Built-In Cybersecurity Key to Defense Department Mission: Sponsored Content
Solutions providers must have the flexibility, expertise to provide the right product to the customer.
When executives from Iron Bow Technologies sit down with officials from potential customer agencies, the goal is to understand the needs of the client rather than to close a deal, according to James Ebeler, the company’s CTO for Department of Defense (DOD) business. Privately held, Herdon, Va.-based Iron Bow built its billion-dollar annual revenue as an IT solutions provider by gaining something more important and much harder to get than just a sale: “The trust of the customer.”
Ebeler, who capped a 25-year army career as the service’s CTO and chief technical adviser to the G-6 or Army CIO, understands that DOD agencies put the job first. “Everything comes back to the mission,” he said.
Cybersecurity is now intrinsic to gaining that trust, Ebeler explained. “Any solution that we bring to our DOD clients, has a cyber component embedded in it,” he said. “It’s not an afterthought or an add-on, it’s built in.”
Because the company offers turnkey IT solutions, “We can build security in from the beginning,” taking advantage of the fact that cybersecurity vendors increasingly allow programmable access to their tools, so they can be customized to work with existing DOD equipment.
Gaining the Customer’s Trust
When Iron Bow meets with officials from organizations, “It’s all about understanding their problems and gaining their trust,” said Ebeler. Indeed the sale is really just a byproduct. “Of course we want the sale, but that’s not the top priority. Getting to know the client intimately [is.] … What is it they really need? What is their problem? What has to be protected? We go in to really understand what the requirement is,” he said.
Especially in the cybersecurity space, “There are a lot of vendors out there … It’s a hard decision [for organizations] to choose which one is most appropriate for their environment and mission. Iron Bow leads with the customer’s mission first,” Ebeler explained. They will walk a potential customer through all of their various options. “Our engineering expertise enables us to provide the pros and cons of every solution … what our clients will get, what they may not get and what the differences are … We’re giving them the information they need to choose the solution that’s right for them.”
“Our customer satisfaction is a top priority,” he said. “We go back to make sure it’s the solution they wanted, that it’s delivering what they expected … That’s how you become a go-to partner,” he concluded.
Understanding the Customer—and Their Budget
Ebeler’s 25 years in the Army, much of it as a chief warrant officer, provided essential insight into government budgets. It’s a message that he noted seems lost on some vendors. “The government doesn’t have unlimited money … They’re going to try to get as much capability as they can at the least expensive price.”
Part of understanding the client means, “You have to understand their budget,” said Ebeler. “If they have a limited budget, we have to design a solution that still meets their requirements for protection and security within that constraint.”
It’s that intimate understanding of the client’s problems, he said, that gets Iron Bow “the opportunity to compete for repeat business.”
The solution provider market is “crowded,” Ebeler acknowledges, but Iron Bow is distinguished by its technical expertise. “Our engineers are second to none. We’ve invested heavily” to recruit and train the right people. And that means, “The engineering support we can offer to clients is exceptional … gold standard.”
Iron Bow’s engineers train side by side with the company’s partners to ensure their skills are kept current and that they maintain the required DOD certifications. And they in turn can train the customer’s staff how to better use their tools.
Iron Bow’s engineers are highly experienced and skilled with various key industry certifications that allow the company to start “leveraging their subject matter expertise as soon as they hop on board.”
It’s that engineering expertise that allows Iron Bow to turn a product that’s almost right for a customer into one that’s exactly right — through tweaking an out of the box product so that it really meets the customer’s requirements.
It’s just one example of the way Iron Bow offers solutions that are “flexible and agile” enough to leverage new solutions to respond to rapidly evolving requirements, Ebeler explained.
In cybersecurity, “Vendors understand the speed at which the threat landscape is changing. They are increasingly allowing programmable access to their tools,” so they can be integrated, both with other new tools and with existing DOD networks and endpoints.
“Our engineering expertise means we can take multiple capabilities and program them to integrate in a way that provides an elevated security posture for DOD, but is sustainable and above all simple for the end user to operate and maintain,” Ebeler said.
