VIP Helps Veteran-Owned Businesses Connect the Dots in Doing Business With the Government

Hanover, MD June 9, 2011; The Birchmere Group, LLC recently completed the Veteran Institute Procurement (VIP), a comprehensive training and certification program that helps veteran-owned businesses strengthen their ability to win government contracts and do business with both military and civilian agencies they once served in uniform.

On June 9, 2011, The Birchmere Group, LLC was one of 34 businesses from nine states to graduate from the National Center for the Veteran Institute for Procurement at the Bolger Center, a government-owned conference facility located in Potomac, Md. During the program’s graduation, Stewart Redfield, Birchmere Group’s President/CEO, was presented with a congressional citation on behalf of the Honorable John P. Sarbanes, 3^rd Congressional District, Maryland.

“BECAUSE OF VIP, THE BIRCHMERE GROUP IS WELL ON ITS WAY TO BEING SUCCESSFUL.”

VIP was established by the Montgomery County Chamber Community Foundation (MCCCF) in 2009. After two years of successfully serving veteran-owned business leaders in the Washington Metropolitan Area, VIP organizers responded to interest from veterans around the country and broadened to a national program in 2011.

“VIP provides veteran-owned business leaders who are looking to position themselves for greater success in the fast-growing marketplace of government contracting,” said Barbara Ashe, president, Montgomery County Chamber Community Foundation.  “By helping entrepreneur-minded veterans succeed as government contractors, we are not only supporting those men and women who have served our nation, but also the veterans they hire, the citizens they serve, the government agencies and prime contractors they support, and the overall economy,”

VIP is a three-day, 27-hour comprehensive certification program instructed by professional service experts who present best business practices as volunteers.  The curriculum focuses on topics tailored to the federal contracting space: strategic planning; legal, contracting
and teaming agreements; accounting and financial compliance; marketing, capture, and proposals; risk management, operations and quality assurance; and insurance and human resources.  Participants must be a C-level leader in a Veteran-owned business operating for at least two years with minimum of 3-4 full time employees, annual revenues less than $25 million, and experience working on government contracts as a prime and/or sub-contractor to a prime. The program is funded by the Montgomery County Chamber Community Foundation (MCCCF) through private sponsorships and is offered at no cost to taxpayers or the participants (except transportation).

For information:  Stewart Redfield, 800-245-9916 x501, info@birchmeregroup.com

For information on VIP: Barbara Ashe, 301-738-0015 x215; bashe@montgomerycountychamber.com

For additional information or to register for the October sessions, please visit Veteran
Institute for Procurement or the Montgomery County Chamber Community Foundation

Though Gen. Alexander noted that such a solution was just one that is on the table, he stressed that the federal government, including U.S. Cyber Command, will likely be part of a team approach to helping protect the nation’s critical infrastructure from devastating cyber attacks.

The White House, he said, is leading a group to look at cybersecurity policy and at the authorities currently in place to protect the nation’s networks, including critical infrastructure networks.

“The question is, how do we do it,” Alexander said. “Doing it, technically, is fairly straightforward. Getting everybody satisfied is the harder thing.” Any such plan, he said, would leave the commercial Internet, “where our kids might communicate,” untouched.

Discover why tomorrow’s governments will close the technology gap by adopting a converged infrastructure and modular blade servers.

Eliminating Waste in Gov IT Infrastructure

For today, Cyber Command’s role is limited strictly to defending Department of Defense networks from cyber attacks and standing ready to execute offensive cyber operations on command, and as directed help the Department of Homeland Security defend broader government networks. The White House and Congress will ultimately lead the way in better defining any broader role that Cyber Command will have.

That said, Alexander confirmed that his team has taken part in analysis of the recent Stuxnet worm that successfully attacked several power plant control systems worldwide earlier this summer.

Alexander is also already working on plans to help protect the defense industrial base, a key task in the wake of successful attacks against defense contractor networks over the past few years that have stolen sensitive information. “It gets to, how do we provide them a level of protection analogous to what the government would have, so that their secrets aren’t going to be stolen,” he said.

