this is not business-as-usual

this is rock-and-roll

capabilities collection

what we do

CONTACT

US!

What’s yourMISSION?

SOFTWAREENGINEERING

CYBER SYSTEMSENGINEERING

CYBERSECURITY

DEVOPS

USEREXPERIENCE (UX)

DATA & INFORMATION VISUALIZATION

1.

2.

3.

5.

6.

4.

we create secure systems that deliver a brilliant user experience and help our clients be great at what they do.

wilco@foxtrotdivision.us

softwareengineering

wilco@foxtrotdivision.ushttp://foxtrotdivision.us

�•��DevOps�Methodology��

•��Application�Assurance

•���User�Experience�(UX)

•��Defensive�Coding

•��Open�Source�Software�Support

STANDARDS EXPERTISE

• Software Assurance Maturity Model

(SAMM)

• Capability Maturity Model Integrated

(CMMI)

AUTOMATIONWe� provide� custom� software� to�automate�the�routine�and�streamline�workflows,� allowing� teams� to� spend�more�time�on�value-added�activities.

INTEROPERABILITYWe� create� the� “glue”� that� allows�multiple� heterogeneous� systems�to� communicate� with� each� other,�maximizing�IT�investment�value.

MISSION SUPPORTWe�create�custom�software�that�helps�our�clients�accomplish�their�mission,�from� cyber� defense� analytics� to�logistics�and�property�management.��

Writing code is our passion. Creating secure systems that function as intended and deliver a brilliant user experience is our purpose.

Delivering value Early and OftenOrganize requirements� into� functional�stories� with� short� development� times.� � Bake� in�security�along�the�way.

Refine concepts into�verifiable�requirements.�

Plan User Experience (UX) by�understanding� users,� workflows,� and�objectives.

Release functionality � incrementally,�as�it�is�developed,�tested�and�verified.

Validate functionality � by�obtaining� feedback� from� users� and�stakeholders.� � Is� it� really� what� the�users�want�and�need?

for (int i = today; i < endOfTime; i++) { goFurtherAndFaster(yesterday);}

CYBER SYSTEMS

wilco@foxtrotdivision.ushttp://foxtrotdivision.us

•���Systems�Engineering�&�Technical�

Assistance

�•��Agile/DevOps�Methodology��

•���Full�System�Development�Life�Cycle�

Support

STANDARDS EXPERTISE

• Software Assurance Maturity Model

(SAMM)

• Capability Maturity Model Integrated

(CMMI)

• Project Mgmt Body of Knowledge (PMBOK)

• International Council on Systems

Engineering (INCOSE)

• National Institute of Standards &

Technology (NIST)

ENGINEERING

Basic�to�advanced�technical�support�for�all�components�of�the�system.

SUPPORT

Establishing�systems��to�maintain�and�disseminate�project�knowledge�and�intel-ligence;�giving�stakeholders�info�they�need,�when�they�need�it.

KNOWLEDGE MGMT

Coordinating�system�deployments,�equipment�movements,�and�prop-erty�mgmt.

LOGISTICS

Analysis�and�management�of�requirements�through-out�the�life�cycle.

REQUIREMENTS MGMTStreamlined�change�and�version�control�for�rapid�integration�of�changes.

CONFIGURATION MGMT

Automated�verification�and�regression�testing.

TESTING & VERIFICATIONAgile�development/integration�of�system�components�focused�on�delivering�value�early�and�often.

ENGINEERING

Continuous�monitoring�of�risks�to�project�cost,�schedule,�scope,�and�

performance.

RISK MGMT

Application�of�regulatory,�statutory,�and�organiza-

tional�security�requirements;�automated,�continuous�

compliance�monitoring�and�assessments.

CYBER SECURITY

The project is itself a system, composed of many moving parts...hardware, software, people, processes, support systems.

Everything is connected. Everything matters.

REQUIREMENTS

MGMTCONFIGURATIONMGMT

CYBER SECURITYRISK MGMT

ENGINEERING

TESTING & VERIFICATION

LOGISTICS

SUPP

ORT

KNOW

LEDGE

MGMT

PROJECTMGMTDE

VOPS

deliver value early & often

QUALITY ASSURANCE verify delivered value meets standards

CYBERSECURITY

wilco@foxtrotdivision.ushttp://foxtrotdivision.us

DEFENDABLE by design

�•��Application�Assurance

•���Automated�Implementation,�

Assessment,�and�Monitoring�of�

Security�Controls

•��Risk�Management�Framework�(RMF)

•���Full�Security�Life�Cycle�Support

We don’t check boxes. We don’t shuffle paper.

We secure systemsand�that�includes�people,�processes,�and�nuts-and-bolts�engineering.

Our risk-based approach focuses on a thorough technical understanding of the system and its operating environment, its threats and vulnerabilities, and the

proper application of security controls based on risk tolerance.

MALICIOUS ACTORS

NATURAL DISASTERS

NON-MALICIOUS ACTORSIndividuals�may�inadvertently�cause�a�compromise�by�act�or�omission.

Hurricanes,�tornadoes,�lightning,�and�other�natural�events.

Malicious�actors�with�means,�motive,�and�opportunity.

Understand the SYSTEM.First,�we�must�understand�the�system�by�identifying the types of information�received,�processed,�stored,�and/or�transmitted�by�each�component.

Personally�Identifiable�Information�(PII)

Other�Information�Requiring�Special�Protection

Sources�and�Methods��Information�(SAMI)

Health�Information

Financial�Information

SOFTWARE PEOPLE

HARDWAREEmissions,�HVAC/

power�limitations,�no�redundancy,�lack�of�

port�security...