“The goal is to reduce the mean time for incident response and repair,” he added.
Big Picture Vision
Iron Bow’s experience working in the IT field gives it a breadth and depth of vision that pure-play cybersecurity vendors might lack, Ebeler said.
“Our expertise in the network environment and in data center, collaboration and analytics gives us the visibility of the big picture” needed to understand how different cybersecurity tools will work in practice in a client’s environment. In endpoint management for example, “You don’t want to put a tool on that endpoint … which is just going to hog bandwidth and slow down the network.”
Iron Bow also leverages the expertise of its engineers for the long term, as it increasingly offers “leave behind teams” for staff augmentation at client agencies. “So it’s not just ensuring that the client really understands the capability they’ve bought, and can use it effectively, but actually having a team there to work alongside our client’s staff on an ongoing basis.”
The leave behind teams can reach back to the our experts anytime they need anything, Ebeler said, adding that was especially important given the speed at which a cyber threat can change. And the typical lumbering response of government acquisition processes.
Making Compliance Easier
“DOD compliance requirements are very exacting,” explained Ebeler. When vendors introduce new products, traditionally they haven’t been able to start selling those right away. “Any time there’s a new product, it has to get onto the Approved Product List and then [when it’s installed,] you have to apply the STIG [Security Technical Implementation Guide] guidelines and you have to adhere to the RMF [Risk Management Framework] controls and you have to apply the NIST [National Institute of Standards and Technology] standards. Each of those is like a gate you have to get through. … That is not an easy process,” he explained.
Iron Bow’s expertise means it can take the pain out of those compliance requirements for customers—and turn them into the useful security tools they’re supposed to be. And they work with their partners to help them navigate the compliance maze.
“When our vendors bring out new capabilities, we will work with them to meet those compliance requirements … sponsor those solutions sets to get them approved. We’ve been investing in some personnel to help move that along more rapidly,” Ebeler noted.
“The cybersecurity landscape is changing rapidly, the adversaries are changing ... We have to be looking at the newest capabilities,” he said. Recently, he added, “DOD has opened its aperture for new capabilities,” through the use of Other Transaction Authority or OTA. Using this special procedure, explained Ebeler, “allows industry to show innovative solutions upfront and then work the compliance requirements afterwards.”
“DOD has used OTA authority to get cutting edge, innovative technology into the pipeline. ... We’ve won our fair share of that business,” he said.
Commercial Solutions for Classified
Another area where DOD has sought to expand its use of leading edge commercial technology is the Commercial Solutions for Classified, or CSfC program. The NSA runs CSfC and has listed Iron Bow as a trusted integrator, qualified to design, assemble and implement approved solution sets in accordance with the exacting requirements of the program.
CSfC allows customers to replace custom-built infrastructure with conventional IT equipment specially configured to operate securely. “It’s more flexible and there are clear operational benefits,” said Ebeler.
In the long run, CSfC solutions save agencies money, he noted. “The upfront [capex] cost is a little more, the ongoing [opex] cost is a lot less.” But the upfront cost is not insignificant, as the agency has to build out a new network backbone — one that can handle both “black” or unclassified traffic, “red’ or classified, and can even accommodate traffic from partner nations or coalitions.
“You have to build out the ‘grey network’ backbone, buying all the network monitoring and management tools you need to run that,” Ebeler said. “That’s not cheap.”
Iron Bow has built one grey backbone already—for a federal law enforcement agency. And other agencies want to realize the operations and maintenance savings they can get, but are looking for the capital funding they need to get started.
The advantages of CSfC are manifold, Ebeler said, and he predicted that grey networks are the future of classified communications. “You can manage multiple sites from one location … You have the flexibility to address different scenarios, and you can update quickly … You can proactively diagnose issues before they become problems.”
As DOD agencies seek to modernize their legacy IT, achieve budgetary goals and guard their key data assets, Iron Bow Technologies will be there, ready to deploy its expertise to help them meet their mission.