Views from the Corner Office is a new show designed to talk to the private sector leaders that influence and impact the federal market. The goal of this monthly discussion is for federal executives, lawmakers and other industry experts to gain insights and a better understanding into the trends, the challenges and the evaluation of the technology, acquisition and leadership in the federal market by the executives who lead the federal practices of government contractors....
Views from the Corner Office is a new show designed to talk to the private sector leaders that influence and impact the federal market. The goal of this monthly discussion is for federal executives, lawmakers and other industry experts to gain insights and a better understanding into the trends, the challenges and the evaluation of the technology, acquisition and leadership in the federal market by the executives who lead the federal practices of government contractors.
John Wood, CEO of Telos, sat down with Federal News Radio’s executive editor Jason Miller at the station’s studios in Washington, D.C.
Here are some excerpts from that discussion.
Insight by Sonatype: Agencies must consider security, user experience, culture and overall integration to create a successful software development process. Find out how three agencies overcame the challenges and moved to DevSecOps.
JM: Is it a good time to be a government contractor?
JW: Well, in my mind it’s a great time to be a government contractor. You know, a lot’s happened in the last several years. Several years ago there was the introduction of lowest price technically acceptable (LPTA) and I really thought that was a good idea, gone bad. I was happy to see … recently through the defense authorization act both on the House side and the Senate side, that they agreed to eliminate LPTA as it relates to cybersecurity goods and services. And then just recently they decided to extend it governmentwide, which is very, very good. So I think they’re the Hill is listening. Second thing I think from a standpoint of being a contractor in the it space that’s happening is the administration is really recognizing that there’s a problem. [President Donald Trump] recently signed the cybersecurity executive order and in that order [the administration] basically said that they’re going to go to the cloud first and they’re going to embrace the National Institute of Standards and Technology cyber framework. And those are very, very good positions that the administration has taken at admitting that they have a problem as it relates to legacy systems and be taking actions to support it.
JM: Tell me a little more about how these things affect you as a contractor.
JW: So back in 2011, my chief security officer and I wrote an article about why the cloud was more secure, and it went over poorly. However, there was a shot heard round the world at the end of 2013 when the CIA made the decision they were going to move to the cloud. And so basically what that did is it made organizations, not just in the government around the world say, wait a minute, if the cloud is good enough for the agency, we should consider it too. So now if you fast forward to where we are today, why does the agency like the cloud? CIA loves the cloud because they can spend a server up in 2 minutes. It used to take them 18-to-24 months to provision a server. That’s a huge difference.
Why is it good from my standpoint and my company in the cybersecurity business? We do all of the automation of security and compliance, automation work and orchestration for the cloud. So it’s not just being able to provision a server in a couple of minutes, but also being able to provide what’s called the authority to operate within a week. That is a substantial change and that is good things for everybody. The government’s getting more money. They’re funding IT modernization programs. You’re seeing the benefit associated with it.
JM: You seemed to insinuate that that one of the trends that may be is coming is the upheaval of how agencies are securing, dealing with the modernization of legacy systems. Is that one of the kind of upcoming trends?
JW: I’ll tell the story this way. Back in 1999, we were dealing with a customer called CECOM up in Monmouth, New Jersey. We were doing something back then called C&A, certification and accreditation. We were doing it time and materials and the customer is only getting about 3 percent of their systems certified. Why is that? Well, the average cost for that customer from us at that time was over $300,000. So I went up to visit that customer with one of my guys and I posed the solution to him which kind of changed things for us. I said, ‘Hey, why don’t you buy 100 of them from me?’ And I kind of made up a price. I said, ‘Look, if you buy 100 of these things for me, I’ll charge you $75,000 fixed price.’ And my customer said to me, ‘Hey, you’ve been, you’ve been screwing me.’ And I said, ‘No, you’ve been screwing yourself.’ And he said, ‘What do you mean?’ And I said, ‘Look, if you buy one thing one at a time, and then if you don’t buy more than one thing, there’s no economic order quantities there is no load balancing, there’s no program management methodologies we can do, and most importantly, there’s no incentive for me to invest in tools and methods that I can use for automation.’
