9 “Pieces” to Diminish Cyber Risk for Small Companies, Part II

This is a guest post by Stewart Wharton, TAPE VP of Operations.

Mr. Wharton is a cybersecurity expert, having spearheaded the cyber capability at TAPE and serving in a variety of cyber roles, including Defense and Intelligence Cyber Sector Lead, at KPMG and with the Office of the Chief of Naval Operations N6 as the Deputy Chief Information Officer for Information Assurance and Enterprise Architecture.

© ArturVerkhovetskiy – depositphotos.com

In Part I of this post, Stewart “Stu” Wharton explained that defining and communicating your company’s cyber risk management regime is central to your company’s overall cybersecurity strategy. He noted that even if you are outsourcing this task, corporate leadership must be aware of the risks. 

He has already discussed network security, user education and awareness, and malware prevention. In today’s post he will reveal the rest of his 9-piece plan to diminish cyber risk for small businesses.

4. Removable media controls. Make a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system. Removable media bring three main risks: 

Data security – Because removable media devices are typically small and easy to transport, they can easily be lost or stolen. In fact, every time you allow an employee to use a USB flash drive or other small storage device, your organization’s critical or sensitive information could fall into the wrong hands. What’s more, even if you encrypt your removable storage devices, you will not be able to recover lost files once the USB flash drive or other device is lost.

Malware – Simply put, when employees use removable media devices, they can unknowingly spread malware between devices. This is because malicious software can easily be installed on USB flash drives and other storage devices. In addition, it just takes one infected device to infiltrate your company’s entire network.

Media failure – Despite its low cost and convenience, removable media is inherently risky. This is because many devices have short life spans and can fail without warning. As such, if a device fails and your organization doesn’t have the files backed up, you could lose key files and data.

5. Secure configuration. Apply security patches and ensure to maintain the secure configuration of all systems. Create a system inventory and define a baseline build for all devices. Web server and application servers are two entry points for configuration vulnerabilities in your organization’s network. According to the Open Web Application Security Project® (OWASP), these security vulnerability types happen through:

Improper file and directory permissions

Unpatched security flaws in server software

Enabled or accessible administrative and debugging functions

Administrative accounts with default passwords

SSL certificates and encryption settings that are not properly configured.

6. Managing user privileges. Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs. How can you mitigate the risk of privileged account abuse? To tackle the threat of privileged users in accordance with industry best practices, you need the following:

Efficient privileged account management – Ensure that privileged users in your information technology environment have only the access rights they need to do their jobs.

Control over access to privileged user accounts – Protect your privileged accounts from unauthorized use with strong password management and techniques such as multi-factor authentication.

Privileged user monitoring – Gain visibility into the actions of privileged users to catch abuse or external attacks quickly and limit the damage. Simply letting users know that user activity monitoring is in place can also go a long way toward deterring misbehavior and even preventing accidental misuse, since users are likely to be more careful about their actions.

User behavior analytics – Identify the privileged users with the most suspicious behavior so you can respond in time by discovering and investigating anomalies in user behavior patterns.

7. Incident management. Most small business do not have the means to establish complex incident management processes. Some simple steps to take include:

Establish an incident response and disaster recovery capability 

Develop a simple communications plan to ensure to contact all stakeholders 

Make sure to include third party vendors as part of your plan

As part of your training of employees, test your incident management plans.  

8. Monitoring. Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. There are a variety of continuous monitoring software available both for on premise and in the cloud. Once you have the monitoring capability you can analyze logs for unusual activity that could indicate an attack. This may seem like overkill for a small company, but consider these eight reasons why small businesses should implement a network monitoring system:

Visually document your growing network 

Do more with less

Monitor from anywhere

Troubleshoot issues more easily

Plan for future growth 

Improve network security

Track trends without hours of data digging

Improve the bottom line

9. Home and mobile working. Especially with the advent of COVID-19, remote working is becoming more the norm than an exception. Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build to all devices. Protect data both in transit and at rest.

