Tag: cybersecurity

SOURCES SOUGHT: Cybersecurity Compliance Services Support

Posted on by Eric Coffie

The FEMA Office of the Chief Information Security Officer (OCISO), Compliance Division maintains FEMA’s compliance posture in accordance with Federal Information Security Modernization Act (FISMA) and facilitates a continuous monitoring Authority to Operate (ATO) process that provides security authorization services support to all FEMA systems. The purpose of this effort to ensure the confidentiality, integrity, and availability systems, networks and data are at an acceptable level of risk throughout the system development life cycle by acquiring and providing Information System Security Officers (ISSOs), Security Analysts, Program Manager, and other cyber resources determined in the future to fulfill cyber security requirements for FEMA’s Enterprise systems.

  • Original Set Aside: Total Small Business Set-Aside (FAR 19.5)
  • Product Service Code: DJ10 – IT AND TELECOM – SECURITY AND COMPLIANCE AS A SERVICE
  • NAICS Code: 541512 – Computer Systems Design Services
  • Place of Performance: Washington , DC 20472 USA

Full details via beta.sam.gov

CYONE awarded $23M contract for a software-only solution to meet the Support to Targeting interoperability

Posted on by Eric Coffie

CYONE,* Aberdeen, Maryland, was awarded a $23,492,705 firm-fixed-price contract for a software-only solution to meet the Support to Targeting interoperability, security, training, usability and data-management capabilities. Bids were solicited via the internet with one received. Work locations and funding will be determined with each order, with an estimated completion date of July 19, 2027. U.S. Army Contracting Command, Aberdeen Proving Ground, Maryland, is the contracting activity (W56KGY-22-D-0006).

Cyone Inc is a taxpayer registed with Texas Comptroller of Public Accounts. The taxpayer number is #32055066701. The business address is 4301 W William Cannon Dr Ste B150 C/O Pm, Austin, TX 78749. (www.opengovus.com

Echelon Services LLC awarded $153M contract for the Defense Counterintelligence and Security Agency (DCSA)

Posted on by Eric Coffie

Echelon Services LLC, Manassas, Virginia (HS0021-22-C-0004), was awarded a $153,398,872 firm-fixed-price and labor-hour contract for the Defense Counterintelligence and Security Agency (DCSA). The contract provides comprehensive cybersecurity support to the current enterprise and transformational cybersecurity support for the future DCSA organizational enterprise. Work will be performed in Quantico, Virginia. This contract is funded with fiscal 2022 DCSA defense working capital funds with $3,908,350 obligated at time of award, and operations and maintenance funds with $4,705,390 obligated at time of award. The anticipated period of performance includes one 12-month base period and four 12-month option periods. The solicitation resulting in this contract was competed and set-aside for seven 8(a) Small Businesses using Federal Acquisition Regulation 19.805 Competitive 8(a) procedures. As a result, seven offers were received. DCSA Acquisition and Contracting, Quantico, Virginia, is the contracting activity.

ECHELON SERVICES, LLC (SAM# V6WFXPAQNYC7) is an entity registered with U.S. General Services Administration (GSA), System for Award Management (SAM). The registration date is July 13, 2017.(www.opengovus.com

Aliahu “Alli” Bey: Helping Small Businesses in the Cybersecurity and Compliance Space

Posted on by Eric Coffie

Understand the cybersecurity and compliance space with Aliahu “Alli” Bey!

BACKGROUND

Aliahu Bey is a US Army Veteran with nearly two decades of engineering and project management experience. 

He built his first business, Haight Bey & Associates, in 2014 and won his first contract worth more than $47 million a year after.

Bey also established Totem Technologies where they provide different cybersecurity services for small and medium-sized businesses using the compliance software that they created. 

When not actively involved in his two ventures, Bey is also helping other veteran-owned small businesses navigate the complicated worlds of government contracting and cybersecurity compliance.

“We were not strangers to our government customers. Our government customer had known me for 10 years. So, when people tell you that it’s all about relationships and relationships matter, it’s very true even in government contracting. If your government customer doesn’t know you, it’s hard for them to trust you.” 

CHALLENGES IN BUILDING HAIGHT BEY & ASSOCIATES

Alli Bey started Haight Bey & Associates in 2014 out of necessity. He just lost his job and all he knew was project management, so he decided to try the small business route in government contracting.

In the first few months, all he did was respond to proposals together with his small team. 

While doing that, he was even working at Tyson Foods on a midnight shift and at a ski hill fitting boots for younger kids, just to make ends meet. 

