top of page

Security Minded, Mission Focused

CYBER
SOLUTIONS

Mission-Focused Cyber Resilience

Enterprise cybersecurity programs that protect against dynamic cyber threats while ensuring compliance.
gears.jpg
We combine IT and security domain expertise with problem solving skills and consulting acumen to develop, transform and execute enterprise cybersecurity programs. Our experts speak the languages of our respective stakeholders at all levels of the Federal Government to support innovation and modernization in an ever-changing threat landscape.

What We Do.

 

How We Can Help

 

ABOUT
Cyber Program Transformation

Transforming programs using proven approaches in alignment with our customers’ strategies and objectives.

ABOUT
Cyber 
Operations

Implementing capabilities and tools to proactively bring visibility to vulnerabilities and detect threats.

ABOUT
Governance, Risk, and Compliance

Delivering consistent, repeatable processes to institutionalize IA and Cyber capabilities.

ABOUT
Cyber Program Engagement 

Specialized services underpinning effective Cyber Programs.

We secure more than 185 Federal Information Systems including mission critical, privacy, classified, financial, and cloud-based systems.

Featured Case Study

Getting to Green on a FISMA Scorecard
Client's Needs

Our client was facing pressure from agency leadership due to poor FISMA scorecard performance. Many of the rated areas were in the “red” zone and were attracting unwanted attention. Our client needed to improve their scorecard and “Get to Green”.

Challenge They Faced

Our customer faced many challenges in graded scorecard metrics. For example, in Weakness Remediation and Vulnerability Management, unrealistic deadlines and poorly developed Plans of Action and Milestones (POA&M) were causing POA&Ms to be overdue, and they faced resource challenges with closing them out. Configuration Management activities were performed in an Ad-hoc and inconsistent manner, causing system changes to have an unintentional adverse impact on security posture. Some systems were operating with expired ATOs, or no ATO at all. Many systems operated with no IT Contingency Plan, and those that had plans were rarely tested. The breadth and complexity of challenges causing these issues required a comprehensive solution.

Results We Delivered

EGT first performed root cause analysis to understand the underperforming security functions, and what was ultimately causing the failing grades. Some of the significant findings were a lack of understanding of the factors taken into consideration in determining the FISMA scores, and unnecessary duplication of efforts across teams supporting the FISMA systems. We developed a “Get to Green” plan that identified actions with a low:high resource:impact ratio. As an example, updating existing POA&Ms so they became compliant with departmental requirements led to the POA&M scores going from 7% to 93% for one system, even before significant progress was made towards weakness remediation. We also developed and improved processes and standard operating procedures, provided the right experts, worked with other vendors in a collaborative and transparent manner and reported on all of this regularly to manage customer expectations. As a result of our ongoing efforts, we were able to “Get to Green” on all systems for which we provide ISSO support, in as little as six months. We have been able to maintain or improve on this status on an ongoing basis. Our customer is now able to focus on applying information technology in furthering the agency mission, and less time addressing scorecard related questions and concerns.

Sample Scorecard

 

The scorecards measure agency performance in different cyber “areas of concern” and identify weaknesses that could be exploited by cybercriminals. 

FISMA sheet.png

I'm really amazed by the progress you and the team were able to make in such a relatively short period of time. I particularly appreciate the metrics that objectively demonstrate our [Federal] team’s engagement with you and your team. It’s gratifying to see that not only were good things accomplished but that they’re clearly needed and are filling a gap.

— Federal Agency, Deputy CISO

Real People Making a Difference

 

Chris Ambrose2.jpg

Chris Ambrose

Task Lead, Cyber Solutions

"Working in the world of cybersecurity is challenging on multiple fronts. It takes only one exploitable vulnerability, one unpatched computer, or one open port and the whole system could be compromised.

Working within complex teams, sharing ideas and strategies, and limiting the security exposure to our various networks is an awesome opportunity. I truly enjoy the challenge EGT has afforded me!"

Lilian v1.jpg

Lilian Ekwosi

Task Lead, Cyber Solutions

“In cyber defense, deterrence by denial is the ability to frustrate the attack through defense strategy while deterrence by punishment achieves defense by inflicting cost to discourage and make the attack not worth it. My take is that deterrence by defense is the best offense. After all, certainty of detection is far more important than severity of punishment. Ultimately, my goal as an Information Systems Security Officer is to assess when a cyber attack justifies deterrence by punishment to avoid unnecessary escalation.”

What can we help you achieve?

 

bottom of page