I hope these simple pieces will allow you to take the actions necessary to make your small business more secure. I will follow up with a piece on how small companies can achieve compliance with National Institute of Standards and Technology NIST 171 standards and the Department of Defense’s Cyber Maturity Model Certification (CMMC) process.


9 “Pieces” to Diminish Cyber Risk for Small Companies, Part I

This is a guest post by Stewart Wharton, TAPE VP of Operations.

Mr. Wharton is a cybersecurity expert, having spearheaded the cyber capability at TAPE and serving in a variety of cyber roles, including Defense and Intelligence Cyber Sector Lead, at KPMG and with the Office of the Chief of Naval Operations N6 as the Deputy Chief Information Officer for Information Assurance and Enterprise Architecture.

© pressmaster – depositphotos.com

Regardless of the type of small business, cyberattacks are virtually inevitable. While the bad news is that 81% of cyber-attacks happen to small and medium-sized businesses, the good news is that 97% of these attacks are preventable by implementing recommended security practices and raising security awareness among employees. 

Recognizing this fact, businesses across the globe are willing to spend more on cybersecurity that ever before. According to research firm Cybersecurity Ventures, the cost of cyber-crime will exceed $6 trillion worldwide this year.

Defining and communicating your company’s cyber risk management regime is central to your company’s overall cybersecurity strategy. To maximize the effectiveness of your regime, senior leadership must support efforts.

Many companies cannot afford a chief information officer or a chief information security officer to lead cybersecurity tasks and strategy. In many cases, companies may outsource information technology infrastructure with very little corporate oversight. Even in the case of outsourcing, corporate leadership must be aware of the risks. 

So where should a small company start? 

If you are a small company looking to solidify your cybersecurity posture, I’ve created a simple 9-piece approach for creating a cyber risk management regime. I use the term “piece” instead of “steps” because you can implement these strategies in almost any order. When implementing these pieces, assess the risks to your corporate information and systems with the same vigor you would for legal, regulatory, financial, or operational risks. 

Here are the 9 pieces:

  1. Network security. Protect your networks from attack. Defend the network perimeter and filter out unauthorized access and malicious content. Monitor and test security controls. To perform this step, you must know what operating systems and devices you have and ensure to keep up to date with the latest version and patching. Encrypt your data in transit and at rest and use strong passwords. 
  1. User education and awareness. Produce user security policies covering acceptable and secure use of your systems. Include in staff training. Maintain awareness of cyber risks. The Small Business Administration offers free online cyber awareness training
  1. Malware prevention. Produce relevant policies and establish anti-malware defenses across your organization. Some typical anti-malware practices include:
    1. Backing up or archiving business data is essential to recover from cyberattacks, theft of devices, or loss of equipment or media resulting from a flood or fire. Archiving data is also quite easy since the rise of cloud storage. Cloud storage is a simple, fast, and an affordable way to back up your data. Saving your data in the cloud means that your business is protected from certain serious cyber-attacks such as ransomware. Why is this so important for your business? A ransomware attack encrypts all your data and files, making them inaccessible to you. Cyber criminals will demand money in exchange for unlocking these files, ranging from $100 to $2,000 for each infected system. This form of extortion can be devastating on a small business when several or more computers are infected by ransomware. 
    2. Making your business data useless when it falls into the wrong hands is an effective protection strategy. You can do this by encrypting your data. Full-disk encryption software is available from all major computer and mobile operating systems to encrypt all the data you manage and make sure all your company devices have this software activated and updated. When you use data encryption, you must take measures to protect encryption keys from corruption, loss, and unauthorized access. You must also manage activities such as changing keys regularly, controlling and managing how to assign keys and to whom. Small businesses that do not have information technology staff with data encryption skills should consult with professional information technology services providers to identify and deploy their data encryption needs and solutions.  
    3. Conducting regular risk assessment involves identifying, analyzing, and evaluating risk and ensuring that you have picked appropriate cybersecurity controls to protect your business from cyberattacks. 
    4. Consider buying cybersecurity insurance. Cyber criminals work tirelessly to find more targets and breach different security defenses. They can harm any business, even the most security conscious. According to research conducted on data breaches in 2017, the global average cost of one data breach incident was $3.6 million. To mitigate the losses due to data breaches, it is imperative for businesses to invest in cyber-security insurance. 

