unatek, inc. september 3, 2015 bethesda, md 20817 tel. 301 ...€¦ · bethesda, md 20817 tel....
TRANSCRIPT
September 3, 2015
Attn: Joel Atkinson, Associate Category Manager
4050 Esplanade Way, Suite 360
Tallahassee, FL 32399-0950
Phone: (850) 488-1985
Email: [email protected]
Subject: State of Florida - RFI - Cyber Security
Dear Joel:
Unatek, Inc. is pleased to submit this RFI to the State of Florida in response to the above
referenced solicitation.
Our RFI has been predicated on all terms and conditions of this solicitation. Unatek, Inc. hereby
provides written certification that all requirements of the RFI are understood, no ambiguities
have been identified, and we agree to comply with all requirements without deviation or
exception.
We are confident that you will find this RFI to be in the State of Florida’s best interest. Unatek,
Inc. is pleased to bring the highest level of corporate commitment to bear on this project. Should
you have any questions or require any additional information, please call me at (301) 979-9469.
Sincerely,
_________________________
Bhavana Upadhyaye Sr. Manager, Business Development, Unatek, Inc.
1100 Mercantile Lane, Suite 115-A Largo, MD 20774 www.unatek.com
Unatek, Inc.
10411 Motor City Drive, Suite 750
Bethesda, MD 20817
Tel. 301.222.0374 / Fax. 240. 395-2347
www.unatek.com
RFI Response State of Florida - RFI - Cyber Security
Department of Management Services
REQUEST FOR INFORMATION
Cyber-Security Assessment, Remediation, and Identity Protection,
Monitoring, and Restoration Services
Due: September 3, 2015
Unatek, Inc.
1100 Mercantile Lane
Suite 115-A
Largo, MD 20774
301.583.4629
www.unatek.com
September 3, 2015 Proprietary and Confidential Information
RFI Response
The Management Services Division of State Purchasing
State of Florida - RFI - Cyber Security
Due: September 3, 2015
This document contains data that shall not be disclosed by the State of Florida Department of Management Services and shall not be duplicated, used, or disclosed – in whole or in part – for any reason other than to evaluate this response. If, however, a contract is awarded to Unatek as a result of or in connection with the submission of this document, the State of Florida Department of Management Services shall have the right to duplicate, use, or disclose the data to the extent provided in the resulting contract. This restriction does not prevent the State of Florida Department of Management Services from using the information contained in this document if it is obtained from another source without restriction. The data subject to this restriction appear on all pages of this document.
Prepared by:
Unatek, Inc.
1100 Mercantile Lane
Suite 115-A
Largo, Maryland 20774
www.Unatek.com
Prepared for:
Joel Atkinson, Associate Category Manager
4050 Esplanade Way, Suite 360
Tallahassee, FL 32399-0950
Phone: (850) 488-1985
Email: [email protected]
Submitted: September 3, 2015
i
Table of Contents
SECTION 1: CORPORATE BUSINESS INFORMATION ..................................... 2
SECTION 2: DEMONSTRATED EXPERIENCE ................................................... 3
SECTION 3: CORPORATE HISTORY.................................................................. 6
SECTION 4: MANAGEMENT TEAM..................................................................... 9
SECTION 5: CAPABILITIES (RESPONSE TO RFI SECTION IV) ..................... 11
2
SECTION 1: CORPORATE BUSINESS INFORMATION
Company Name Unatek, Inc.
Corporate Address 1100 Mercantile Lane, Suite 115-A
Largo, MD 20774
Telephone Number Corporate: (301)583-4629
Alternate: (301) 741-0664
Socio-Economic
Classification
SBA 8a Method,
Small Disadvantaged Business Enterprise
Minority-Owned
State Chartered In Maryland
Primary Business Software (Information Technology) Consulting
Date Established June, 1996
Federal Tax
Identification 52-1984420
Duns 003749132
GSA Contract Number GS-35F-0632T (FABS)
Web Site www.unatek.com
3
SECTION 2: DEMONSTRATED EXPERIENCE
Unatek has successfully completed multiple IT projects for a host of clients and is currently
engaged in several on-going client projects. The following Table1 provides details on the “Who,
What, When and Where” of selected demonstrated experience relevant to the SOW.
Table 1: Selected Unatek’s Demonstrated Experience
WHO/WHERE WHAT WHEN
US Department of
Commerce
Unatek, Inc. is providing the US Department of Commerce
with Cyber Security Continuous Monitoring Services.
