SecuriGence leadership and principal staff have a collective 100+ years of experience in Cyber Security, Program/Project Management, Systems Engineering and Integration, IT Operations Support, and Software Development. We strive to follow a philosophy of intelligently leveraging any and all available resources, methodologies, and expertise while supporting our customers’ requirements. SecuriGence has a proven track record of high performance support of federal civilian and defense customers.
- Cyber Security
- Systems Engineering and Integration
- IT Operations Support
- Software Development
- Project Management
Traversing through the myriad of security guidelines and directives can be bewildering—let us assist. SecuriGence has developed security policies, procedures, and guidelines based on many different forms of guidance, such as NIST 800 Series, DoD Instructions, Risk Management Framework (RMF), DoD directives such as TASKORDs and PLANORDs, and the ICD Series (need to check on exact name). We have utilized these guidelines, while integrating agency-specific guidance and requirements to produce effective solutions. SecuriGence also has experience managing agency programs such as Information Assurance Vulnerability Management (IAVM), Vulnerability Management System (VMS), and 8570 Workforce Improvement Program (WIP).
Computer Network Defense
The malicious actor attempting to exploit your information systems only has to be right once. While today’s IT capabilities have fundamentally transformed the way we operate, they have also increased our attack profile exponentially. SecuriGence has leveraged leading edge technology, such as next-generation firewalls (NGFW), big data SIEM solutions, and sandboxed virtual execution of code, to develop holistic, best-of-breed security stacks for our customers. Our staff are computer network defense experts, tackling the latest risks to information systems, such as advanced persistent threats (APTs), zero-day exploits, and insider threat.
An unpatched Windows system will survive approximately 5 minutes on the open Internet according to the Internet Storm Center (ISC). The truth is, fundamental system hardening, implementation of an anti-malware suite, and other security best-practices can substantially decrease the attack surface. Our security engineering staff utilize NIST, DISA STIGs, and CIS benchmarks, among others, coupled with organization-specific guidance, and industry best-practices to harden systems. SecuriGence has implemented and maintained enterprise deployments of industry leading anti-malware suites, to include the DoD’s execution of McAfee ePolicyOrchestrator, known as HBSS. Vulnerability scanning is a key component of assessing weaknesses in network components, endpoints, and software. SecuriGence engineers have experience with numerous vulnerability scanners, to include Retina, Acunetix, and Nessus—along with the DoD implementation of Nessus, called Assured Compliance Assessment Solution (ACAS). Our staff are certified in various Microsoft, Red Hat Linux, Cisco and other products, and are authorities at securing them against malicious actors.
Certification and Accreditation (C&A)|Assessment and Authorization (A&A)
What value is an information system without an authority to operate (ATO)? All dressed up and nowhere to go. C&A/A&A, while essential to gaining approval to operate an information system, is more importantly critical to the process of risk management within an organization’s overarching security program. The selection and specification of security controls, and subsequent implementation and testing, is crucial to ensuring that an information system has security baked-in from inception and throughout its system lifecycle. SecuriGence has extensive experience with many accreditation vehicles, to include:
- Defense Information Assurance Certification and Accreditation Process (DIACAP)
- DoD 8510.01 Risk Management Framework (RMF) for DoD IT
- NIST 800-37
- Director of Central Intelligence Directive (DCID) 6/3
- Joint SAP Implementation Guide (JSIG)
- DoD Joint Security Implementation Guide
- We have guided organizations through all phases of C&A/A&A, to include control selection, auditing, artifact generation, and plan of actions and milestones (POA&M) management, with 100% success in attaining ATO/ATC.
System Design and Development
Without a detailed and well executed design, you end up with the Leaning Tower of Pisa. We apply our broad experience to build and maintain enterprise information systems using proven methodologies and processes to afford maximum availability and reliability. SecuriGence gathers customers’ technical requirements with acute attention to detail and traceability, resulting in tailored solutions to support the organization’s mission.
Can you imagine if an airplane’s engine management computer could not communicate with the flight control system? Talk about a flight delay. Without integration, you just have a collection of disparate pieces. SecuriGence engineers have successfully led integration projects of all sizes, using our expert knowledge in competencies such as networking, system engineering/administration, and software development, to bring individual components together as a cohesive, holistic system.
Server Virtualization and Cloud Hosting
Who doesn’t love the 1957 Chevrolet Bel Air—but would you use one today as your daily driver? Considering it gets about 14 miles per gallon and seat belts were optional, modern cars are clearly safer and more efficient. Server virtualization yields numerous benefits, both in efficiency and decreased system administration overhead. Virtualization allows an organization to more efficiently utilize its assets by minimizing server idle time and elastically provisioning resources. Additionally, an organization will realize a decrease in physical footprint and electrical consumption. Virtualization provides server administrators with improved scalability, faster deployments, and reduced downtime, through technology such as point-in-time snapshots for rapid disaster recovery. SecuriGence engineers have vast experience with many on-premise virtualization platforms, such as VMware, Microsoft Hyper-V, and OpenStack. We also support cloud-hosted virtualization, such as Amazon Web Services (AWS) and are a registered AWS partner. SecuriGence led the first successful migration of an enterprise application to AWS GovCloud, which is accredited for federal government use.