Continue reading Part II of this post to learn Stu’s other cybersecurity tips.


Small Business Start-Up Infrastructure

© elenabs – depositphotos.com

What should a small business’s back office look like, and how should it function? I sat down with TAPE’s Executive Vice President/General Manager Ted Harrison and we put some thoughts together.

A small start-up business has evolving needs as they begin and grow their business. These needs are ever changing but here are just a few functional areas that will need some attention and thought from the beginning. 

IT: Information technology is probably an easy thing to keep simple in the beginning. Each employee should have their own email on a company domain name (e.g., tape-llc.com), and this can be set up fairly cheaply. 

You can implement a shared cloud-based suite for collaboration such as Google Drive or Apple iCloud. These solutions are often enough to support a very small business’s needs. You can also take advantage of the benefits of Microsoft Office 365, which can grow with you. 

As the company begins to grow and protection of IP against cyber threats becomes more important, you will want to look at investing in an IT network either through outsourcing or internal support. (CMMC is just around the corner!)

F&A: In the beginning, your finance and accounting needs can be managed through QuickBooks or other rudimentary finance software. 

When payroll and AP become more complex and the company requires bank capital to operate, management by a dedicated accountant will become necessary. 

Once the accounting department grows to several people, it will be time to consider oversight by a controller. Outsourcing this function may be most cost effective in the early stages as you grow. 

HR: The human resources function can be outsourced from the beginning, if needed, to ensure that all Federal and State regulations are satisfied. It is fairly inexpensive to outsource the recruiting function. 

Once requirements increase including payroll, recruiting, and employee relations, it may be beneficial to have an HR director to manage the function. 

Contracts: A small company can often rely on expertise from the SBA, PTACs or other small business support entities, but once contracts grow it will be beneficial to have a dedicated contracts manager to ensure compliance with FARs and DFARs.

Your small business’s infrastructure will grow and change as your business evolves. Pay attention to where you’re feeling stretched so you can get the right support in place well before it’s needed.


The Fish Still Don’t Jump in the Boat

John B. Moore

“The money is out there, but the fish won’t jump in the boat…just because you’re eligible to do business with the federal government, it doesn’t mean they’re going to start throwing money at you.” – Bill Jaffe, Nov 2011

Welcome back! And to our new friends, welcome! I feel honored to take over this blog where my friend, co-worker and partner-in-crime Bill Jaffe spent so much of his time over the past nine years.

It’s an exciting time for me personally to take over something as important as this blog, as a way to help out the small business and government contracting community as a whole. I’ve been a part of that community for one way or another for over 32 years as both an Army officer and as a government contractor.

So I find these contracting issues very important, and I’m dedicated to this blog’s cause of sharing information, resources, and experience. I plan on using the blog as a learning tool for others, and as a learning tool for me as we go through this journey together on the blog.

The goals of the blog will remain the same, which are to:

  • Raise awareness of small business issues in federal contracting
  • Give back to the federal small business contracting community
  • Give a voice to other small and mid-tier businesses and their advocates
  • Provide a resource for small business offices to provide to the companies they serve

Please feel free to contact or connect with me on LinkedIn. I welcome your requests for topics I can talk about on this blog, and I also welcome some of our long-standing partners to bring new topics that they’d like to discuss with our small business audience. And there are a lot of people who haven’t provided input in the past and I’d welcome that as well.

