Case Study – Security Control

by Jamil Evans Dec 10th, 2019 Business Software Technology


The Challenge:

If you work as a security officer in private industry or many government agencies, chances are you are responsible for multiple security domains, to include personnel security, industrial security, incident management, operations security, foreign disclosure, and insider threat for your entire organization. The current management tools for these areas are generally paper files, excel spreadsheets, SharePoint sites, email inboxes, and at best multiple stove-piped and antiquated software solutions. This leads to time lost searching for and providing information. The disconnection of systems has institutionalized inefficient processes that create additional work for each specialist handling a transaction. In a surprising large number of cases, inaccurate or absent data entry has led to missed handoffs, lengthening the clearance processing time, which hits an organization’s bottom-line unnecessarily. In the most heartbreaking cases, these organizations lose their ability to hold classified contracts completely due to non-compliance with the NISPOM (view pdf here) and failed inspections.


The Approach:

Evans & Chambers, in partnership Industrial Security Integrators (IsI), designed and developed Security Control to be the market leader in the industrial security software sector.  Security Control is a cloud-native SaaS solution for industry and government that centralizes all aspects of industrial security to include modules for classified contracts, personnel, secure facilities, safes, classified materials, visits, incident management and insider threat. Our product notifies security officers and clearance holders of actions necessary to remedy issues to stay in compliance with security and agency policy directives. Rather than require security officers to hunt down employees for annual training via email and phone, Security Control assigns actions items to employees within the application. Users then click the email link to launch an employee portal to view their action items and complete them.

For incident management and insider threat, Security Control offers submission forms enabling employees to report their incident along with supporting details and attachments. The entire submission is then routed to the supervisor, security officer, insider threat personnel security officer (ITPSO), and any key personnel within the organization, as required by your organizational policies. Finally, a simple export is needed to provide the report to the relevant government authorities.

Security Control’s latest feature is automated DCSA self inspections. Prior to this breakthrough feature, organizations would spend up to a month emailing an MS Word questionnaire around to key corporate personnel, and approximately 15% of your cleared workforce.  This process requires each recipient to answer a subset of questions. After herding cats to get the questions answered, and verifying accuracy and completeness, the data would be manually compiled into a coherent report with a cover letter and made available to DCSA with the hopes that it would fit compliance requirements. Security Control’s automated self inspection feature with workflows enables the security office to complete this entire process accurately in just a few clicks.

Security Control was built on the Amazon Web Services GovCloud regions with a security-first approach. Our product offers both SaaS and on-premise versions. The SaaS option ensures data isolation and integrity without requiring dedicated hardware. Our Multi-tenant architecture balances security with cost-effectiveness by segmenting customer information via unique databases per tenant while also employing auto-scaling through multiple web servers that share customer computational workloads. Private subnets are used to keep customer data secure and prevent any unauthorized access. Security Control is in the process of achieving a FedRAMP moderate compliance level.


The Results:

Industrial Security Integrators, our strategic partner, came onboard as our first client in 2017. Together, we migrated 4,000 personnel clearances from over 200 Federal government contracting firms into the system. Today, our product has achieved a client base of 14,000 employee personnel clearances and over 550 Federal Government contractors. As Security Control continues to grow, the number of clerical errors and time lost during the clearance process will continue to decrease. We are committed to staying ahead of the compliance curve through the production of innovative new features as DCSA continues to add more regulations to the NISPOM. Through these efforts, we are excited to be recognized as a leading contributor in helping our clients achieve and maintain their levels of security, efficiency, and compliance.

No Comments »

Evans & Chambers Increases Engagement at Broccoli City Festival via iOS App

by Cedric Craig May 11th, 2016 Business Mobile Software Technology

On April 30th, 2016, the fifth annual Broccoli City Festival was held at the Gateway DC in SE Washington, DC. This is the first year that Evans & Chambers has had the privilege to partner with the Broccoli City Festival, a 501(c)3 non-profit organization that works to highlight accessible ways that people can live healthier lifestyles in an environmentally sustainable way. As the organizers of the festival explain it, Broccoli City Festival is more than just a music festival, but it is a unique experience where pop culture, health and environmental sustainability are celebrated together.

IMG_2058 This year Evans & Chambers was able to further Broccoli City’s mission of attendee engagement by developing and deploying the official Broccoli City Festival app which was available as a free download for iOS from the Apple App Store. The app was able to add an additional layer of interaction to the festival as festival goers now had the ability to receive exclusive information on the performing musical artists, locate food trucks and vendors, view a unified social media feed that aggregate fan posts to Twitter, Instagram and Soundcloud via the #BCFEST hashtag, and many more features.

When Evans & Chambers was approached to create this app exclusively for the festival, we proposed a multi-phased approach to delivering the Broccoli City Festival app in time for the April 2016 festival with additional features to be released during the rest of the 2016 calendar year. The codebase for the app was developed as an iOS-only application on the Xamarin Studio (recently acquired by Microsoft) with a custom API back-end coded in ASP.NET and hosted the Microsoft Azure cloud network.

During the days leading up to the festival and on the day of the festival, the app received a good amount of traffic from users. As of May 2, 2016 the app received 2,018 downloads, with 594 downloads occurring on the day of the festival. As of May 3, 2016 the app also received 3,014 views, with 1,009 views occurring on the day of the festival. With over 13,000 people in attendance at the festival, these numbers account for almost 10% of the entire crowd.

