’ve got a guard dog, because they’re going to get in. It’s just a matter of how long they’re going to be there and what information they’re going to be able to take out. So, we have to be able to limit that.”

RESOURCES

If you want to learn more about the cybersecurity and compliance space with Aliahu “Alli” Bey, then be sure to click the resources below.

You can also visit the GovCon Giant website or the new GovCon Edu where you learn everything about government contracting!

84: Cyber Security and Compliance Space with Aliahu “Alli” Bey

https://www.youtube.com/watch?v=321K1ojfno4&t=2396s