You can read more about me on the TAPE site. In the meantime, just know that I’ve worked with both small and large companies in the past, all government contractors, so I bring that mix of the large and small, seeing how both can work together to be successful. And working together is always the best solution, in my opinion.

John B. Moore Senior Vice President, Chief Growth Officer


TAPE Mourns Loss of Co-Founder Bill Jaffe

Bill Jaffe

Alexandria, Va. – With profound sadness, Technical and Project Engineering, LLC (TAPE) announces that Executive Vice President/Chief Growth Officer William “Bill” W. Jaffe passed away on August 31 at age 71. While his death was sudden and unexpected, Bill had been in ill health in the preceding months.

After a 25-year consulting, management, and executive career including stints at Marriott Corporation, Amtrak, CACI, and 8(a) contracting firms, Bill co-founded TAPE in 2003 shortly after marrying Louisa Long Cullem (now Louisa Jaffe).

While Bill wore many hats in helping to build TAPE into a respected government contracting firm, his true passion was business development, particularly putting together teams to pursue contracting opportunities. As many of his colleagues within TAPE and among our partner firms know, Bill rarely saw a contract opportunity that he did not think TAPE and the right team could successfully pursue, win, and execute. Bill had an infectious enthusiasm and work ethic, often perfecting proposals and holding meetings seven days per week and sending emails in the early morning hours. He was legendary for rarely saying “no” to a teammate’s request for support. True to form, Bill spent the weekend before his death supporting a quick-turn Army opportunity and was working into the afternoon of August 31.

With Louisa’s being a service-disabled veteran of the Women’s Army Corps and U.S. Army Reserve, Bill was also passionate about hiring veterans to allow them to continue their service to our country.

Bill had many hobbies and interests including a love of science fiction/fantasy. He enjoyed interacting with a broad community of board game players in the railroad genre. Additionally, Bill loved buying and selling games and books on eBay. He was a very fast reader and could consume an enormous amount of extracurricular reading each week.

As much as Bill loved government contracting, he cherished his roles as husband, father, and “Papa Bill” to his grandchildren. Bill is survived by his wife Louisa, daughter Karen, stepdaughters Jen (Zach) and Sarah (Tim), and step grandchildren Solomon, Max, and Claire. He also is survived by his brother Todd and sisters Maralyn and Lynn. He is predeceased by his son Bill Sydney Jaffe.

The TAPE Family feels the loss of Bill keenly.

Bill’s family created this Life Tributes page at https://www.jeffersonfuneralchapel.com/obituaries/William-Jaffe/#!/TributeWall to make it easy to share your condolences and memories.

TAPE is a CVE-Verified SDVOSB/8(m) Economically Disadvantaged Woman-Owned Small Business with ISO 9001:2015 certification. The company helps keep the nation safe and strong by providing technology services, training and readiness solutions, and management consulting to the Federal Government.

Media Contact: Anthony Critelli
Email: Marketing@tape-llc.com
Telephone: (703) 924-6548
www.TAPE-LLC.com


Highlights From NCMA World Congress 2019

© Elf+11 – depositphotos.com

Nearly 20,000 members strong, the National Contract Management Association (NCMA) is the world’s leading resource for professionals in the contract management field.

Each year NCMA holds their annual World Congress which is the nation’s premier training event for contract management, procurement, and acquisition professionals. Participants from both government and industry backgrounds gather to learn about critical issues challenging our industry.

This year’s World Congress was from 28-31 July 2019, when more than 2,500 contract management professionals from across the federal government, state and local government, private industry and education gathered in Boston, MA. This year’s theme was, “Shaping Acquisition: Modern, Adaptive, Connected.”

An engaging list of main stage speakers included Suzanne Vautrinot, president of Kilovolt Consulting Inc., who spoke about balancing risk with opportunity, as well as a Workforce Challenges panel consisting of several key acquisition leaders in the federal government. They offered their thoughts on innovative ways to make today’s workforce more flexible and nimbler and the use of enabling technologies such as AI and “workforce bots.”

