In 2018, Booz Allen Hamilton received the biggest federal task order in the company’s history, winning more than $1.6 billion in business to provide 13 different government agencies with tools to manage their cybersecurity risk. Today, the company’s continuous diagnostics and mitigation (CDM) solution protects nearly 80% of all federal .gov networks, including more than 5 million devices, 2 million users, and 120 individual federal organizations.
Booz Allen, which won a similar contract in 2014, is no stranger to security risk management. Vice President Rob Allegar, who leads the firm’s CDM work, has been at Booz Allen for more than 20 years. He’s seen the field of risk management evolve from manual reviews of possible risks to complex systems that can find changes and conduct risk analyses in real time.
“[CDM] started as an efficiency program around trying to optimize the connection approval around systems as they’re built,” Allegar says. When a computer or software system is built, there’s an approval process to make sure that all stakeholders are aware of and can manage the risks.
“Six or seven years ago, that process was manual,” Allegar explains. “Someone would build a system, and then a team would come in and analyze it, put a report together, and then leaders would sign off. It took a while to do.”