U.S. Cyber Command is slated to formally reach full operating capability on October 1, and Alexander plans Thursday morning to inform Congress of the progress being made at Cyber Command as well as the military service components that will support it. About 1,000 military, civilian, and contractor employees work in Cyber Command today, supporting, among other things, an always-on joint operations center to direct the defense and operations of DoD networks.

The command is collocated at Maryland’s Fort Meade with the National Security Agency, which Alexander also leads. Alexander characterized the collocation as critical to Cyber Command’s success, since NSA can provide both the technical talent key to protecting defense networks and the intelligence key to helping attribute attacks to particular people, organizations or nations.
Each military service has a unit that will support Cyber Command’s mission. Among them, the Army Forces Cyber Command will reach full operating capability along with U.S. Cyber Command on October 1, and the 24th Air Force recently passed an inspector general audit of its own operating capability and is thus well on its way to full capability as well.

Alexander said that he has done some scenario walkthroughs with the Department of Defense, the White House and other federal agencies, noting that from a military perspective, he likes to run wargames to better understand capabilities and authorities. “I don’t want to fail in meeting the expectations of the American people, the White House and Congress when something happens in cyberspace, and they say, ‘well, where was Cyber Command on this?’”

In fact, U.S. Cyber Command was born out of decisions made in the aftermath of Operation Buckshot Yankee, the military’s 14-month response to a worm that spread on defense networks via flash drive in 2008, exfiltrating military information along the way to what Pentagon leaders, including Alexander, say was a foreign nation state. “We’ve got to do a better job at defending [our networks], and that’s why we put U.S. Cyber Command together,” Alexander said. Cyber Command’s budget was about $120 million this fiscal year, and will be about $150 million in fiscal 2011, mostly going to contracts.

How agencies can use SDKs to build robust security systems

Network Intelligence Improves Gov Security

More broadly, Alexander applauded efforts underway in Congress and the White House to look at how laws and policy need to be changed to address today’s cybersecurity problems. “The laws we did 35 years ago are laws now that we need to update,” he said, noting that legal and policy changes will likely need to go through revisions to get them just right, and that explaining the changes to the American people will be a key part of the process. “We can protect civil liberties and privacy and still do our mission.”

“This is one of the most critical problems our country faces,” Alexander said. “We’re losing money today, and there is a real probability in the future this country will be hit by a destructive attack. We need to be ready for it.”

Email J. Nicolas Hoover at nhoover@techweb.com

Read more at http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227500515

The United States Computer Emergency Readiness Team, or US-CERT, monitors the Einstein intrusion-detection sensors on nonmilitary government networks, and helps other civil agencies respond to hack attacks. It also issues alerts on the latest software security holes, so that everyone from the White House to the FAA can react quickly to install workarounds and patches.

But in a case of “physician, heal thyself,” the agency — which forms the operational arm of DHS’s National Cyber Security Division, or NCSD — failed to keep its own systems up to date with the latest software patches. Auditors working for the DHS inspector general ran a sweep of US-CERT using the vulnerability scanner Nessus and turned up 1,085 instances of 202 high-risk security holes (.pdf).

“The majority of the high-risk vulnerabilities involved application and operating system and security software patches that had not been deployed on … computer systems located in Virginia,” reads the report from assistant inspector general Frank Deffer.

Einstein, the government’s intrusion-detection system, passed the security scan with flying colors, as did US-CERT’s private portal and public website. But the systems on which US-CERT analysts send e-mail and access data collected from Einstein were filled with the kinds of holes one might find in a large corporate network: unpatched installs of Adobe Acrobat, Sun’s Java and some Microsoft applications.

In addition to the 202 high-risk holes, another 106 medium- and 363 low-risk vulnerabilities were found at US-CERT.

“To ensure the confidentiality, integrity, and availability of its cybersecurity information, NCSD needs to focus on deploying timely system-security patches to mitigate risks to its cybersecurity program systems, finalizing system security documentation, and ensuring adherence to departmental security policies and procedures,” the report concludes.

