This is a guest post from Tonya Buckner of BucknerMT Management & Technology, Inc.
“I am convinced that there are only two types of companies: those that have been hacked and those that will be.” – Former FBI Director Robert Mueller
The City of Atlanta, Amazon, BlueCross BlueShield, Disney, Equifax, Home Depot, Microsoft, Sony, Target, and Yahoo. What do all these companies have in common? These are large organizations with massive infrastructure. If it can happen to them, it can definitely happen to you. Small businesses are the heart of the US economy and yet we are some of the most vulnerable to the threat of cyber attacks.
Cyber-attacks are growing every day, from influencing major elections to crippling businesses overnight. Consider these statistics:
- There is a hacker attack every 39 seconds, affecting one in three Americans each year
- 64% of companies have experienced web-based attacks
- 62% experienced phishing & social engineering attacks
- 59% of companies experienced malicious code and botnets and 51% experienced denial of service attacks
- The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected
- In 2017, 61% of small businesses experienced cyber-attacks
- 60% of all small businesses go out of business within six months of experiencing a cyber-attack
(Source: Verizon Data Breach Report)
Most disturbingly, the same report found that 90% of small businesses do not use any data protection to secure their company and customer information.
As small business owners, we often find ourselves “laptop road warriors,” working in our cars, at Starbucks, on a plane, in a restaurant, or in a hotel room, just to name a few. Yet these environments are playgrounds for cyber attackers. Public Wi-Fi systems are unsecure and a gateway for hackers to access your system and steal your information. By using them you are exposing yourself to the world.
It is important to take proactive steps to combat cyber attacks to protect your company and your customers’ information, as well as to avoid excessive financial cost. It is critical that you do not underestimate the effect cyber warfare can have on your business.
Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access, ensuring the integrity, confidentiality and availability of information. It represents the ability to defend against and recover from attacks by adversaries.
The first step to cybersecurity is to assess the current vulnerability of your organization. It is equally important to understand the cyber risks as your business grows, adding new technologies or functions. Once you understand the risks associated with your organization, you can better protect it from theft. Potential risks include:
- Outdated and/or unlicensed hardware and software
- Ineffective/nonexistent policies
- Ineffective/nonexistent procedures
- Lazy oversight/lack of training
- Loose enforcement
In a follow up post, we’ll look at the most important elements of your small business’s cybersecurity plan.
BucknerMT Management & Technology, Inc. (BucknerMT, Inc.) is a verified service-disabled veteran-owned small business (SDVOSB) and woman-owned small business (WOSB). Since 2007, they have supported the Department of Defense (DoD), Defense Information Systems Agency (DISA) by providing engineering, integration, and sustainment solutions to protect its critical military infrastructure, platforms and data. Department of Defense is the highest level of cyber protection.
While we at TAPE provide services, other companies provide products, or a combination of the two. In terms of federal contracting, commercial items are all the things that are stuff, for example office supplies like pencils and paper clips.
What Sec. 846 of NDAA 2018 is trying to do is establish Amazon-like online portals where contracting officers and authorized people can simply go online and order their products and commercial items.
That would replace the current process, which in many cases is ordering these supplies off GSA schedules, and will make it easier and more efficient for government buyers to do their job. The problem is whether this takes away opportunities for competition. How do you regulate all of these things?
There is still work to be done to determine who is included in the portal, how search results are delivered, what kind of e-commerce portal do you create, and how this relates to the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS).
Until we figure out these things, I don’t think this portal will happen immediately. There doesn’t seem to be a rush to implement this, and this might be partially because GSA sees this as a competitor to their own portal. But I also don’t think we’ll be waiting too long.
We’ve been taking a closer look at some of the most relevant changes to the 2018 National Defense Authorization Act (NDAA), which includes several provisions designed to reduce the number of protests.
According to the U.S. Government Accountability Office (GAO), “federal agencies are required to award government contracts in accordance with numerous acquisition laws and regulations. If a party interested in a government contract believes that an agency has violated procurement law or regulation in a solicitation for goods or services, or in the award of a contract, it may file a bid protest with our Office.”
With contracting dollars being so tight over the last 10 years, every loss was a big deal, and large losses in particular resulted in long and involved protests. This led to us seeing more and more contracts being protested, which is creating a lot of problems.
So there are a number of things that this provision attempts to do, including to increase the amount of information flow in the debriefing (see: how to take full advantage of a debriefing).
That’s a double-edged sword for both the government and the contractor. On the one hand, it will help bidders better understand the decisions and help them shape future proposals for more success.