Care and feeding—necessary for anything to survive, including your IT systems. Many of our senior staff, including leadership, are former systems administrators, so this is near and dear to our hearts. SecuriGence system administrators hold many of the most sought-after certifications in the industry, including Red Hat Certified Engineer (RHCE), Microsoft Certified Solutions Expert (MCSE) and NetApp Certified Implementation Engineer (NCIE). Our administrators have maintained a broad range of systems, from enterprise email solutions to database management systems, and rely their blend of technical knowledge and working experience to ensure systems are supported effectively and efficiently.
How useful is a home without any plumbing? Information systems, like homes, require pipes to keep data flowing. With the volumes of data in use today and our dependence on IT systems through the use of converged services such as VTC, VDI, and VoIP, very little functions without a properly designed, implemented, and maintained network infrastructure. Our network engineers implement smart processes and procedures, like vendor agnostic management tools, intelligent automation, and unified policy management. SecuriGence engineers have experience with both traditional physical technologies and also virtual networking, such as VMware vSwitching and AWS Virtual Private Cloud (VPC).
Network Operation Center (NOC)
The heart of any IT operation is the network operations center (NOC). NOC staff are the faithful sentries keeping a watch on network operations by monitoring systems for anomalies and ensuring that backups are completed successfully. Our NOC staff have experience utilizing tools such as Puppet, System Center Operations Manager (SCOM), NetBackup, and SnapManager to ensure availability and disaster recovery.
Mobile App Development
Could you live without your mobile apps? From weather to social media, apps provide invaluable services to everyday life. SecuriGence developers have coded custom mobile applications and frameworks from the ground up and also leveraged open-source and commercial technologies. Our apps have provided situational awareness enhancement for users, systems and users collaboration, remote sensing, and decision making support.
Geospatial Web Systems
How often do you use your GPS to get somewhere, even if you are familiar with the area? SecuriGence developers have produced web based solutions for operational planning, real-time collaboration and geo data visualization. We have performed integration with existing systems to exchange data in order to enhance user experience. Our developers have created custom synchronization capacities between mobile devices and web apps to exchange information.
Why type the same commands over and over…and over to accomplish the same task? SecuriGence coders have developed system automation for existing complex processes. We have developed automation for existing manual/semi manual processes to increase system effectiveness, reduce time used, and introduce error mitigation strategies.
Data Analysis, Integration, and Reporting
Big data—it’s awesome, right? Once you have the data, you need to extract value from it. SecuriGence coders have created data analysis tools to support decision making, create data forecasts and improve existing knowledge for data. We have developed integration between existing data sources to ingest complex data sets.
Remote Sensing Using Wearables
From smart watches to fitness bands, wearable tech is becoming the next big thing. SecuriGence developers have coded custom applications for wearable technologies to turn users into sensors for their operating environment. Our applications are seamless to the users with minimal user interaction as the goal.
Herding cats—this is a fairly accurate description of what it sometimes feels like, keeping us IT professionals focused on a project with defined scope and resources. Understanding IT project management, to include process of planning, organizing, and delineating responsibility for the completion of organizations’ specific IT goals, is one of SecuriGence’s strong capabilities.
We follow Project Management Institute (PMI) best practices, to include processes that are guided through the five stages: initiation, planning, executing, controlling, and closing. SecuriGence has skilled project professionals that are certified Project Management Professionals (PMP). We utilize modern management methodologies such as SCRUM for agile software development that involves teams in producing software products in 30-day sprints and monthly SCRUM sessions.
SecuriGence has a vast portfolio of projects managed and completed within the DOD and federal agencies. These include:
- DARPA BRAC of IT Infrastructure: SecuriGence personnel managed the relocation and build out of all DARPA Unclassified IT infrastructure. This included network, server, storage infrastructure, clients, and deployment of a new unified communications system (VOIP). The implementation and connection of an entire new environment that was live and running in parallel at the new location while transferring data transparently. The client relocation was logistically sound and moved over a weekend period, with no escalation of user issues, or ticket volume.
- VTC Bridge and Unified Communication Deployments: Gathered requirements, scheduled, tracked tasks, and costs for the installation of SIPRNet VOIPs and VTC Bridges within the DOD community.
- Network Deployments: Gathered requirements, developed technical implementation plans, statements of work, and cost proposals to provide level of estimates to the customer. During the implementation of these networks, SecuriGence Project Managers tracked progress, and costs, while submitting weekly status reports to the customers.