Other mainstage sessions included a panel discussion on managing change and some of the emerging challenges facing government acquisition and a keynote by Stacy Cummings, Principle Deputy Assistant Secretary of Defense, Acquisition Enabler, US Dept of Defense. She emphasized the ultimate goal of DoD to modernize its acquisition process and introduced attendees to the Adaptive Acquisition Framework, a flexible acquisition process that is tailorable based on the operational need to have capability delivered.

A new innovation was the use of “Exchange Sessions,” which were informal discussions led by a moderator to focus in on a topic of interest to attendees. These exchange sessions were set in groups of 10-20 and allowed participants to share best practices and ask questions of each other regarding how to overcome a variety of acquisition challenges.

While the conference provided an opportunity to network and learn there was also an opportunity to celebrate NCMA’s 60th anniversary at the Boston Institute of Contemporary Art with live music, dinner and an extraordinary view across Boston Harbor.

TAPE LLC’s SVP and Chief Operating Officer Ted Harrison moderated a panel at this year’s event entitled, “What do the 809 Panel Recommendations Mean for Small Business?” The Section 809 Panel has made several recommendations aimed at refocusing DOD’s small business program. While many have extolled the bold recommendations that would allow the government to purchase “readily available” items more like the purchasing department in private industry, still others have sounded the clarion call to stop what some perceive as the destruction of the DOD small business programs. This panel sought to find the truth in a discussion with representatives from the 809 Panel, DOD small business, and industry.

TAPE actively supports NCMA in several ways. TAPE COO Ted Harrison is a Board Director on NCMA’s National Board and TAPE CEO Louisa Jaffe is on NCMA’s Board of Advisors and has supported NCMA for many years. As well, Ted Harrison was the event chair for the annual Government Contract Management Symposium in December 2018 in Washington, DC.

You can read more about the event on the NCMA event page, or check out what’s planned for World Congress 2020.


How to Build a Game – The Serious Game Design Workshop at I/ITSEC 2017

© nhongf22 – Fotolia.com

This is a guest post by TAPE’s Information Systems Analyst Jeff Long.

The Serious Game Design Workshop occurred on the last day of the Interservice/Industry Training, Simulation and Education Conference (I/ITSEC), an annual five-day convention held in Orlando, Florida. The TAPE group in attendance included Business Analyst Walt Long, CEO and President Louisa Jaffe, and our PM TRASYS contract team.

The I/ITSEC showroom floor had closed when we walked into the workshop and were greeted by our two instructors for the day: Peter Smith, an assistant professor of game design at the University of Central Florida, and Vance Souders, founder of Plas.md, a creative studio focused on developing innovative immersive solutions for health, wellness and education for DoD, government, and commercial entities.

This was an excellent experience that I think didn’t got the attention it deserved. I believe everyone from beginners to advanced would benefit from this high-level overview about making a “serious” learning game (definition below). The entire course was done with pen and paper, with no programming required.

One engineer at our table commented that it was great to see non-game designers interested in the inner workings of what can be a complicated process to understand. “We don’t see enough manager types in these classes but I noticed we have a great mix today.”

So what is a serious game? A serious or applied game is a game designed for a primary purpose other than pure entertainment, typically for training.

We began with a high-view concept of what kind of planning and stages it takes to make a simple serious game. Then we were split into various groups, taking on roles related to instruction (instructional designers, trainers, and instructors), game (game designers, game developers, and producers), subject matter experts (who might have experience with procedures/tactics/equipment regarding a profession, or other processes to be used as curriculum within a game), and technical/management (software developers, managers, and artists). Each participant chose a role and we acted in that role over a series of 15 exercises throughout the day.

Analysis

Our first task was in the realm of analysis. Before we could make a game we had to ask ourselves a few questions: What purpose does it serve and who would be the audience? What’s our game concept? What are our learning objectives? What are we assessing? These great questions helped focus our plan of attack. Without knowing these basics it would have been easy to go off the rails. Each group collaborated to answer these questions and develop the initial idea of what their serious game could be.