In an appendix to the report, which is dated Aug. 18, the division wrote that it has patched its systems since the audit was conducted.

DHS spokeswoman Amy Kudwa said in a statement Wednesday that DHS has implemented “a software management tool that will automatically deploy operating-system and application-security patches and updates to mitigate current and future vulnerabilities.”

Email  Kevin Poulsen at kpoulsen@wired.com

Read More http://www.wired.com/threatlevel/2010/09/us-cert/#ixzz0zAK3T6Or

“A critical element of a robust cybersecurity strategy is having the right people at every level to identify, build, and staff the defenses and responses. And that is, by many accounts, the area where we are the weakest.”

So says “A Human Capital Crisis in Cybersecurity,” a new study into computer security manpower challenges and potential solutions released by the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th President. The CSIS is a bipartisan public and foreign policy think tank in Washington.

According to the commission’s report, “we not only have a shortage of the highly technically skilled people required to operate and support systems already deployed, but also an even more desperate shortage of people who can design secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate, and reconstitute from damage due to system failures and malicious acts.”

Those warnings were echoed by Jim Gosler, a fellow at Sandia National Laboratory, National Security Agency visiting scientist, and the founding director of the CIA’s clandestine information technology office. Speaking to National Public Radio, he said that “we don’t have sufficiently bright people moving into this field to support those national security objectives as we move forward in time.”

Gosler has previously estimated that the United States requires 10,000 to 30,000 people who are highly skilled at cybersecurity but that currently, only about 1,000 are available.

To help the country beef up its cybersecurity prowess, the CSIS notes that pursuing the Comprehensive National Cybersecurity Initiative to attack the problem across multiple domains — including education and R&D — should help.

The commission also recommends creating better cybersecurity certifications. Interestingly, it found that “the current professional certification regime is not merely inadequate; it creates a dangerously false sense of security,” because certifications focus “on demonstrating expertise in documenting compliance with policy and statutes, rather than expertise in actually reducing risk through identification, prevention, and intervention.”

Alan Paller, director of research for SANS, seconded those certification findings and noted that the issue isn’t to do with mistakes in designing certification, but simply that the requirements have changed. “Certifications mostly measured soft skills, and that was all that you needed 25 years ago in security,” he said. “But as the nation states started using it for military purposes, and organized crime groups started using it for financial crime, it suddenly became serious, and very technical.”

Unfortunately, certifications haven’t kept up. “If you take any of the common security certifications for auditors or security professionals, you could quite comfortably pass it. But then if I asked you to reverse-engineer the malware used in this Siemens attack, you’d look at me like I was crazy.” Today, however, the U.S. desperately needs those technical security experts.

By Mathew J. Schwartz

Read more:  http://www.informationweek.com/news/smb/security/showArticle.jhtml?articleID=226100078

The Commission on Cybersecurity for the 44th Presidency, which the Center for Strategic and International Studies created in October 2007, is finalizing a draft report on ways to expand the pool of qualified job candidates. The recommendations also will ensure federal employees and contractors receive the ongoing training needed to effectively protect computer networks and systems.

“We’re recommending that this be a continuous learning and demonstration of skill,” said Karen Evans, commission member and former administrator for e-government and information technology at the Office of Management and Budget. Evans, who spoke at the Digital Government Institute’s Cybersecurity Conference and Expo on Thursday, also is leading the U.S. Cyber Challenge, which is a nationwide talent search and training program designed to identify 10,000 young Americans qualified to fill cybersecurity positions in and outside government.

The administration should define a core set of skills cybersecurity workers must possess, Evans said, and encourage individuals to build upon those core talents in specialized areas that more closely match their responsibilities. For example, employees could focus on offense to weed out potential threats before they penetrate the computer networks and systems, or defense to minimize vulnerabilities and make cyberattacks more difficult. Training should extend beyond the cyberwarriors hired specifically to prevent attacks, Evans noted, to include the network operators, who need to balance security with performance, and developers, who should bake security into software applications from the start.