Luckily, in 2015, he won his first Department of Defense IDIQ contract worth more than $47 million.

However, because the government doesn’t pay in advance, Bey decided to go to a bank to ask for a loan for 90 days worth of payroll.

Although he was denied for the loan, his father-in-law allowed him to utilize his line of credit, instead.

This partnership was then able to help his company to pay six months worth for payroll, as well as investing on other infrastructure for his company. 

“Anyway, that line of credit, that’s how I paid the folks, that’s how we got started, the growth came through.”

BUILDING TOTEM TECHNOLOGIES FOR SMALL BUSINESSES

In executing their first contract, 30% of it was focused on cybersecurity, specifically, hardening some of the assets to support our country’s warfighters. 

So, when the National Institute of Standards in Technology (NIST) rolled out a list of cyber security controls for all contractors to ensure the country’s collective intellectual property is protected, they also made sure that they are compliant.

Because this requirement, together with the Federal Acquisition Regulation, is already so complicated, Alli’s first solution was to reach out to an IT support company. 

However, after finding out that no one knew NIST 800-171 as much as they did, Alli’s team decided to roll out their own solution. 

By the end of 2017, they had stacks and stacks of documents that helped prove their compliance and they decided to create a more manageable cloud-based solution for it.

At first, they thought of marketing it as a government risk and compliance tool, but decided to market it as a whole new company. This is where Totem Technologies came. 

With Totem Technologies, they train companies from the ground up about the basics of NIST 800-171 through a series of webinar-based training while also utilizing the tool that they’ve created.

“It’s just a dynamic shift in the way that we do business and we believe that small businesses simply need to understand that, and once they understand it, they can start working through that process and adhering to these new CMMC controls.”

WHY DO YOU NEED TO BE COMPLIANT?

On the toes of NIST was a compliance matrix called Cybersecurity Maturity Model Certification (CMMC). It was very similar to a software security model that contractors and the US government have been using for years. 

Basically, it’s measuring your cyber security maturity level and then basing that against the type of controlled unclassified information your organization is utilizing. 

For instance, if you allow folks to bring their own device to work, are you implementing MAC filtering? What type of information are you housing on your network? If you’re housing controlled unclassified information, is it segregated from everything else or is it just lumped in with all of your company data? 

Consider this, each government contractor houses small pieces of data in their system, however, if all of this information is stolen, it can be a huge problem to our country’s collective intellectual property.

This is why the F-35 Chinese variant looks very similar to our own F-35. We didn’t share that information, but they stole those little information and came up with a variant of a stealth fighter that is tens of millions of dollars cheaper than ours. 

So, what’s the danger in that? There’s a level of national security that should flag everybody.

“As a nation, as part of the defense industrial base, we need to make sure that we’re locking our doors, we’ve got a guard dog, because they’re going to get in. It’s just a matter of how long they’re going to be there and what information they’re going to be able to take out. So, we have to be able to limit that.”

RESOURCES

If you want to learn more about the cybersecurity and compliance space with Aliahu “Alli” Bey, then be sure to click the resources below.

You can also visit the GovCon Giant website or the new GovCon Edu where you learn everything about government contracting!

84: Cyber Security and Compliance Space with Aliahu “Alli” Bey

https://www.youtube.com/watch?v=321K1ojfno4&t=2396s

SOURCES SOUGHT: REQUEST FOR INFORMATION (RFI) – Security Vulnerability Scanning Software for IRS COBOL Applications

Posted on by Eric Coffie

The Department of Treasury, Internal Revenue Service (IRS) IT Cybersecurity and Application Development (AD) areas are seeking information on potential solutions for software security vulnerability scanning software tools based on national security demands. The primary goal is the ability for the tool to perform application security testing (AST) on source code written in various versions of the

COBOL programming language, both inside and outside the Continuous Integration / Continuous Delivery (CI/CD) DevOps pipeline. A large portion of the agency’s current software application portfolio is written in COBOL.

This RFI/Sources Sought is issued solely for information and planning purposes only and shall not be construed as either a solicitation or an obligation on the part of the Government. This is NOT a solicitation for proposals, proposal abstracts, or quotations. This notice is for market research purposes only.

  • Original Set Aside:
  • Product Service Code: 7J20 – IT AND TELECOM – SECURITY AND COMPLIANCE PRODUCTS (HARDWARE AND PERPETUAL LICENSE SOFTWARE)
  • NAICS Code: 541511 – Custom Computer Programming Services
  • Place of Performance: USA
  • Original Response Date: Jun 28, 2021, 05:00 pm EDT
  • Full details via beta.sam.gov

    Check out our RESOURCES page for a sample letter that we use in response to government market research.