For example, they will now allow businesses pursuing contracts of $100 million or greater to see a redacted version of the source selection decision document. This is the recommendation document that goes to the source selection authority (SSA) – the panel that decides who to select among the bids – and is an incredible source of information. Small businesses may request the same disclosure for contracts valued at $10 million or more.
On the other side, these changes will produce a lot more documentation and paper trails, and sometimes when a contractor learns more about a decision, it actually increases the possibility of protest.
Another potential down side is a potential pilot program of charging protesters if they’re unsuccessful when a protest is made and denied. This compensates for the fact that the government has to spend money to defend the protest.
That means you’ll have to really think twice because there is the potential to incur hard costs (where before it was just your legal fees).
The hope in all of this is to get rid of frivolous protests that are only meant to extend existing contracts. Unfortunately, some incumbents who are about to be replaced start a protest knowing that for the 4-6 months while it’s in process, they can still be performing and collecting their money. While the protest is going on the government is prohibited to hire the new company. This is an unfair practice and definitely needs to stop. Time will tell if these changes are successful in doing that.
Simplified acquisition is “a contracting method which seeks to reduce the amount of work the government must undertake to evaluate an offer. Because source selection is less arduous under simplified acquisition, the dollar value of contracts allowable under simplified acquisition …is capped.” (Georgia Tech Contracting Education Academy.)
In the NDAA 2018, this simplified acquisition threshold increased from $100,000 to $250,000, in order to expand opportunities and increase participation of small and disadvantaged businesses – service-disabled, women-owned, small, and small disadvantaged (what used to be known as 8(a)).
What that means is that contracts valued up to $250,000 – a pretty fair amount to most small businesses – don’t have a justification and authorization requirement (known as a J&A). The government contracting officer can just issue a purchase order to the small business.
The Truthful Cost or Pricing Act (TINA) (previously known as the Truth in Negotiations Act) was instituted to protect government agencies from unfair pricing practices by contractors. NDAA 2018 also bumps up the threshold for which contracts need this particular oversight – from $750,000 to $2 million. From a government standpoint, this means fewer regulations associated with a larger pool of contract dollars.
As we head into the year-end federal purchasing blitz, everybody just got their budgets and they have to spend all of their money by September 30th. These changes give small business contractors important opportunities to get bigger amounts of money in sole sourcing.
This is a guest post by Katie Bilek of Republic Capital Access.
Small businesses face a unique set of financial challenges as federal government procurement has evolved over the past few years. Here are some recent trends that stress small businesses:
Awards too large for a company’s financial wherewithal
The nature of the federal contracting environment has led to many out-sized contract awards to small businesses. It’s not uncommon for us to see a contractor win work that is at least 3 to 4 times the size of their existing portfolio of contracts. In many cases, this may be the result of desired efficiency, where a contracting officer chooses to merge multiple legacy contracts into a single vehicle.
More frequently, contracts are “flipped” from full and open to a small business preference (such as HUBzone, SDVOSB, etc.) to achieve set-aside goals, introducing the potential awardee to what was previously a large business task, most likely at the high end of their NAICS ceiling. It is important to have a financial institution that is prepared to triple or quadruple the size of your existing financing upon contract award.
Cost of pursuing indefinite delivery, indefinite quantity (IDIQ) and blanket purchase agreement (BPA) contracts
While multi-billion (or trillion) dollar contract ceilings sound enviable for any small business owner, IDIQ/GWAC and BPA contracts are merely a license to hunt. We have seen many small businesses expend nearly all of their resources and cash reserves to win large IDIQ contracts. When they finally pursue task orders and hire key personnel in advance of execution, many lack the capital to perform the work.
Focus on cash flow projections and choose a financial partner who can provide financing based upon the creditworthiness of your government customer and contract, not your balance sheet.
Requirement to have financing in place in order to be compliant with bid
We have seen increasing scrutiny on the part of contracting officers to make sure small businesses can demonstrate financial capability to execute the contract in compliance with the FAR.
Many solicitations now require a financial capability letter from a financing institution citing the solicitation, description and a financing facility equal to at least three months’ worth of billings in. Your financial partner should be able to provide this commitment letter at no cost for future contract awards.
Challenges related to financing joint ventures
Unpopulated joint ventures are a popular teaming vehicle, yet the unpopulated joint venture structure itself often struggles to qualify for stand-alone financing without significant capital contributions or guarantees from its participating partners. Even when the JV partners maintain their own bank lines of credit independent from the JV, those banks are often unwilling to extend credit to the JV as an external entity.
