SecureInfo President and CEO Christopher Fountain leads a team in the high stakes area of cybersecurity. Fountain recently spoke with ExecutiveBiz about his work at SecureInfo and the company’s recent acquisition by Kratos Defense and Security Solutions.
Fountain also addressed his congressional testimony regarding the Federal Information Security Management Act, company growth and the relationship between cloud computing and cybersecurity.
ExecutiveBiz: What first brought you to SecureInfo and what do you enjoy most about working for SecureInfo?
Christopher Fountain: My original connection to SecureInfo was through Insight Venture Partners, a private equity firm based in New York. In February of 2006, I was asked by the company’s board of directors to do some consulting work. After working as a consultant for a few months, I was asked to consider joining the company as its CEO, which I did in July of 2006.
I work with a team of very good people. In this business it’s really all about the people. Through our work, I’ve had the pleasure to get to know a large number of government agencies and industry leading commercial organizations.
There are high stakes associated with our work. We’re talking about protecting mission critical information assets. Our focus is always on helping our customers protect the information assets that play a key role in meeting mission objectives – whether that mission is a command and control or citizen service mission. I am honored to be part of a team of people who takes this job very seriously and focuses on doing the best job possible.
ExecutiveBiz: How does a company differentiate itself to the federal customer in a competitive marketplace?
Christopher Fountain: Companies may take different approaches to differentiation. The key word for us is focus. We’re exclusively focused on providing cybersecurity services; and because of that focus, we are able to offer very deep subject matter expertise. Our focus allows us to recruit and retain some of the best people in the cybersecurity business.
One clear example of what this focus means in terms of our ability to differentiate ourselves is evidenced by the breadth of our experience. We’ve dealt with a variety of environments and systems of all types, including large-scale applications, highly classified land-based and terrestrial networks, cloud computing solutions, supervisory control and data acquisition systems, unmanned aerial vehicle platforms and many other types of systems.
ExecutiveBiz: What has changed since Kratos acquired SecureInfo?
Christopher Fountain: We were acquired in November 2011. Kratos is focused on providing national security solutions to the government and critical infrastructure industries, making it a great cultural fit for SecureInfo. We remain a highly focused business with Kratos, but we get the advantage of leveraging the resources of a much larger company.
With approximately $1 billion in revenue, Kratos is a successful high-growth enterprise and has a far greater reach than we had as an independent company. This gives us an opportunity to tap new customer relationships. For example, we have not historically done a large amount of business with the U.S. Navy; however, Kratos has a strong relationship with the Navy. We are now in a position to work with other businesses within Kratos to meet these customers who can also benefit from the services we offer.
Another really interesting area for us is what Kratos calls the public safety and security business. SecureInfo, as an independent company, had started to do work providing cybersecurity solutions to the critical infrastructure industries. The Kratos Public Safety and Security business is a leading provider of physical security solutions to these industries. Kratos supports the New York Port Authority, key properties on the World Trade Center Site and New York City’s Metropolitan Transit Authority. All these entities and more have a cybersecurity requirement in addition to the physical security requirements being met by Kratos.
The critical infrastructure cybersecurity opportunity is growing due to pending legislation on Capitol Hill. Bills have been introduced that deal directly with the critical infrastructure and what the government’s role should be to ensure that critical infrastructure is properly secured. As a result, these organizations are increasing their focus on the security posture of their information assets.
Another important area is satellite communications which is an increasingly attractive target for both intentionally hostile attacks and inadvertent interference. Kratos recently acquired Integral Systems, which presents us a great deal of opportunity to work with those teams.
ExecutiveBiz: What are other growth areas for the company?
Christopher Fountain: We continue to see growth opportunities within our core customer base: the U.S. Air Force, the U.S. Army and the Department of Homeland Security. We also foresee very strong growth across the critical infrastructure industries.
The other major growth area where we realized very high growth in 2011 is in cloud computing security work. We have ongoing work providing very large and prestigious cloud computing solution providers with information security services. These companies offer infrastructure-as-a-service, platform-as-a-service and software-as-a-service solutions to the federal market. We also provide services to a number of smaller software companies that offer SaaS point solutions. That whole area is exploding with the government’s push for cloud computing. The biggest concern about the use of cloud computing solutions is security; and we’re able to help address that concern.
ExecutiveBiz: Did you see the fruit of the suggestions you made when testifying about FISMA?
Christopher Fountain: One of the key things I said is that while FISMA could use improvement, you should be careful not to knock out the good things about FISMA in the process. The bill I testified about was suggesting that a new national office for cyberspace be created in the White House. I suggested leveraging the cybersecurity organizational capabilities that exist today within the DHS. While I cannot say there was a direct immediate impact from my testimony, it is part of the official record and is hopefully something others will consider when drafting or refining current proposed legislation.
ExecutiveBiz: How interrelated are cybersecurity and cloud computing in today’s market?
Christopher Fountain: Cloud and cybersecurity are interrelated from the perspective that cloud adoption is held up by concerns over information security.
The fundamentals don’t change whether you’re securing a cloud computing solution or an internally hosted computing solution. You still need to know where the data is, who has access to that data and how you protect that data – implementing the right information security controls in the right way remains of paramount importance.
One of the challenges in the cloud is that because you are virtualized, you can’t necessarily walk into a room and look at a server and disk array and say, “my data is here.” Securing systems in the cloud may be more complex, but the fundamentals remain the same.
ExecutiveBiz: What role will cybersecurity providers play in the Federal Risk and Authorization Management Program?
Christopher Fountain: The government is in the process of reviewing applications from organizations to determine which organizations are qualified to serve as FedRAMP assessors. This represents an opportunity for commercial cybersecurity service providers.
FedRAMP actually raises the security bar even further than the standard NIST controls by requiring control enhancements. Being very familiar with the base control frameworks and the control enhancements is critical to being an effective assessor.
The premise behind FedRAMP is that once a cloud solutions provider is FedRAMP certified, other government agencies can rely upon that certification when determining whether or not to issue an authority to operate. It ensures a high degree of security and should decrease the burden associated with each government agency doing independent certification work.