Lack�of�training,�social�engineering,�human�error,�improper�use�of�removable�media...

Lack�of�input�validation,�code�

defects,�lack�of�error�handling...

PROCESSESImproper�change�control,�insufficient�testing,�lack�of�patch�mgmt...

Understand the THREATS. Understand the VULNERABILITIES.

Apply the SECURITY LIFE CYCLE.CATEGORIZE

SYSTEM

SELECT SECURITY CONTROLS

IMPLEMENT SECURITY CONTROLS

ASSESS SECURITY CONTROLS

AUTHORIZE SYSTEM

MONITOR SECURITY CONTROLS

We�leverage�custom�software�and�off-the-shelf�tools�to�rapidly�implement,�assess,�

and�monitor�security�controls.

wilco@foxtrotdivision.ushttp://foxtrotdivision.us

�•��Custom�Workflow�Automation��

•���Versatile�team�members�doing�more�

with�less

•���Using�tools�and�collaboration�to�build�

better�systems,�faster

DEVOPSthe revolution will be automated...

OPERATIONS

STAKEHOLDERS DEVELOPMENT

USERS

Fund it. Create it.

Use it.Maintain it.

PEOPLE PROCESSES

TOOLS

Our�DevOps�approach�seeks�to�seamlessly�integrate�PEOPLE,�PROCESSES,�and�TOOLS�to�reliably�deliver�high�quality�systems,�faster.

AUTOMATION SUPPORT SYSTEMS

AUTOMATED HARDENING

AUTOMATEDBUILD & INTEGRATION

HARDEN BUILD VERIFY DEPLOY

We�create�custom�software�to�provide�secure� system� configurations� in� a�repeatable� manner� (that� don’t� brick�the�box).

We� use� off-the-shelf� software� to�continuously� build� and� integrate�changes�into�the�system�baseline.

AUTOMATED VERIFICATIONWe� create� automated� test� cases� to�verify�new�builds�meet�requirements,�and�don’t�break�the�baseline.

AUTOMATED DEPLOYMENTWe� use� centralized� management�tools� to�push� changes� to�production�systems.

DEVELOP BUILD

TEST & VERIFYQADEPLOY

OPER

ATE real-time collaboration & awar

enes

s

Centr

alized DEVOPS tools

CONT

INUO

US FE

EDBA

CK

R

APID RESPONSE TO CHANGE

wilco@foxtrotdivision.ushttp://foxtrotdivision.us

�•���UX�Designed�for�All�Participants�in�the�

System��

•���Structured�Process�to�Implement�

Effective�UX

•���Continuous�Feedback�for�Effective�

Process�Improvement

UXuser experience

Users matter most.Period.

WHO WE ARE DESIGNING FOR

CONTENT NAVIGATION FUNCTION FORM

Will�it�help�me�do�my�

job?

Will�it�be�easy�to�use?

Will�it�be�available�when�I�need�it?

How�often�will�it�need�human�intervention?

Will�it�integrate�with�tools�I�already�

use?Will�patches�be�available�in�a�timely�manner?

Will�it�be�secure?

What�business�metrics�will�be�available?

Will�it�add�value�for�our�users?

The Elements of User Experience (UX)

One�of�our�first�objectives�is� to� understand� and�logically� organize� the�data� and� information�stakeholders� need� to�perform�their�mission.��

We� design� an� effective�navigation� structure� to�ensure� stakeholders� can�find�what�they�are�looking�for�quickly,�easily,� and� in�a�repeatable�manner.

What�must�the�system�do?�We� seek� to� understand�how�each�stakeholder�will�use�the�system,�and�what�actions�they�need�to�take�to�perform�their�mission.��

The� appearance� of� each�component� is� designed�to�be�intuitive,�add�value,�and�have�logical�meaning�with� the� context� of� the�larger�system.

When designing a UX, we consider the wants, needs, and concerns of all participants

MAINTAINERS OWNERSUSERS

wilco@foxtrotdivision.ushttp://foxtrotdivision.us

�•���Custom�Dashboards�for�Business�

Analytics

•��Cyber�Defense�Watch�Consoles

•���Real-time�Project�Status

•��Intelligence-Oriented�Reporting DATA & INFORMATION

VisualizationRevealing the intelligencebehind the data.

We use design to reveal the truth in data. The truth about what’s happening now, what’s happened in the past, and what’s likely to

happen in the future.

G NORMAL (G) +/-�15%�from�goal

Y CAUTION (Y) +/-�16-31%�from�goal

O WARNING (O) +/-�32-50%�from�goal

R CRITICAL>50%�from�goal

INTELLIGENCE-ORIENTED DESIGNOur� design� focuses�on� presenting� the�most� concise,� factual�data� to� facilitate� rapid�analysis� and� response�by�stakeholders.�

How�is�the�project�doing?

Botnet�ActivitySubnet�HRIP: 192.168.10.2>> ACTIONS

What’s�happening�on�the�

network?

Custom dashboards and visualizations designed to help our clients be great at what they do.

WARNING CRITICAL

REAL-TIME STATUS.BASED ON REAL DATA.

RISK MATRIXHighly�Likely

Likely

Somewhat�Likely

Unlikely

Highly�Unlikely

LOW MODERATE HIGH

What�are�the�risks?

ScheduleG

CostO

ScopeY

PerformanceG