Start: July, 2010
End: open
US Department of
Commerce
Unatek, Inc. is providing the US Department of Commerce
with Certification and Accreditation Services.
Start: July, 2010
End: December, 2010
Washington Metropolitan
Area Transit Authority
(WMATA)
Unatek, Inc. has a contract to provide WMATA with IT
Security Consultants who will support WAMTA’s Cyber
Security initiatives.
Start: ASAP
End: One year from start
date.
Smithsonian Astrophysical
Observatory (SAO)
Unatek, Inc. is providing the US Smithsonian with
Certification and Accreditation Services.
Start: April, 2010
End: August, 2010
DOL/Washington, DC. Unatek, Inc. provided the DOL Systems Security Architecture
design; FISMA compliance and Cyber Security Services.
Start: August, 2009
End: August, 2010
US DHS/Chesapeake, VA Unatek, Inc. provided the DHS FISMA Compliance
Consulting and Training.
Start: July, 2009
End: December, 2009
US DVA/Hines, Illinois Unatek, Inc. provided the DVA business intelligence training
and consulting with database security component.
Start: March, 2009
End: February, 2010
US Marine Corps/
Honolulu, Hawaii
Unatek, Inc. provided the Marine Corps industry premier
CISSP security training.
Start: August, 2008
End: August, 2010
USAC (FCC)/ Washington,
DC.
Unatek, Inc. provided the USAC Security Control Testing and
Evaluation services.
Start: October, 2006
End: February, 2007
Lockheed Martin/ Orlando,
Florida
Unatek, Inc. provided Lockheed Martin Corporation Intrusion
Detection Architecture, Design and implementation Services.
Start: October, 2004
End: July, 2005
OCTO DC
Government/Washington,
DC
Unatek, Inc. provided the District government computer
forensics and emergency response services.
Start: March, 2007
End: June, 2007
NeighborWorks of
America/ Washington, DC
Unatek, Inc. provided the NeighborWorks of America IT
Systems Security Audit; Security Controls Testing and
Evaluation services; and penetration testing services.
Start: April, 2005
End: July, 2005
Industrial Bank of
Washington/ Washington,
DC.
Unatek, Inc. provided the industrial bank of Washington
Security Controls Testing and Evaluation services; and
penetration testing services.
Start: November, 2004
End: December, 2004
Maryland Comptroller of
Treasury/Annapolis, MD
Unatek, Inc. provided the Maryland Comptroller of Treasury
Data Center Systems Security Audit.
Start: August, 2005
End: September, 2005
4
Metropolitan Washington
Airport Authority
(MWAA)/Washington, DC
Unatek, Inc. provided MWAA Internet Access Control
Policies Review; and Websense application systems
architecture design and operations audit.
Start: July, 2007
End: September, 2010
Metropolitan Washington
Airport Authority
(MWAA)/ Dulles, VA
Unatek, Inc. provided MWAA Security Controls Testing and
Evaluation; penetration testing and general IT security review
of the Dulles International Airport ID Pass system.
Start: April, 2004
End: September, 2005
Prudential Financial
Services/NJ
Unatek performed Sarbanes-Oxley Act (SOX) security
compliance audits on the prudential financial and accounting
applications in New Jersey.
Start: August, 2005
End: September, 2005
In providing services to our clients, Unatek has always strived to deliver timely high-quality
services and have always been creative in addressing the needs and overcoming the obstacles
tenable in specific projects.
Table 2: Representative Clients
WMATA (Washington Metropolitan Area Transit Authority)
Unatek is providing Cyber Security Support to the Washington Metropolitan Area Transit Authority.
SAO (Smithsonian Astrophysical Observatory)
Unatek is providing Information Technology Systems Certification and Accreditation Support to the Smithsonian
Astrophysical Observatory.
US Department of Labor
Unatek is providing FISMA Compliance Support to the US Department of Labor.
US Marine Corps
Unatek is implementing DOD Directive 8570.1 in Six Technology Areas for the Marine Corps.
US Department of Veterans Affairs
Unatek is providing Business Intelligence and Database Management Solutions & Training to the US Department
of Veterans Affairs
US Department of Homeland Security
Unatek is providing Infrastructure Support to the Department of Homeland Security.
Lockheed Martin
Unatek Engineers provided Technical and Subject Matter Expertise Support for Lockheed’s
Next Generation Intrusion Detection and Prevention Program.
Metropolitan Washington Airport Authority
Together with KPMG, Unatek has been providing IT Risk Management Support to the
Metropolitan Washington Airport Authority.