Find a financial partner who will underwrite the unpopulated joint venture without requiring capital contributions from either party. This is done via non-recourse receivables financing.
Surges and volatility of product procurements
For value-added resellers, the federal fiscal year-end results in the lion’s share of revenue. For our small business friends holding NASA SEWP, CIO-CS and other contract vehicles, a combination of receivable and vendor financing is critical to executing large product orders.
While vendor credit programs can be affordable sources of financing, not all small business balance sheets can support 8-figure product orders on vendor credit alone; the non-recourse sale of receivables to pay vendors and manufacturers completes the financing package that allows resellers to execute during peak seasonal times. Choose a financial partner with a vendor financing solution with adequate availability for your largest product orders.
Loan sharks in sheep’s clothing
The prevalence of online, financial technology (FinTech) loans is startling. These fast money products are basically like an electronic version of payday loans for businesses, usually priced well above 30%.
They dress their virtual storefronts up in any manner of ways: the jeans-and-t-shirt, San Francisco techies; the self-proclaimed veteran lovers invoking images of patriotism, the Buy by Midnight! used car salesmen and the not-so-subtle cash advance lenders.
All of these lenders hawk financial products that are priced higher than most small business government contractor margins can support. Beware of online lenders, and always read the fine print; even if they tell you “It’s only 9%!” share the proposal with a banker who can shed light on the real math.
Republic Capital Access (RCA) is a specialty finance company for government contractors. RCA’s product offering includes non-recourse receivables financing, unbilled (mobilization) financing, financial commitment letters, joint venture financing, term loans and more. Katie Bilek currently serves as senior vice president of Republic Capital Access. She is also co-founder of govmates and board member of the National Veteran Small Business Coalition. Katie lives in Alexandria with her husband Beau and son Jackson.
In some cases, you can give yourself an advantage by bringing your own customer or prospective customer to the table and setting yourself up to win. But what if you didn’t bring the customer? Is it still worth trying? It depends.
When it comes to multiple-award IDIQ contracts, the more detailed the proposal evaluation criteria and proposal instructions, the better – but only when you’ve worked with the customer to correspond those details to your company’s specific past performance. Otherwise, you could be putting yourself in competition with someone who did. Here are two specific clues that that’s the case:
- Key resumes – the more key resumes that there are, and the more detailed the resume requirements, the faster you should run away. If they’re specifying 10 or more key people and they have extensive requirements for what those key people need to have, you’re never going to win. Even if you were to find matching people, they’re not THE people that the customer wants. They wrote the requirements that way because they want a specific set of people.
- Past performance – similarly, if the proposal criteria include a whole host of technical systems and functions that you’re supposed to have done, it means the customer already has somebody in mind who has all those requirements.
So if you’re deciding whether or not to bid on a proposal for a customer you didn’t bring to the table, measure carefully against these two factors before making your choice.
Something else you might want to avoid when you’re considering potential multiple-award IDIQ proposals are LPTA (“lowest-price technically acceptable”) jobs. Most people who are successful at bidding on LPTA jobs have very, very low indirect rates. It is highly unlikely that you’re going to beat them at their game and still manage to keep your good people and your reputation with those people; and run your business successfully the way you want to run it; with the culture that you want to foster in your business.
At TAPE, we rarely if ever bid on LPTA jobs. The expectation is that you’re going to deliver the same qualified staff at a dramatically lower rate and we just don’t think we can do it, nor do we want do. It’s not the kind of culture we want to run.
So unless you brought the customer to the table and you’re fairly sure you’re the only one who can win, be very careful before choosing to bid on a multiple-award IDIQ task order.
Even when you win a multiple-award IDIQ contract, there is no actual guaranteed work. You still need to find customers who will award the work to you.
There are two situations where it’s easier to make sure you’re the only one who can win. The first is if there is a customer you’ve previously worked with, and the second is if you’ve done all the upfront work with a new customer who is ready and wants to buy from you.
In either case, when you are bringing a customer to the table in a multiple-award IDIQ you want to make it easy for them to choose you over the other companies in the mix, by advising them as they create their proposal instructions and proposal evaluation criteria.
The more detailed their criteria – and that those details are based on your actual experience – the more likely you will be able to eliminate the companies who don’t have the same exact requirements you have specified.
Aim to have the customer include these details:
- The key people who will be involved in the work, along with their specific technical skills and the functions they perform
- A requirement that these key people are current employees of the company
- A performance work statement (PWS) and statement of work (SOW) that correspond closely to your company’s actual past performance
If you are successful in guiding the prospective customer to base their proposal evaluation criteria on these details, your own proposal will send a strong message that you are ready for this contract.