Now to the credit of that customer, they purchased 50 upfront and then away we went. That’s how we started Xacta [which is a subsidiary of Telos]. So we’ve driven the cost of certification, accreditation down hugely as a result of that. Now in the beginning, what does that mean? That means that the cost goes way down, but on the other hand, my margin goes way up. And that’s the point that the old guard has to sort of understand.
You have to look at things a little bit differently instead of doing only 3 percent of the systems, maybe what ends up happening is I do 95 percent of the systems. And instead of making only 7 percent to the profit line, maybe I make more like 50 percent to the profit line, but I’m taking the risk. I’m taking the research and development risk. That’s one of the things I think this region could really benefit from is taking more R&D risk. Yes, there are a lot of contractors that deal in the technology space, but there not a lot of contractors that take R&D risk.
JM: What do you think about the use of Other Transaction Authority (OTAs) in government?
JW: I see OTAs as a way for the government to take risk and a way for the government to quickly assess whether or not something’s going to work from a the standpoint of new technology. At the end of the day what an OTAs does is it provides a relatively easy mechanism that’s been in place for a long time to enable our government customers to move forward with an initiative to see if something’s going to work. And that’s why I like OTAs. Recently, I gave a talk at a local chamber event and was a bunch of other executives and I asked the question, ‘Hey, how many of you guys use the whole protest process?’ And everybody raised their hands. And I said, ‘how many of you guys protest aggressively when you lose?’ They all raised their hands. ‘How about when you win, do you go in and defend with the government?’ And many, if not all, raised their hand. Then I asked, ‘How many of you guys liked the protest process?’ And the answer was zero. Right? So one of the things I like about the OTA, in general, is it provides a relatively easy mechanism for the government to move forward. And while it’s not protest proof, it is less easy to protest and less of a business strategy, if you will, for companies out there.
JM: Do worry about the transparency of the OTAs? So for instance, again, one of your competitors has access to an OTA that you don’t. Is that transparency an issue for you?
JW: It’s not. We all have at the end of the day relationships with customers and we got to make it work on the merits. Where I’m coming from, if we get a sole source justification, as an example, which my competitor may not know about, the sole source, justification is an indication that we’ve taken some risk upfront that someone else hasn’t. We probably have over a thousand man years of stuff that we built around certification accreditation. It’s evolved to things like continuous monitoring. It’s evolved to something where it’s all the time, but we’ve taken a massive risk where others.
JM: Tell me a little bit about yourself. What is something about your non-federal life that we should know about?
JW: I was putting myself through school and so basically I said to this professor, who was also the treasurer of the school, I’d liked to help start this thing called a credit union, which I did with several of my colleagues. So we started the first all-volunteer student, federal credit union in America in 1983 and it’s still in existence, which is something I’m very proud of. The second thing that happened was I put myself through school and I helped work in the academic computer center. In working in the academic computer center, that’s where I learned how easy it was to break into systems, how vulnerable they were, and let’s just leave it there. And then I’d say the last thing that was really formative for me was, when I was in high school, I weighed about 230 pounds, which I’m a very happy 230 pounds today. Georgetown’s also not known for its football team. So when I played there my first week we got beaten by Gallaudet 31-0. And I said, ‘You know, I don’t want to do this.’ So I walked outside and I saw these guys with these longboats and I looked at these guys and I said, ‘Hey, what is this?’ And they said, ‘This is crew.’ And I said, ‘Well, I want to do crew.’ And they said, ‘Well, you’re too short to be a heavyweight and you’re too fat to be a lightweight.’ So I ended up losing weight. I went down to 155 my first year and then my subsequent years I went down to 147 and rowed lightweight crew. Those three experiences were very formative for me. The first one taught me about business. The second one taught me about the opportunity and the third one taught me about how teamwork is really made and how teams are made.