Booz Allen Hamilton: Cybersecurity Risk Management Is Not One-Size-Fits-All

Rising two spots from last year to come in at #12 on the BGOV200, Booz Allen Hamilton won $4.9 billion in federal contracts in FY18.

In 2018, Booz Allen Hamilton received the biggest federal task order in the company’s history, winning more than $1.6 billion in business to provide 13 different government agencies with tools to manage their cybersecurity risk. Today, the company’s continuous diagnostics and mitigation (CDM) solution protects nearly 80% of all federal .gov networks, including more than 5 million devices, 2 million users, and 120 individual federal organizations.

Booz Allen, which won a similar contract in 2014, is no stranger to security risk management. Vice President Rob Allegar, who leads the firm’s CDM work, has been at Booz Allen for more than 20 years. He’s seen the field of risk management evolve from manual reviews of possible risks to complex systems that can find changes and conduct risk analyses in real time.

“[CDM] started as an efficiency program around trying to optimize the connection approval around systems as they’re built,” Allegar says. When a computer or software system is built, there’s an approval process to make sure that all stakeholders are aware of and can manage the risks.

“Six or seven years ago, that process was manual,” Allegar explains. “Someone would build a system, and then a team would come in and analyze it, put a report together, and then leaders would sign off. It took a while to do.”

See the full BGOV200

Once a system was up and running, the process would happen again every year or two. It was slow, making it easy for adversaries to take advantage of yet-undiscovered vulnerabilities.

CDM was developed as a way to automate this process. It involves continuous diagnostics and real-time monitoring. This is the service that Booz Allen now provides to most federal agency networks.

“It’s over 120 separate agencies, and we have to take into account the local environment of each one,” Allegar says. “We tailor our solution to every single environment, and we have about 500 separate configurations. It’s not one-size-fits-all. You have to understand each agency’s distinct mission.”

“One of the NASA administrators told us that the CDM we’ve deployed is protecting the space station,” he adds. “That’s pretty cool.”

Other companies on the BGOV200 interested in sharing their story can contact us here.