Will you have an unfair advantage? Certainly! The point is, if you’re going to try to make it so nobody else can win, you’d better be sure no one else can win. This is not about being fair; if you want to be fair, then you’re not going to do any of these things and you’re going to have more competition.
This is a guest post by Eileen Kent, The Federal Sales Sherpa.
1. Reach out to a Procurement Technical Assistance Center who can help your connection register with the federal government – it’s free, and SAM.gov is the site. If you want to learn more about it, listen to this episode of my blog talk radio show. It’s not rocket science – but it’s the first step a company needs to take first before approaching anyone in the federal government.
2. Find basic training if you’re dabbling in the market and doing it yourself. For a small investment (often under $100 and sometimes free), attend a few SBA-sponsored local events or PTAC-sponsored local events, or listen to some of my connections’ webcasts, podcasts, and webinars (including The Federal Sales Sherpa Show).
3. If you’re serious about this market, purchase one-on-one training from federal sales experts who have “been there/done that” – and can customize the material for your business and your services. This is only for those wanting to stand up a team member – or hit the ground running. It’s refreshing and time saving to hear a non-government sponsored training – because an expert giving you the training will tell you the realities of what it truly takes to win federal contracts.
My training is called, “The Federal Sales Game-How to Play to WIN!” but others have something similar. You and your team need to learn the difference between the goals of the contracting officer and your customer on the inside – the END USER – who will need what you sell. You need to find and capture their attention, imagination, pain, needs, and perceived solutions. You also need training on clearly understanding contracting vehicles. What is a GSA Schedule, IDIQ, BPA, GWAC? What are set asides, 8(a), SDVOSB, HUBZone, EDWOSBs? Know the difference and understand the power of having these contract “bridges” or partnering with someone who does.
4. Build a strong capabilities statement, with provable, quantifiable best values. Follow this document up with several past performance/case studies ready to present in a capabilities briefing, stand-up field meeting, or webinar.
5. Perform a competitive analysis of the data, which is available at your fingertips WITHOUT BUYING A SUBSCRIPTION. Know how to use all the tools available to you that can uncover which agency buys what you sell, from whom and with what contract vehicle, so you know who to approach, what to say and how to differentiate yourself from their current provider.
Only buy a subscription when you understand the data you’re looking at and you plan to DO something with the intel uncovered. One client of mine just got a renewal for a subscription which is $20k a year now for them. Stop the madness! Wrap your head around the intel and stop living in it. It’s time to take that intel and DO something with it, such as make decisions about which contract vehicles (like GSA, Seaport-e, GWACS and such) to keep and which to drop.
6. Build a federal sales action plan focused around the 3-5 agencies who buy what you sell. Stop stumbling around the public bid sites and randomly bidding on contracts you think are “perfect for us.” Start developing relationships and finding the end users and program managers making decisions about purchasing like-products/services as yours and execute that plan.
What do I mean by execute? Simple. Call. Email. Ask for directions. Call again. Email. Email. Call. Email. Visit. Present. Follow up. Call again. Check in. Follow through. Ask for referrals. Email., Call. Share an article or a whitepaper. Call again, and again, and again. Develop comfortable relationships with federal clients who start to share with you what’s really happening, and whether or not they need you now or later. If they don’t need you now, who would they call on if they were you? This is a long-term process of relationship building and you can’t hire a 100% commission sales person or a consultant to do it for you. This needs to be someone who is involved with your company – invested. You need the A-Team out front. Customers don’t want to talk to someone who represents you – they want to talk to YOU.
7. Train your team on proposal writing and have a standby proposal consultant ready to help if you have a sudden need to respond to an RFP/RFQ. But understand the process so you don’t waste a dime on misunderstandings between you and your proposal team. You need to have a strong bid/no bid process so you don’t waste a minute on a loser. You need to understand win themes, evaluation criteria, the past performance you need to submit which fits the opportunity perfectly, the technical, and more. If you don’t, get training and find a strong proposal team. Put this statement on your wall: We Only Write Winning Proposals.
About the author: Eileen Kent is The Federal Sales Sherpa and helps companies one-on-one with training on the federal sales game, a deep dive competitive analysis on who buys what you sell from whom and with what contract vehicles and then she builds you a custom federal sales action. If you’re serious about this marketplace and ready to hit the ground running, contact Kent at 312-636-5381.