U.S. Department of Commerce
MBDA (Minority Business Development Agency)
Unatek is providing Information Technology Systems Certification and Accreditation Support
to MBDA an Agency of the US Department of Commerce.
5
6
SECTION 3: CORPORATE HISTORY
Unatek has over 14 years of dedicated support to the U.S. Federal Government and commercial clients. Unatek is at the forefront of technological advances, government policy, envisioning the need for information and operational security, investing in facilities, corporate infrastructure and personnel to expand our service offerings as a highly qualified Information Technology company. Unatek continues to be an early adopter of advanced processes, toolsets, security technologies, and services necessary to support our Federal clients. Unatek’s dedication and commitment has ensured lasting relationships with our government clients over the years.
Unatek has been producing efficient, customer-focused systems for 14 years.
Unatek consistently delivers what we promise using Unatek’s service delivery process, —which is aligned with Project Management Institute’s (PMI) Project Management Framework, and System Development Lifecycle Management (SDLCM) methodology.
o We execute our projects using proven, repeatable, industry standard processes, while being flexible enough to incorporate the specifics of the agencies we work with.
o Unatek has extensive experience in working with the SDLCM and will use this to efficiently execute future projects with our clients.
Unatek’s 14-year history includes achievements in Information Assurance, Enterprise Systems Protection, change management and project management for the Federal government.
o Each solution or project is evaluated against performance criteria to ensure customer satisfaction. Unatek has been providing high-quality services to the federal government and commercial clients in enterprise end- to – end security, which support our customer’s program goals.
Unatek’s corporate infrastructure and policies/ procedures are mature and proven, reliable and stable:
o Unatek has the solid financial standing to respond to task orders without having to keep an eye on cash flow. We are a low-risk contractor in this fixed-price, performance-based environment and have successfully delivered on numerous fixed-price, performance-based contracts.
o As a testament to our maturity and dedication to quality, Unatek has a solid history of competitive contracting without reliance on Small Business set-asides, often surpassing our large-business competitors.
Since our inception in 1996, Unatek has specialized in designing, supporting, and integrating networks and security solutions into government agency infrastructures. Unatek’s design credentials and technology insertions have grown along with the technology marketplace—from X.25, SNA, Frame Relay, ISDN, TCP/IP, FDDI, and ATM—in routing and switching environments. Over the years, Unatek has constantly stayed knowledgeable on the newest technology developments through our close business affiliations with top network OEMs like Cisco and Microsoft. Additionally, Unatek developed relationships with leading security and management software companies such as, McAfee, Symantec, Juniper, SourceFire and others.
7
Unatek is one of the few small businesses that can claim a corporate investment in an operational infrastructure dedicated to improving client support services. This commitment includes a facility that houses a 6000 sq. ft. Network and Security Operations Center, Service Desk and Computer Incident Response Center, 1500 sq. ft. Unatek’s expertise enables us to bring in the latest technologies and integrate network and security solutions into our clients’ solution and knowledge-based environments. It is this infrastructure that permits Unatek to maintain and deliver expert services with firsthand knowledge.
Overall Reputation for Satisfying Customers
Unatek conforms to the Project Management Institute’s creed of customer satisfaction and has developed been satisfying Federal customers on every single project we have worked on. Over the years Unatek has developed an excellent reputation for quality and program execution. Unatek has never lost a client because of an unsatisfactory performance; in fact, some of our relationships with Federal clients span over several years, which is a strong indicator of our continuous customer satisfaction and repeat business. Our own internal customer satisfaction surveys are used by Unatek to help identify areas for improvement and also demonstrate the total satisfaction ratings for each client. Unatek continues to score very high ratings year after year. Bringing high quality personnel, industry standard best practices, proven methodologies, and a commitment from senior management to excellence has contributed to the overall reputation and customer satisfaction Unatek enjoys today.
Functional Areas of Expertise
Unatek has three core service areas of concentration: Network & Systems Engineering Services, Managed Services, and Information Security Services. As a Professional IT Services company, Unatek’ strongest assets are its employees. Unatek has invested heavily in training and certifications and continues to encourage employees to reach the highest levels within their respective disciplines. Unatek provides Technology Services for Secure Solutions.
Information Security Services—provides security assessments, security policy reviews and planning, security certification and accreditations, business continuity planning, threat and vulnerability assessments, risk management planning, authentication/encryption design, awareness training and workshops, and common criteria reviews and planning.
