Federal agencies and GovCons alike need robust solutions to safeguard facilities, operations, systems and data, in the face of ever-increasing threats.
At SIMS Software, a provider of industrial security information management software to the government and defense industries, CEO and President Michael Struttmann advocates for a big-picture approach to security. Contractors, in particular, need a strategy that operates across the breadth of the enterprise. They need something that engages all stakeholders and addresses risks at all levels of the operation.
We caught up with Struttmann to talk about how GovCons as well as government agencies can benefit from this enterprisewide approach to security.
At a high level, how can federal agencies and GovCons address more security effectively?
A key element for any organization is building an effective culture and commitment around security with the engagement of senior leadership. As we struggle to find the proper equilibrium of in-office, remote and telework, developing a culture of security must be a top-down imperative.
Often, company leadership thinks that hiring a good security leader is the end of their involvement. It’s only the beginning. Successful security programs, without exception, have strong leadership support and involvement.
How have agencies and GovCons approached security in the past, and why is it no longer sufficient?
Many organizations approached security in terms they could see — gates, guards, physical protections and so on. The truth is, the threats come from many different vectors, so your security programs must be an enterprisewide effort, and coordinated between multiple functions such as IT, security, facilities, HR, ethics, plus other internal stakeholders.
In our own case, SIMS went from a simple compliance tool at its inception nearly 40 years ago to the powerful enterprise security resource it is today.
What’s a security enterprise resource planning solution and how does it work?
A security ERP provides the users in the field an automated compliance tool that helps them track and measure all the things an organization is trying to protect, such as personnel, security clearances, government furnished equipment, proprietary assets and anything else considered sensitive.
From that same tool, used throughout the enterprise, users and leaders can spot trends from the metrics it produces — such as the level of cleared personnel per site, approved IT systems, foreign travel activity and also insider threat trends such as repeated violations or suspicious activity, adverse information reporting and so much more.
How does SIMS Software help its customers to bring this to life?
It’s not simply about having a technology tool to accomplish the mission. It’s also about having the know-how to maximize the utility of the solution. This will sound cliché, but we truly go to the ends of the Earth to make our customers successful with our security suite, and our 39-year track record is a solid proof point.
Many members of our customer engagement team were security officers in major enterprises, including U.S. government, so they know what good security looks like and what leadership expects of them. We can put a security tool designed by security professionals in the hands of our clients, with the necessary support to ensure their success.
Where’s your sweet spot — is it the agencies or GovCons?
Currently, our sweet spot is in the contractor community, although we have made great strides in the defense and intelligence government markets. We are in virtually all the major defense and intelligence contractors you can name, and many smaller contractors. Due to the flexibility of the product, it appeals to small and large customers alike.
What’s your growth strategy? Where are you looking to expand and how will you get there?
Our primary target right now is the U.S. government agencies in the defense and intelligence fields. That said, if any agency has a security program, we want to help them.
Our tool isn’t just for classified national security programs; it’s for all enterprise security programs. Whatever you are charged to protect, account for, track or report, we have the tool to support your security program.
What’s your biggest business challenge and how are you addressing that?
First, and most obvious, it’s the “new normal” of grappling with the dynamics of the pandemic — ensuring secure data access and work capacity for remote employees and trying to keep everyone healthy. Fortunately, we have supported a remote workforce for several years, being mindful that security is paramount. In addition, we use our own product to protect clearances and sensitive information.
Second, it’s staying ahead of our talent pipeline needs to continue fueling our growth. There are innumerable companies competing for cybersecurity professionals — many with multibillion- and even trillion-dollar valuations. Having been part of numerous entrepreneurial organizations in California has afforded me the opportunity to draw upon a proven talent pool. When necessary, we use recruiters for specialized needs.
On a personal level, what makes this work interesting/meaningful for you?
Making dedicated security professionals more successful and responsive to their organizations, while protecting national security interests. When people have a clear picture of the risk profile they are charged to protect, their confidence and effectiveness grows by leaps and bounds. That is super satisfying to me and my team.