Posted by Tyler Chancey, GCFA on

Tyler Chancey is a seasoned cybersecurity professional currently serving as the Director of Cyber Security at Scarlett Cybersecurity Services, With a solid foundation in Computer Software Engineering from the University of Florida, Tyler holds a repertoire of certifications that underscore his expertise. These include the prestigious Microsoft 365 Certified: Enterprise Administrator Expert and Microsoft 365 Certified: Security Administrator Associate, showcasing his mastery in Microsoft's enterprise solutions. Tyler's commitment to comprehensive security is further evidenced by his CompTIA Security+ certification, demonstrating proficiency in core cybersecurity principles. Additionally, his GIAC Certified Forensic Analyst (GCFA) credential attests to his advanced skills in forensic analysis—an invaluable asset in today's complex cybersecurity landscape. Tyler's dedication to staying at the forefront of industry standards is evident in the active pursuit and maintenance of these certifications, making him a trusted authority in the field.

Blog Image Government Cybersecurity

Welcome to our “Government Cybersecurity” series of blogs! These posts emphasize important cybersecurity news, information, and threats relevant to government and educational organizations. Generally, this series will focus more on local and state news, but the topics should be applicable to all forms of public institution. 

A Critical Threat – Cybercrime and Government

Local and state government faces an unprecedented threat. Cybercrime has been steadily targeting critical institutions for the past few decades, growing ever-bolder in attempts to perform espionage and force ransoms. New regulations have been developed by recent administrations with the goal of providing protection around sensitive data and critical infrastructure.

Unfortunately, these requirements can lack clarity for organizations looking to achieve an adequate cybersecurity posture in today’s threat environment. This is where specialist organizations that focus on cybersecurity come into play.

By working with government IT and security leadership, private firms are able to provide comprehensive assessments and services that help protect vulnerable systems from attack.

What is GSA Highly Adaptive Cybersecurity Services?

The Open Market can be a hassle for government purchases – especially when it comes to concepts such as cybersecurity. Fortunately, there is a range of purchasing arrangements setup by local, state, and federal agencies that help enable easier acquisition of services and products.

One of the most popular purchasing arrangement organizations is the General Services Administration or GSA. The GSA’s acquisition solutions include a component called MAS (Multiple Award Schedule) which serves as a list of offerings and services.

The huge advantage of this system is that local, state, and federal organizations can easily acquire services by directly purchasing from the GSA catalog. The GSA eBuy website (linked below) has offerings with fully transparent and pre-negotiated pricing that can be viewed in a catalog format.

One such specialized service under the GSA catalog is the Highly Adaptive Cybersecurity Services, or HACS, SIN. HACS enables organizations to purchase a huge range of expert services for high-demand cybersecurity needs.

A special component of certain GSA schedules is the capability to participate in Cooperative Purchasing which allows services or supplies to be purchased directly by state, local, and educational institutions.

HACS is one such SIN that falls under the Cooperative Purchasing arrangement, enabling a historically limited talent pool (cybersecurity professionals) to expand into local and state services.

What Services Fall Under HACS?

In order to get a better grasp on what kind of benefits are associated with utilizing services under the GSA HACS SIN, the subcategories included within the HACS SIN are outlined below in “everyday” vocabulary.

Summary Directly from the GSA Website for HACS:

“The scope of the HACS SIN includes proactive and reactive cybersecurity services. Assessment services needed for systems categorized as High Value Assets (HVA) are also within scope of this SIN. It includes Risk and Vulnerability Assessments (RVA), Security Architecture Review (SAR), and Systems Security Engineering (SSE). Additionally, the scope of the SIN includes services for the seven step Risk Management Framework (RMF), and Security Operations Center (SOC) services.” (GSA.gov)

High Value Asset (HVA) Assessment

  • Includes Risk and Vulnerability Assessments (RVA), Security Architecture Reviews (SAR), and Systems Security Engineering (SSE).
  • Focuses on providing cybersecurity assessments and recommendations for critical devices within government systems.

Risk and Vulnerability Assessment (RVA)

  • Subcategories: Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing.
  • Provides services that focus on assessing cybersecurity posture within systems.

Cyber Hunt

  • Cybersecurity concept that works on the concept of “the attacker is already inside the environment”.
  • Enables teams to evaluate potentially ongoing attacks or cybersecurity gaps.

Incident Response

A multi-step, regimented process to properly recover from a cybercrime incident.

Penetration Testing

A specialized assessment of the network with simulated, “live” attacks geared towards providing actionable feedback on defensive state.

HACS and Scarlett Cybersecurity

The Scarlett Cybersecurity team is a listed vendor on the GSA HACS schedule. Our team is able to provide services such as high-value asset assessments, risk and vulnerability assessments, penetration tests, cyber hunt services, and incident response to local, state, educational, and federal entities.

We pride ourselves on our status as a Florida Small Business. Our diverse team of experts have hundreds of years of cumulative cybersecurity experience. We focus on clear, concise solutions to the cybercrime problems facing our local and state governments.

Our team is a highly-specialized Florida-headquartered firm focused heavily on the GSA HACS schedule. We are uniquely certified in performing comprehensive, actionable audits on IT and cybersecurity.  

Cutting-edge, Affordable Cybersecurity for Government

We consistently iterate that local, state, educational, and federal organizations should highly consider leveraging pre-negotiated GSA services to improve their IT operations and cybersecurity posture. Several high-profile bills have been passed with the goal of providing millions in funding for cybersecurity upgrades.

Our nation is under a cyber-attack every second of every day – our team is alarmed by the number of stories regarding critical services being disabled. There is a relatively small but passionate community of private organizations that are working to prevent attacks that devastate government systems.

As ransoms soar and espionage gains more importance, attackers will continue to become experts at exploiting vulnerabilities.

Check out the links below to some of the relevant GSA informational and purchasing pages. As always, feel free to contact our team for any questions regarding GSA purchasing!

References:

Share this
Tags
GSA
government cybersecurity
Cybersecurity
HACS

Related Articles

Learn the Three Rules of HIPAA: Essential Guidelines for Security and Privacy

Learn more

Cyberattacks in the Healthcare Sector: Threats, Impact, & Mitigation

Learn more

Nation State Cyber Attack on Local Government

Learn more