Managed Security Services—operates on-call 24/7/365 NSOC and CIRC providing firewall and VPN management, intrusion detection, vulnerability management, incident response and forensics. The NSOC also provides application-hosting services for Federal clients and disaster recovery support from our secure facility.
8
Network/Systems Engineering, Operations & Maintenance Support Services—provides on-site
network and systems engineering support to Federal operational IT environments, technology
assessments, network and telecommunications architecture design, configuration management,
technology and security engineering, staging and testing, configuration and implementation.
Information Security Services Enterprise Management Services Network and System Services
Policy & Procedure Development, Certification &
Accreditation Support, COOP/BCP Development
Security Assessment, Vulnerability Assessment
Compliance Assessment; Training: Security
Awareness; Project, Task and Onsite Services
Product Evaluation and Testing, Product Staging,
Product Installation, Security Engineering,
Application Security Engineering: Infrastructure
Security Design / Engineering,
Encryption Technologies, COMSEC Support;
Project, Task and Onsite Services
Computer Incidence Response Center (CIRC):
Incident Collection and Reporting, Analysis,
Forensics; Response Teams
Consulting, Planning & Assessment
Security Engineering and Integration
Computer Security Incident Response
Remote Network and Security Management:
NOCturnal Services, Network & Server Monitoring:
Fault, Configuration, Asset, and Performance
Management (FCAP)
Security Monitoring: Intrusion Detection System
Management, Firewall Management, Vulnerability
Management
Help Desk
Project, Task and Onsite Services
Network & Security Operations
Data Center Services: Application Hosting,
Remote Backup, Help Desk Support
Disaster Recovery Services, Emergency
Relocation Services: DR/ER Engineering
Data Center Operations
Policy and Procedure Development, Enterprise
Architecture Consulting Support, Technology
Assessment / Enterprise Baselining, Network /
Systems Architecture, Training: TBD
Project, Task and Onsite Services
Consulting, Planning & Assessment
Product Evaluation and Testing, Product Staging,
Product Installation
Network Engineering: Network (LAN / WAN),
Server, Enterprise, Level 3 Response Services
Project, Task and Onsite Services
Network Engineering and Integration
Application Security Design / Engineering,
Systems Engineering, Software Development
Project, Task and Onsite Services
Systems Engineering & Development
Technology Services
9
SECTION 4: MANAGEMENT TEAM
Unatek, Inc. has assembled an impressive management team. All key personnel possess outstanding
qualifications and several years of experience (Table 4), bringing a proven track record in similar efforts.
Table 4: Unatek Management Team
Edication and Professional
Certifications
Experience and Expertise
Chief Marketing and Business Officer, Unatek: Charles Iheagwara
Education
Massachusetts Institute of
Technology, Sloan School of
Management, Cambridge, MA,
Master of Science in Management
(2011)
Harvard University, Harvard
Business School, Boston, MA,
Completed Entrepreneurship and
Business Studies
University of Glamorgan, Wales,
UK, Ph.D., Computer Science
University of Minnesota,
Minnesota, USA, MS, Mineral
Engineering
National University of Science and
Technology, Moscow, Russia,
BS/M.Sc., Metallurgical
Engineering
George Washington University,
Washington, D.C., USA,
Certificate, Environmental
Management Program
Awards
Recipient of the 2007 Maryland-
India Business Roundtable’s
“Business Innovator of the Year”
Award
Business
Founder, Unatek, Inc.
Founder, IntrusionOnline, Inc.
Member, Federal Facilities
Management Board
Member - Advisory Board,
Dr. Charles Iheagwara, a Cyber security expert is the
Chief Marketing and Business Development Officer of
Unatek, Inc. a US government Information Technology
contractor located in Largo, Maryland. In this role, he is
responsible for all marketing and business development
efforts in the company.
Prior to assuming the current position, he was the Chief
Technology Officer responsible for the company’s
enterprise technology roadmap, development programs
as well as consulting engagements for corporate clients.
He led business development efforts with several notable
successes including the elevation of the company as a US
government prime contractor from its previous obscure
subcontractor status and the expansion of corporate
consulting services and workforce. He also led corporate
relations development initiatives that resulted into the
formation of strategic alliances and partnerships with
several leading technology companies such as Northrop
Grumman, SAIC, KPMG, and Thompson, Cobbs,
Bazilio and Associates (TCBA), etc.
Previous employment include stints at the Office of the
Chief Technology Officer (OCTO), DC Government,
Lockheed Martin, Aligned Development Strategies, Inc.
