1. VA Tech Expo
Department of Veterans Affairs
Frank McIntire, CyberSecurity & Quality Management
SDVOSB (CVE)
(719) 651-7746 frank.mcintire@comcast.net
2. Introduction
1974 - 1996
• F-111 A/E Instructor, Flight Lead, Ops Officer,
• F-111 E Quality Assurance Branch, Check Flight
• F-111 A Red Flag, Top Gun, Platform Instructor
• US Air Force Academy Faculty, Behavioral Science
• Air Force Quality Institute, Deputy Commander
• AF Space Command Quality, Deputy Director
1996 – 2005
• KPMG Consulting, Quality Management
• Veteran-owned Small Business (2000 - present)
• USAF, Army, commercial clients
• Alaska Native Corporate clients
• Oracle Federal Security Group
• Infinite Group, Inc. CyberSecurity
For Veterans Affairs: program implementation and education and training.
Mission
Risk
Value
Process
COTS functionality
Partnership
Innovation
Skill
Experience
Integrator and Vendor
VA FLITE IFAS 2007-2008 VA AAC
3. Procurement Process - PBA
Benefits of Performance-Based Acquisition
• Increased likelihood of meeting mission needs,
• Focus on intended results, not process,
• Better value and enhanced performance,
• Less performance risk,
• No detailed specifications or process descriptions,
• Contractor flexibility in proposing solution,
• Better competition: contractors and solutions,
• Contractor buy-in and shared interests,
• Shared incentives permit innovation and value,
• Less likelihood of a successful protest,
• Surveillance: less frequent, more meaningful,
• Results documented for GPRA; and
• Variety of solutions from which to choose.
For Veterans Affairs: a low-risk implementation; low-risk award.
Mission
Risk
Value
Process
COTS functionality
Partnership
Innovation
Skill
Experience
Integrator and Vendor
VA FLITE IFAS 2007-2008 VA AAC
4. SMS BUSINESS FLOW
IFAS TEAM
INDUSTRY
SMS INTERFACE
D
Evaluation notices, best
and final offer, review and
award
Contract Start Transition Implementation
End
State
Identify interface
requirements and functional
requirements that are
relevant for evaluation
notices, best and final, and
to support an award.
Identify business process
requirements and functional
requirements that are
relevant for evaluation
notices, best and final, and
to support an award.
Award to Vendor and
Integrator
Vendor and Integrator begin
contract POP
Vendor and Integrator begin
Transition
Vendor and Intrgrator
performance
Procurement Process
Beginning with the end in mind:
• To “bake in” attributes for the end-state
• Industry standards & best practices
• Program management & governance
• Business transformation
• Quality management planning
• Performance-based training
VA FLITE IFAS 2007-2008 VA AAC
5. Moving Forward
System Integration for DoD and Fed Civilian Intelligence Community
• Oracle integration for DoD, NSA, FBI, CIA, Broad Intelligence Community
• Oracle Federal Financials for DCAA compliance,
• Engineering Change Management (DoD, DoD Intelligence),
• Installations and upgrades for (State, DHS, DIA, DISA, Treasury),
• Global networks, storage, database, phones, VTC (150+ locations),
• Cyber security implementations, HBSS, cryptography, dashboards; and
• Collaboration with DoD engineers and implementation teams.
• DoD cost avoidance of $600 million (2006 – 2012),
• Consolidation of 32 DoD IT services contracts,
• Collaboration with government officials and teams,
• Rough order of magnitude (ROM), and Budgetary estimates; and
• Engineering change proposals for upgrade and life-cycle management.
For Veterans Affairs: technical & quality management skills. 2005 – 2014 Federal Government
7. Commercial CyberSecurity
For Veterans Affairs: ÜberScan Technology delivered by VOSB and SDVOSB teams and IGI.
Defending Veterans Affairs’ Financial and Accounting Systems
One flagship service is CyberSecurity technology and the deployment of the IGI
CyberSecurity Toolkit with ÜberScan Technology and other patented and protected solutions
for federal government agencies, state and local governments, and for commercial clients.
Our ÜberScan Technology is optimized to deliver the most requested CyberSecurity
services: 1) visualization, 2) assessment of vulnerabilities and threats, 3) penetration testing,
4) prioritization of risks, 5) proof-of-concept, 6) phased implementation, 7) remediation of
risks, 8) reporting, and 9) education and training.
IGI teams to deliver IT services and support, and business advisory services for healthcare
and financial services (since 2002). We team with customers’ most trusted and respected IT
services providers for IT service delivery, financial and healthcare systems, and cyber security.
8. Commercial CyberSecurity
Veterans Affairs’ Cyber Education & Training, and Self Assessment
Administrative audit
Catalog existing risk management policies and procedures,
Perform gap analysis – regulatory guidelines vs. current policies and procedures,
Update policies and procedures to reflect industry standards, and
Publish compendium of policies and procedures; certification and training.
Physical audit
Site survey and inspection of all facilities,
Identify gaps with industry standards and compliance,
Examples: American National Standards Institute; Telecom Industry Association (TIA),
Establish physical infrastructure upgrades, punch lists.
Technical audit
Independent computer system risks, threats, and vulnerability assessment,
Objective internal and external analysis, reporting, and trending,
Prioritized lists of IT risks (critical, high, medium, and low),
IT infrastructure life-cycle management plan; certification and training, and
Link IT infrastructure risks with administrative risks (insider threat); physical security risks.
9. Federal Quality Management
Quality Management Education & Training, and Implementation
Federal Quality Management (1992 – 1996)
Executive Quality Leadership for government seniors and their staffs,
Strategic Planning for government agencies action planning for results,
Facilitator and Implementer education and training for agencies,
Alignment with Baldrige Criteria and National Performance Review,
Process management, teams, metrics and measurements, and
Quality Self-Assessment with lessons-learned and best practices.
Federal and Commercial Quality (1996 – present)
Quality management for Air Force and Army contracts (KPMG Consulting),
Total Army Quality & Installation Excellence Awards, The President’s Quality Award,
National Conference and Symposia, government executive onsites & offsites,
Business Process Reengineering, strategic planning, customer satisfaction,
Organizational development, change management, business transformation
Alignment of quality management, technical quality, and quality assurance, and
Expanding metrics and measurement to include engineering change management,
contract consolidation, and cost avoidance for government agencies.
10. Summary
Small Business Contracting since 2000
• DoD SBA contracting (CCR registered)
• Online operational test program management,
• Resource allocation management plan,
• Organizational climate survey (USAF),
• Alignment of government engineers with mission focus,
• Government executive offsites (15 – 300 staffers),
• Contract consolidation – decrease total cost of ownership,
• Installation of Oracle federal financials, RDBMS, RAC,
• Cleared & certified staff for operational systems of record,
• Big wins with small business teams (including SDVOSB),
• Flexible and responsive (to support 150+ locations worldwide),
• Technical, financial, program management expertise; and
• SDVOSB (CVE) Feb 2013 – present (recertified in 2015).
For Veterans Affairs: Technology & Quality delivered by VOSB and SDVOSB teams and IGI.