Narjis Ali: Pakistani Immigrant turned award-winning IT security company

Posted on by Eric Coffie

Learn how Narjis Ali, a Pakistani immigrant, built an award-winning IT security company!

BACKGROUND

Narjis Ali fled from Pakistan to the United States alone, before being followed by her three children. 

She then founded Sure Secure Solutions in 2004 to optimize the IT atmosphere and to provide information and security to the government and the private sector.

Today, the company is known as an Information Technology security company providing services including cloud computing, web development, cybersecurity, content and information management, and data analytics. 

Due to all of her hard work, Narjis Ali received numerous awards dating back in 2012, including the 2016 SBA Small Business of the Year award, the 2016 and 2017 NASA Small Business Prime Contractor of the Year, and the 2017 Small Business Prime Contractor of the Year at NASA HQ and NSSC. 

Apart from managing her company as the President and CEO, she is also doing volunteer work and is helping organizations across the globe in promoting entrepreneurship.

“I think that diversity adds so much more weight… You’re walking, talking ambassadors of your people and you become good examples of where you are and where you’ve been. I think that’s so important to me to hear people’s stories from, coming from different backgrounds.”

NAVIGATING THE FEDERAL MARKETPLACE

When Narjis Ali immigrated to the U.S., she needed to start her life all over again. She worked in companies related and unrelated to software programming and development and architecture.

Then, after a couple of years fearing the unknown, she started her own company. It took her awhile, but when she hired more employees, that’s when it dawned on her that she had a company.

In 2010, that’s when she made a strategic change to her company. She brought in more partners to get diverse skills in the company.  

One key person was the late John Michael Lounge, a former astronaut, who played a role in helping her with the company’s business development.

She also joined the 8(a) program that same year and was approved on February 8, 2011. 

However, navigating the federal marketplace is different and because she didn’t have much resources and knowledge, she faced difficult challenges at that time.

“For anyone starting your business with the intent to work with the government, it’s a whole different world. I mean, you have to know and you have to know how to navigate through the system.”

Fortunately, she was able to gain success in the following years and was able to learn how to navigate the federal market. 

“The advantage I had was, which I feel till today, is the relationships that I’ve built with my customers. When I say customers, it just doesn’t mean the customer who you’re selling the product or services to. I’m talking about customers in the way of the environment that allows you to be there and create those relationships with coworkers, colleagues, other companies, and the customer.”

ADVICE FOR SMALL AND LARGE BUSINESSES

1. Have familiarity with your target customers. 

Not all opportunities are meant for your company. Some of these are in your domain and some aren’t, so you need to learn how to filter these opportunities and focus mainly on where you want to be. 

This way, you will be able to really learn about what your customers need and place your company in a position where you are seen as knowledgeable. 

“It’s very important to filter out very quickly where you want to focus. It’s better to focus on a few agencies and be persistent and get to know that very well.”

2. Sit on the backseat.

As company owners, you want to really be the one to lead your company in everything it does, but you should not be the one doing it directly. Learn to sit on the backseat and see what’s happening. 

“Almost six years of my 8(a), I was a billable resource… But you know what it took away from me… is that you’ll have to sit on a back seat where you have limited interaction. You do have interaction with customers, but, you know, you don’t spend all your time there because you will not be able to grow the company that way.”

3. Find a resource with technical capabilities.

In building your company, you need good people with technical skills and expertise. You don’t have to be the one facing your customers all the time, you can hire good people to do it instead. 

“There have been times in my company where we’ve had to cut back on management expenses so much and yet we want to keep the people that are providing good value to us so that they can stick around… We feel that these are people that are the most valuable resources the company has.”

2. Be proactive in helping others.

There’s a handful of resources where people can learn about government contracts, but the best resources are the people who have already been in the marketplace for years.

“I would say, just work with a lot of other companies that have gone through things and find out what worked for them, what didn’t, because those lessons are not recorded anywhere.”

So, if you are the latter, why not help new companies? Be a good resource and help them learn how to navigate this lucrative marketplace. 

RESOURCES

If you want to learn more about Narjis Ali, the Pakistani immigrant who built an award-winning IT security company, then check the resources below.

You can also visit the GovCon Giant website or the new GovCon Edu where you learn everything about government contracting!

001: Narjis Ali launched a NASA award winning IT security company

https://www.youtube.com/watch?v=PIy1d2r0xBI&t=551s

https://govcongiants1.wpengine.com/podcast/2019/05/07/01-2/