Among the report’s primary recommendations is for the administration to establish an independent certifying body that would develop standards to test cybersecurity skills and create career paths based upon those certifications. Federal agencies also could require contractors providing products and services to meet the same certification requirements.

“This is not just about creating a standard for those on the federal payroll, but using the certification to ensure those selling to government are held to that same standard,” said Frank Reeder, commission member and former director of the White House Office of Administration. The certifying body would play the same role for cybersecurity that the National Board of Medical Examiners plays for health care, he added.

But driving certification requirements is not government’s job, said an Air Force employee attending the conference.

“Government doesn’t train doctors and lawyers — they hire them,” he said. “Why should government pay for [cybersecurity] certifications, and why should I take another exam to prove I know what I know? It seems [this is] making it more hard for talent to come in.”

Both Reeder and Evans noted the goal of a certification process would be to leverage talent and training, not start over.

“There’s nothing that suggests the federal government create a training machine,” Reeder said. “But [Veterans Affairs Department] hospitals expect physicians to meet certain levels of training and, where applicable, have certifications and licenses to practice; that’s the model.”

He said he hopes the certifications would mature to the point where a licensing process could be established, but that’s still a long way off.

“Licensing specifically involves the state using its authority to state ‘You must not do X unless you meet a certain standard,’ ” Reeder said. “At this point, while that may be a vision or pipedream, we’re not there yet.”

In addition, the report will recommend that the administration classify cyber roles that require targeted education and training, and require academic institutions that receive federal funding for cybersecurity programs to revamp the curriculum to address those defined skill sets.

Email Jill R. Aitoro at jaitoro@nextgov.com

Read more:  http://www.nextgov.com/nextgov/ng_20100604_2456.php?oref=topstory

“This has truly been a bipartisan effort. This is a very good bill,” said Rep. Edolphus Towns, D-N.Y., chairman of the House Oversight and Government Reform Committee.

The 2010 Federal Information Security Amendments Act (H.R. 4900) aims to bolster the government’s defenses against cyberattacks that have grown in number and intensity since the original information security law was enacted almost a decade ago.

The proposal now heads to the House floor, where a vote is expected by mid-June, according to a Democratic leadership aide.

The bill would codify several Obama administration policies that many cybersecurity specialists say are key to fixing the 2002 Financial Information and Security Management Act. An April White House memo dictated that agencies begin by the fall to monitor electronically and continuously the security of their computers and to transmit monthly status reports to the administration. H.R. 4900 calls for constant, automated monitoring of IT systems to detect and respond to vulnerabilities. That differs from the existing FISMA practice of filing periodic paperwork that certifies networks are compliant with an array of security procedures.

Republicans and Democrats on Thursday agreed to a substitute amendment that would ensure procurement policies associated with cybersecurity do not discriminate against certain products and accommodate emerging technologies, said Rep. Diane Watson, D-Calif., who introduced the bill in March.

The Government Management, Organization and Procurement Subcommittee, which Watson chairs, initially approved the bill on May 5. Some industry groups raised concerns at the time about language requiring the government to issue a list of technologies, in order of priority, that agencies should use to automate security functions. Companies said the list would hastily choose winners and losers in a quickly evolving technology market and could stymie innovation.

“This is a mutually agreed to and completely vetted amendment,” said ranking member Rep. Darrell Issa, R-Calif.

The bill also would establish a permanent director of cybersecurity and a CTO at the White House. President Obama used his regulatory powers to create the White House cybersecurity coordinator and CTO posts, now filled by Howard Schmidt and Aneesh Chopra, respectively. But he or any future administration can revoke the positions.

H.R. 4900 would demand agencies incorporate security requirements into IT contracts, rather than adding safeguards as separate investments. Federal Chief Information Officer Vivek Kundra testified in the spring before Watson’s subcommittee that agencies should avoid attaching security as an afterthought, noting that IT investments are more effective when security is included by default.