Core Design

Next we moved on to core design. Here we would take our assessments and begin to develop a story, one that was relevant to the interest of the audience we identified during the analysis. The next step was to figure out how we would take the learning objective and teach our audience the required skills.

This is where a creative mind can go just about anywhere. In general gaming there is almost an infinite number of genres, with new ideas showing up daily. My four favorites are role-playing games (RPG), real-time strategy (RTS), first-person shooters (FPS), and virtual reality (VR). A quick Google search of any of those terms will reveal countless games to find inspiration for your game.

Finally, we asked this very important question: What shouldn’t be in our game? It’s easy to lose yourself in a wish list of features, but each feature will need to be created and with limited resources having too large of a scope can run your project over budget and behind on development time. Having an ambitious project is great, but don’t go overboard, especially if it’s your first rodeo. Distilling your ideas so not to overburden the player will result in a better gaming experience.

Experience Design

Here we started with a small discussion about common pitfalls. The instructors provided a helpful overview of the concept of design patterns. This is about establishing reusable systems so people don’t end up reinventing the wheel. (See this excerpt from Robert Nystrom’s Game Programming Patterns for more on the concept of design patterns.) Using these wherever possible will help ensure that your game design is easier for your team to create, understand and implement.

In experience design, we explicitly define and iteratively refine each of these learning game elements: goals, control, actions, assessment, guidance, and feedback. Each of these concepts help the player understand and move through your serious game.

Revise

In this stage we did a mental walkthrough of the game from the player’s perspective. We wanted to identify issues that the player could experience, such as edge-cases, poor performers, “gaming the game,” or bored players. You want to be a devil’s advocate to find anything that breaks immersion, flow, or buy-in.

Finally, we tried throwing a wrench into the works like what might happen when real life intervenes, like what happens when a customer doesn’t think the game is fun, or wants to go deeper? Or when students don’t like the game or it isn’t producing the desired learning outcomes? What if it takes too long to play? Or your budget is reduced or money runs out before you finish creating the game? What if the players aren’t taking the game seriously?

Any of these problems have the potential to tank the entire project. While we can’t predict or avoid every problem, we can imagine these situations and try to have a plan when possible.

I personally hope they bring this workshop back and that we see a larger group there for 2018. If you are interested in making a serious game, this workshop was designed around a book called Design and Development of Training Games Practical Guidelines from a Multidisciplinary Perspective, edited by Talib S. Hussain and Susan L. Coleman. If they don’t have another workshop in 2018 or you can’t make it to I/ITSEC, this book might be for you.

Good luck and have fun!
Jeffrey Long


Team TAPE and Operation Blended Warrior at I/ITSEC 2017

© Aleksey Dmetsov – Fotolia.com

This is a guest post by Walt Long, Business Analyst at TAPE, LLC.

In this post we’ll continue our recap of the 2017 Interservice/Industry Training, Simulation and Education Conference (I/ITSEC), in Orlando, Florida, the world’s largest modeling, simulation, and training conference.

While we were there, we visited Marines conducting a training exercise as part of the 2017 Operation Blended Warrior (OBW), a yearlong collaborative, live-virtual-constructive (LVC) planning and execution event that culminates during I/ITSEC with the purpose of uncovering and documenting the challenges in the rapid development and integration of diverse simulation systems and components.

We’re proud that this work was supported by our Orlando TAPE office in Research Park. There, we provide contracted subject matter experts to support the Program Manager Training Systems (PM TRASYS) program office. In this specific case, we provided analysts who supported the set up, execution, and breakdown of the OBW demonstration at I/ITSEC.