(ADSI) and Edgar online, Inc.
As a consultant at OCTO, he was responsible for the
management of the District of Columbia Computer
Emergency Response Team. At Lockheed Martin, he was
the lead consultant for the Enterprise Information
Systems next generation intrusion detection systems re-
engineering project, as director of IT security services at
ADSI, he managed the INFOSEC program of the District
of Columbia HIPAA privacy project for the TCBA –
ADSI – Bearing Point contractor group, and as a systems
security administrator at Edgar online worked on
10
TransGlobal Business Systems corporate and NASDAQ Online Web services /Internet
portal IT security programs.
He held adjunct professorial positions at Universities in
the Washington, DC metro area between 2002 and 2007
and has published more than forty (40) papers in refereed
international technical and scientific journals and
conference proceedings. A Licensed Professional
Engineer and an internationally known technology
researcher whose work is widely quoted, Dr. Iheagwara
is a sought after speaker at several industry conferences.
Chief Technology Officer, Unatek: Mitchell Wu
Education
M.S. (Computer Science), John
Hopkins University
B.S. (Psychology), Taiwan Cheng
National Chinching University
Sun Certified Programmer for Java
2 Platform 1.4
Applera Milestone Award for
contribution to gene discovery,
sequencing, assembly, annotation
and patent filing.
Mr. Wu brings 15+ years experience in identity
management, security engineering, project management,
architecture design and system development in web
environment, systems development and enhancement. He
has a solid track record of managing and working in
multi-disciplinary teams.
He brings experience under Windows/Unix using Oracle,
IBM, and Microsoft technologies: .NET, C/C++, C#, XML,
Windows 200X and MS SQL Server 2000, Oracle 9i, Java,
Unix, MS Project, Visio Rational Suite, DB2, PKI
Technology and Entrust Solutions.
Director of Marketing, Unatek: Karen Alston
Bachelors Degree in Business
Administration and Finance from
Howard University, Washington,
DC
In her role as Unatek’s Director of Marketing & Business
Development, Ms. Alston oversees corporate marketing
activities and charts a road map for business development
activities.
Ms. Alston has a demonstrated ability to position products
and services for growth, and is well versed in complex
marketing, finance and project management that enables
successful brand strategy development with a focus on
profitability. Ms. Alston has a proven track record in
strategic positioning, creative conceptualization, leadership
and the ability to build and maintain strong client
relationships.
Ms. Alston founded the award winning Washington, DC -
based ALSTON Marketing Group that specializes in
contemporary boutique marketing and communications,
advertising and market research consultancy.
Previous employment includes stints at AOL (division of
AOL TIME WARNER) Dulles, VA where she managed the
strategic relationship of several high level national accounts;
VIPdesk.com Inc., Alexandria, VA where she managed two
national accounts (Citibank and Diners Club) with an annual
contract value of $5,000,000; MBNA America Bank, Hunt
11
Valley, MD where she managed a team of thirty-five
marketing representatives and two assistant managers and JP
Morgan Chase Newark, DE where she was the Operations
Specialist for Corporate Actions.
SECTION 5: CAPABILITIES (RESPONSE TO RFI SECTION IV)
Please indicate whether your company is able to provide any or all of these services:
S # Pre-Incident Services: Unatek
Response
1 Incident Response Agreements – Terms and conditions in place ahead of time to allow for quicker response in the event of a cyber-security incident.
Yes
2 Assessments – Evaluate a State Agency’s current state of information security and cyber-security incident response capability.
Yes
3 Preparation – Provide guidance on requirements and best practices. Yes
4 Developing Cyber-Security Incident Response Plans – Develop or assist in development of written State Agency plans for incident response in the event of a cyber-security incident.
Yes
5 Training – Provide training for State Agency staff from basic user awareness to technical education.
Yes
Post-Incident Services:
1 Breach Services Toll-free Hotline – Provide a scalable, resilient call center for incident response information to State Agencies.
Yes
2 Investigation/Clean-up – Conduct rapid evaluation of incidents, lead investigations and provide remediation services to restore State Agency operations to pre-incident levels.
Yes
3 Incident response – Provide guidance or technical staff to assist State Agencies in response to an incident.
Yes
4 Mitigation Plans – Assist State Agency staff in development of mitigation plans based on investigation and incident response. Assist State Agency staff with incident mitigation activities.
Yes
5 Identity Monitoring, Protection, and Restoration – Provide identity monitoring, protection, and restoration services to any individuals potentially affected by a cyber-security incident.
Yes