The final bill does not contain language, proposed by a representative outside the committee, that would have granted the cyber czar budget authority and allow the official to recommend that the president deny awards and bonuses at agencies that fail to secure their IT infrastructures. Members, however, drew from the intent of that language, contained in a bill that Rep. Jim Langevin, D-R.I., introduced on May 6, to give the cybersecurity director’s office the “options necessary to encourage and maintain accountability of any agency, or senior agency official, for efforts to secure the information infrastructure of such agency,” Issa’s office said.

In the coming weeks, Sen. Joe Lieberman, I-Conn., chairman of the Senate Homeland Security and Governmental Affairs committee, is expected to unveil a comprehensive cybersecurity bill that includes language similar to H.R. 4900.

Email Aliya Sternstein at aSternstein@nextgov.com

Read more:  http://www.nextgov.com/nextgov/ng_20100520_4353.php

Job Description:

The successful candidate will have the following:
- Technologies/Skills: Storage background to include knowledge of Storage Area Networks (SAN), Back-up and Disk Array storage technologies.
- Project management with skills in MS Project a plus.
- Minimum of 5 years within the Storage Technologies area.  Experience managing a team of storage engineers, and coordinating tasking(s), scheduling, reporting and attending management meetings.
- Certifications desired: Brocade, NetBackup, NetApp.

Essential Job Functions
- Designs and develops highly complex, integrated solutions to meet business requirements or enhance performance.
- Performs and evaluates cost analyses and vendor comparisons for large scale projects to ensure cost-effective and efficient operations. Measures feasibility of various approaches and makes recommendation(s). Ensures adherence to model created and overall budgetary guidelines.
- Recommends moderately complex systems investment(s) to management and customers based on results of independent assessment of current and future performance, stability, and systems management/life cycle issues.
- Provides escalated, highly complex technical support to customers by investigating and resolving systems-related matters of significance; provides support telephonically and/or electronically.
- Plans, conducts and oversees the technical aspects of projects; coordinates the efforts of technical support staff in the performance of assigned projects.
- Applies advanced methods, theories and research techniques in the investigation and solution of the complex system requirements and problems. Develops training tools and documentation; oversees implementation of same.
- Reviews literature, patents and current practices to support business requirements and/or new industry technology. Prepares reports regarding new technology to communicate to appropriate personnel.
- Provides technical consultation on current and proposed systems to other organizations and clients.
- Provides leadership and work guidance to less experienced personnel.

Basic Qualifications
- Bachelors degree or equivalent combination of education and experience
- Bachelors degree in systems engineering, computer science, management information systems, or related field preferred
- Seven or more years of experience in systems engineering, software engineering, operating systems programming or naval architecture
- Experience working with computer hardware, operating system software and desktop applications with a specific concentration in one or more areas
- Experience working with one or more structured programming languages
- Experience working with design principles and applications
- Experience working with design principles and applications related to integrated plant, aircraft, ship and/or weapons systems (Naval Architecture only)
Other Qualifications
- Strong communication skills to communicate systems proposals to management and customers and provide systems diagnoses and resolution for current systems
- Strong organization skills to prioritize work, balance and lead complex projects
- Good interpersonal skills to interact with customers, senior level personnel, subordinates, and team members
- Good leadership skills to guide and mentor the work of less experienced personnel
- Ability to integrate complex hardware and software systems
- Ability to work independently and as part of a global team

Job Description:

Senior System Administrator for Sun Solaris Enterprise Level Systems, with Top Secret/SCI and Fullscope Polygraph clearance needed to load, configure and maintain Solaris physical and virtual servers.
Ideal candidates will have 5-7 years experience with the following:  Solaris 10 (sparcard X86), VM Ware, ZFS, Veritas Storage Foundation, SSH, PKI, Apache, and TCP/IP Networking;

Preference given to candidates with one or more of the following certifications: Solaris 10; VMware (ESX).