In a video for I/ITSEC TV, OBW Manager Kent Gritton discussed the need for this type of event:

“There are multiple ways of doing training: you can do it live where you actually jump into your aircraft and go fly with your actual system itself; you can do it virtually, where you are in a simulator actually controlling the event – it’s a man-controlled event; or you can do it in constructive where it’s a computer controlled event.

Each of those capabilities are used for certain objectives in the training world. With the richness that [an LVC event] can provide by blending all these three together we have a better training environment for whatever we want to accomplish. Plus we have some warfare capabilities now that cannot be trained solely within the live realm and so it’s a necessity to go ahead and bring that virtual and constructive into the live domain so that we can train all of the capabilities of the new warfare platforms.”

Team TAPE devoted extensive time and effort over these many months in setting up the network infrastructure, developing the scenarios, and coordinating with multiple government and industry participants to execute the four-day Ground Scenario portion of OBW. Team TAPE’s professional presentation of the ground operations set a high mark of achievement and received many accolades from senior government and industry personnel.

Carlos Cuevas, project manager of Orlando team, shared the support team’s highlights from the training event:

• Operation Blended Warrior (OBW) is a unique forum to assist military services, industry and academia in meeting tough challenges associated with live-virtual-constructive simulation environments. I/ITSEC 2017 was an overwhelming success. PMTRASYS/TEAM TAPE were among the 38 government and industry organizations that participated.

• Team TAPE PTSS support to I/ITSEC/OBW was comprised of extensive coordination prior to IITSEC commencing. This included, but was not limited to loading specific software on designated laptops and creating and rehearsing scenarios in Virtual Battle Space (VBS), and working directly with the Reserve Detachment; these Marines would serve as the actual operators for the OBW demo.

• Upon I/ITSEC start, Team TAPE personnel participated in the setup of the TRASYS booth and assisted in booth duties as required throughout the week. During this time, several OBW scenarios or “vignettes” were executed; this required communication, coordination with other entities participating, as well as any last minute troubleshooting.

• At the conclusion of I/ITSEC, Team TAPE personnel assisted with the teardown of the booth, and return/accountability of the equipment utilized. Additionally, all provided detailed after-action report comments.

In the final post in this series, TAPE’s Information Systems Analyst Jeff Long will share his notes from the I/ITSEC Build a Game workshop.


VR & Game Technology Showcased at I/ITSEC 2017

© Sergey Nivens – Fotolia.com

This is a guest post by Walt Long, Business Analyst at TAPE, LLC.

In Fall 2017, I joined TAPE’s Information Systems Analyst Jeff Long, and CEO and President Louisa Jaffe Louisa Jaffe, as well as several others, for the Interservice/Industry Training, Simulation and Education Conference (I/ITSEC), an annual five-day convention held in Orlando, Florida. Orlando has many good facilities for large conventions and the nearby University of Central Florida (UCF) plays a major role in modeling and simulation research as well as implementation for the US Military.

From the official I/ITSEC webpage: “I/ITSEC is the world’s largest modeling, simulation, and training conference. Held near the beginning of December in Orlando, Florida, USA, I/ITSEC consists of peer-reviewed paper presentations, tutorials, special events, professional workshops, a commercial exhibit hall, a serious games competition, and STEM events for teachers and secondary students.

I/ITSEC is organized by the National Training and Simulation Association (NTSA), which promotes international and interdisciplinary cooperation within the fields of modeling and simulation (M&S), training, education, analysis, and related disciplines at this annual meeting. The NTSA is an affiliate subsidiary of the National Defense Industrial Association (NDIA). Hence, I/ITSEC also emphasizes themes related to defense and security.”

Having attended the previous year’s conference, I saw that there were some interesting evolutions happening on different fronts. In the few booths I visited where I experienced virtual reality (VR) thru a VR headset/goggles, I was able to see that VR comes a little further every year in sophistication.

Once you get past the fear of how you look to others who are outside of your virtual world, it is pretty amazing to put on VR goggles and really experience how real everything looks that you are seeing in the virtual world. You can usually look in any direction and see detail that stretches out quite a ways. It’s always fun to see what folks come up with each year in the way of virtual landscapes.