We Need to Blur the Line Between Education and Training: Former TRADOC Commanding General David G. PerkinsPosted: March 28, 2018
We’ve been highlighting ideas from the keynote speech of retired Four-Star General David G. Perkins, former Commanding General of the U. S. Army Training and Doctrine Command (TRADOC) at the Interservice/Industry Training, Simulation and Education Conference in Orlando, Florida in November 2017.
In Parts 1 and 2, we recounted General Perkins’ three aspects of training that require innovation from industry. In this third and final post, we will present his ideas about the differences (and similarities) between education and training.
General Perkins stated that we have to redefine the idea of “education versus training.” He went on to describe that during a recent combined arms field training exercise, an Army major approached him with the question, “Are you educating us or training us?” In other words, the major understood education as learning concepts at a high level of thinking, while he understood training as learning potential courses of action to apply to real life. General Perkins indicated that as a commander, his greatest need was to strive to blur the line between education and training. He wants to see the two concepts combined into one practice.
General Perkins discovered that soldiers want to be trained, which in their understanding, often means they WANT to be told what to do and how to do it. He believes that trainees often do not believe that they need critical thinking (thought of as part of education) because they mistakenly feel that this will not prepare them for the “real world,” where they face the unknown. In actuality, General Perkins thinks education, and the critical thinking that comes from it, better prepares us for the unknown. He suggests incorporating critical thinking, decision making, and leadership into training events, even virtual and constructive ones.
General Perkins believes the Army must adapt future Programs of Instruction to a changing world. His question is, “How do we bring that changing perspective into the educational domain?” He added that the military cannot tie itself to only one domain; training must incorporate all the domains: land, air, sea, space and cyber.
General Perkins explained, “A lot of times as I was growing up in the Army, we would have a training strategy with various gates and sometimes some of our simulations and training aids and devices weren’t all that great. But it would be put in the strategy like, ‘You have to do this first, then you have to do this, and you have to do this.’ And it may not have actually been a particularly useful tool for getting at what you want to get at, but it was a requirement. You can’t do this until you get to this, and so it was a little bit of a check the block.”
Ultimately, General Perkins advocated for “command, training, and student (training, education and the art of command)” to come together so that training is an integral part of command and not something different or extra. He wants to see not just industry change their technology ideas, but for the Army culture to change regard training as integral with command and operations. His challenge to industry is to help the Army make this happen.
In a series of three posts, we’re highlighting remarks from retired Army Four-Star General David G. Perkins, former Commanding General of the U.S. Army Training and Doctrine Command from his keynote address at the Interservice/Industry Training, Simulation and Education Conference in Orlando, Florida in November 2017.
This is a guest post by TAPE President and CEO Louisa Jaffe.
In Part 1 of the blog series, we discussed three innovative aspects of training that a commander needs from industry as identified by General Perkins. In this post, we delve deeper into the third aspect – that we must see training “as a tool, not a task.”
General Perkins stated, “What we need to do is make sure that when we take a look at our training capabilities and training aids, devices, simulators, and simulations (TADSS) that commanders will say, ‘This actually solves one of my training problems.’ It’s not a tasking to do it. It’s a tool that I can use to get better.”
He exclaimed that he does not need “a tool that is just a tool to train, for training’s sake.” General Perkins specified that he needs industry to innovate a tool “that I can use to train for specific missions – mission rehearsal exercises.” He sees a future where a commander, when given a mission to conduct an attack, will also, “look immediately at what training capability [is needed] to get ready for that mission.”
General Perkins called upon the Army to completely integrate training in a mission from its inception. Moreover, he challenged industry to develop the type of training tools that the Army could use across the enterprise from education to training to mission rehearsals. He does not want any more “one trick ponies.” Using General Perkins’ framework, soldiers would waste less time learning multiple training tools and the training data inherent in the tools would benefit commanders across multiple domains.
General Perkins provided key insight into industry’s difficult task of innovating for military training. In Part 1 of this series, we detailed that he not only wants to see the emotional and practical experience of a large-scale live exercise, but one that is put into live, virtual, and constructive (LVC) environments to scale a combined arms training experience.
General Perkins further wants to see all possible domains – land, sea, air, space, and cyber – be interactive in LVC environments. To buttress his goal to integrate training into mission-accomplishment strategy, General Perkins wants to see TADSS become integrated tools for operations instead of separated tasks.
General Perkins envisions innovative training that becomes an extension of the service member at the same time it becomes an innovative extension of leadership itself up to the highest levels. He affirms that the Army is open and receptive to innovations “that connect useful powerful tools with mission strategy.”
The third and final post in this series will explore General Perkins’s innovative views about the concepts of education versus training.