Essential Job Functions
- Coordinates with client management to formulate complex technical solutions. Informs client management of appropriate developments in technical support products.
- Evaluates products and upgrades for appropriateness. Oversees and implements system upgrade strategies.
- Leads the design, implementation, and maintenance of complex solutions. Coordinates activities with other technical personnel as appropriate.
- Develops and analyzes highly complex system standards, thresholds, and recommendations to maximize system performance.
- Conducts capacity planning reviews with management and approves capacity plans formulated by less experienced personnel.
- Develops strategies to manage the frequency of appropriate support package/patch application. Monitors database maintenance and provides appropriate recommendations, when required.
- Coordinates with business development personnel on proposals and work estimates involving highly complex system administration projects and solutions.
- Researches current systems technology and serves as subject matter expert on complex systems processes and procedures.
- Provides technical leadership to internal and external personnel on highly complex system installation processes. Mentors and provides guidance to less experienced personnel.
- Provides technical leadership to appropriate personnel on highly complex system administration activities. Provides technical solutions and escalated support for non-routine, highly complex technical issues.

Basic Qualifications
- Bachelors degree or equivalent combination of education and experience
- Bachelors degree in computer science, management information systems, or related field preferred
- Seven or more years of technical experiences in a client-server environment
- Experience working with highly complex systems administration, database administration, and landscape maintenance
- Experience working with company products and services
- Experience working with company and client documentation and storage procedures
Other Qualifications
- Strong analytical and problem solving skills
- Leadership skills to guide and mentor the work of less experienced personnel
- Strong communication skills
- Strong personal computer and business solutions software skills

Job Description:

The Birchmere Group is seeking to hire a SQL Server DBA holding an active TS/SCI Fullscope Polygraph who will be responsible for providing technical consulting services to our government client in data and database architecture. The ideal candidate will also be responsible for establishing information management direction for the entire enterprise and participating in the formulation of strategic direction for data management.

Essential Job Functions
- Monitors database activity and file usage, and ensures necessary resources are present. Determines data to collect and analyzes information as appropriate. Investigates and resolves technical database issues of significance.
- Oversees the analysis and determination of database performance characteristics, informational needs and elements, data relationships and attributes, proposed manipulation, data flow and storage requirements, and data output and reporting capabilities for more complex databases. Recommends and implements tuning opportunities to improve system response and run times.
- Defines logical attributes and data inter-relationships and designs complex data structures to accommodate database production implementation, storage, maintenance and accessibility to enhance performance.
- Optimizes database accessibility by developing load balancing architectures and processes to eliminate down time for backup processes. Limits database accessibility based upon information security level and ensures data spillage from more secure to less secure databases does not occur.
- Implements and supports database security regulations, policies, and guidelines. Monitors security bulletins to obtain information of potential threats; installs necessary security patches to ensure ongoing database security.
- Plans and installs upgrades of database management systems (DBMS) software as necessary to enhance database performance. Researches various hardware and software products; recommends solution and implements approved products.
- Functions as a technical project leader or provides work leadership for less experienced personnel on a portfolio of databases, including installations and upgrades of DBMS software and backup/recovery strategies. Reviews and approves application and database design decisions to ensure that application solutions exhibit high levels of performance, security, scalability, maintainability, and reliability upon deployment.
- Assists project managers in the development of project plans including detailed project estimates and tasks required for database activities. Utilizes standard corporate tools to record change and problem activities for tracking purposes.
- Integrates databases and commercial of the shelf software; resolves conflicts between databases and of the shelf software, operating systems, and open source applications.
- Designs and tests database installation, implementation, and recovery scenarios. Determines test to use and collects appropriate data according to established guidelines. Participates in analysis, development and implementation of unique database recovery plans in response to client-impacting outages.

Basic Qualifications
- Must hold an active TS/SCI Fullscope Polygraph

- Bachelors degree or equivalent combination of education and experience
- Bachelors degree in computer science, management information systems, or related field preferred
- Six or more years of experience in database design or maintenance
- Experience working with computer hardware and software installation/upgrading procedures
- Experience working with database and system maintenance procedures
- Experience working with database creation techniques and database management systems (DBMS) features
- Experience working with database performance tuning
Other Qualifications
- Good analytical and problem solving skills
- Good programming skills for database management and general software
- Good communication skills
- Leadership skills to guide work teams
- Ability to work in a team environment
- Ability to anticipate problems and take decisive action
- Willingness to travel