The other type of software that impressed me was a set of learning games in the Serious Games Showcase & Challenge section, as described on the I/ITSEC website: “The Serious Games Showcase & Challenge (SGS&C) celebrates the use of games and game technology as a delivery medium for instructional material. The Challenge is divided into categories: Business, Government, Student, Mobile, and Special Emphasis. After a rigorous evaluation, the top entries from all received are selected as finalists and invited to Showcase their Games on the exhibit floor during I/ITSEC.”

These game products were specifically designed to put the user into a workplace setting where they faced other people in difficult situations and needed to make tough decisions in managing those people as well as other resources. The games introduced levels of stress in terms including people that were difficult to deal with and/or a stressful fast-paced office environment with many choices needing to be made in a relatively short period of time while navigating one-on-one conversations, phone calls, and subordinates requesting direction.

Unlike other sections of the I/ITSEC showroom floor, some of these games had nothing to do with combat or even in some cases the military. One was about how to deal with a white collar office environment and make choices about email content and how to manage a piece of work.

Another game was designed for veterans’ hospital staff, on how to speak to ill and sometimes poorly informed veteran patients about their treatment and expectations of what healing they might be able to accomplish in partnership with VA staff.

In subsequent posts we’ll highlight how TEAM TAPE in Orlando, Florida had their work showcased at I/ITSEC, and Jeff Long will share notes from the Build a Game workshop.


We Need to Blur the Line Between Education and Training: Former TRADOC Commanding General David G. Perkins

© United States Army Training and Doctrine Command – tradoc.army.mil

We’ve been highlighting ideas from the keynote speech of retired Four-Star General David G. Perkins, former Commanding General of the U. S. Army Training and Doctrine Command (TRADOC) at the Interservice/Industry Training, Simulation and Education Conference in Orlando, Florida in November 2017.

In Parts 1 and 2, we recounted General Perkins’ three aspects of training that require innovation from industry. In this third and final post, we will present his ideas about the differences (and similarities) between education and training.

General Perkins stated that we have to redefine the idea of “education versus training.” He went on to describe that during a recent combined arms field training exercise, an Army major approached him with the question, “Are you educating us or training us?” In other words, the major understood education as learning concepts at a high level of thinking, while he understood training as learning potential courses of action to apply to real life. General Perkins indicated that as a commander, his greatest need was to strive to blur the line between education and training. He wants to see the two concepts combined into one practice.

General Perkins discovered that soldiers want to be trained, which in their understanding, often means they WANT to be told what to do and how to do it. He believes that trainees often do not believe that they need critical thinking (thought of as part of education) because they mistakenly feel that this will not prepare them for the “real world,” where they face the unknown. In actuality, General Perkins thinks education, and the critical thinking that comes from it, better prepares us for the unknown. He suggests incorporating critical thinking, decision making, and leadership into training events, even virtual and constructive ones.

General Perkins believes the Army must adapt future Programs of Instruction to a changing world. His question is, “How do we bring that changing perspective into the educational domain?” He added that the military cannot tie itself to only one domain; training must incorporate all the domains: land, air, sea, space and cyber.

General Perkins explained, “A lot of times as I was growing up in the Army, we would have a training strategy with various gates and sometimes some of our simulations and training aids and devices weren’t all that great. But it would be put in the strategy like, ‘You have to do this first, then you have to do this, and you have to do this.’ And it may not have actually been a particularly useful tool for getting at what you want to get at, but it was a requirement. You can’t do this until you get to this, and so it was a little bit of a check the block.”

Ultimately, General Perkins advocated for “command, training, and student (training, education and the art of command)” to come together so that training is an integral part of command and not something different or extra. He wants to see not just industry change their technology ideas, but for the Army culture to change regard training as integral with command and operations. His challenge to industry is to help the Army make this happen.


css.php