No Comments »

Fluent Conference 2014

by Jamil Evans May 12th, 2014 Software Web

Every developer at EC gets to attend a training of their choosing, and this year, I again chose to attend the Fluent Conference in San Francisco.  Being a JavaScript developer, I think this is the best place to see the latest developments in the community and create my own syllabus for things I need to learn over the year.   Held sometime in Spring, the venue moves to a different location in the city, but the overall format remains the same — 3 days of sessions and workshops on JavaScript and HTML5 (aka The Web Platform).

My favorite sessions:
• Express.js and Node.js workshop — a look at MVC in server-side JS, supplanting server-side frameworks like Spring MVC and Struts.
• Ember.js vs Angular vs Backbone — a quick comparison of the 3 most popular JS MVC frameworks for building Single Page Apps. Conclusion: I need to do more research on my own.
• Web Components and Polymer — still in the early stages, but the most exiting new framework in JS.
• JavaScript and Unicode — an illuminating look at an oft overlooked topic … but perfect for a conference session, because it’s not casual reading material.
• SVG — a tutorial on plain SVG, something of a refresher from a year ago when I had to used Raphael.js, a charting/drawing library for JS.

Some lessons learned for tech conferences in general: Note taking with Evernote on a laptop is a lot easier than using a Tablet, like I did previously.  And a laptop is required for the workshop hands-on sessions.  Expect the conference Wifi to get overwhelmed, so download anything you’ll need for the workshops beforehand.  Don’t pick a session on the title alone, they can be misleading.  Do read up on topics beforehand, follow the twitter feeds/blogs of speakers to get links to slides, and follow the official conference twitter hashtag during the conference.  Put the code you write at the workshop in Dropbox so it’s available for review at work the following Monday.

Putting things in perspective, it was amazing to see the amount of innovation happening in the Web Platform community.  Coming from a Java background, the Javascript community is still evolving, but for Browser development, already outperforms competing approaches I’ve worked with in the past.

No Comments »

EC’s ‘By Developers, For Developers’ Ruby on Rails Training Program

by Jamil Evans Apr 30th, 2014 Software

Our DHS customer was using ColdFusion to build web applications. ColdFusion is known for rapid prototyping and can build systems quickly without a lot of coding. It was very popular in the early 2000’s but with the outgrowth of other open source languages and tools like Java, PHP, and Ruby on Rails, there are now more cost effective ways for rapid application development.

A GAO report showed that our customer needed to promote sound program management to reduce cost and schedule slip for a growing IT portfolio, so they adopted an open architecture strategy with regular project control gates to monitor cost, schedule, and performance. An open architecture was chosen to minimize license costs and reduce product delivery time. As part of this strategy, Senior leadership decided on the popular Ruby on Rails framework for software development.

Evans & Chambers Technology’s developers work with a range of technologies, including ColdFusion and Ruby. When we heard that the Government was looking to make the switch to Ruby, we developed a custom Ruby on Rails training program. Besides boosting developers’ marketable skills, we wanted to help our customer save time and costs by “training up” their current development staff rather than hire new talent.

So, we sent out a survey to on-staff developers to ask them what areas they wanted help in so that we could tailor the training. Developers were already familiar with coding environments, so we developed a four-hour training session that included presentations, ands-on demonstrations, and practice. Approximately 20 developers from Government and Contractor personnel attended our training and even our customer’s leadership dropped in to learn about Ruby. One of our very own Ruby on Rails experts delivered the training, and many attendees appreciated the “by developer, for developers” instructional approach.

Our customer was very satisfied with the training, and we received great feedback from developers. Their questions were answered and EC was requested to come back for a second session!

1 Comment »

Public vs. Private Agility

by Jamil Evans Nov 7th, 2012 Software


The way an IT project is managed can determine whether deployment happens on time, within budget, and with its expected functionality. IT projects can be risky and incur cost overruns and schedule slippages, but a well-run project minimizes these issues. The Agile Methodology isn’t the only management method, but it’s increasingly becoming the preferred approach to IT acquisition for buyers in both the private and public sectors.

The most differentiating feature of the Agile method is the development of incremental pieces of system functionality in defined “sprints,” all the while collecting regular customer feedback. During the development phase, an Agile team will probably collaborate daily and will work together to solve problems.

The method, sometimes resembling more of a philosophy than a process-driven approach, calls for shortened delivery lead times and has four distinct principles:

  • Value individuals and interactions over processes and tools.
  • Value working software over documentation.
  • Value customer collaboration over contract negotiation.
  • Value response to change over following a plan.

Across both public and private sectors, use of this method is generally increasing.

A recent State of Agile Development Survey was conducted by VersionOne. This software company polled Project Managers, Developers, Team Leads, and other IT staff from a variety of organizations. 60% of repondents reported that their projects use the Agile methodology, and 80% responded that their organizations as a whole have adopted the methods. 84% indicated that implementing Agile improved their ability to manage changing priorities.

Respondents also identified a few barriers to Agile Adoption: That it requires a change in organizational culture, personnel with the right skills, management support, and is sometimes prohibited by project complexity.

In the public sector, unique challenges emerge, as reported by a recent study published by the United States Government Accountability Office (GAO). Officials from the Department of Commerce, Department of Defense, Department of Veterans Affairs, Internal Revenue Service, and National Aeronautics and Space Administration identified these major challenges to Federal Agile adoption:

  • Team culture makes it difficult for the team to collaborate and transition to self-directed work.
  • Agencies had trouble committing staff to more timely and frequent input.
  • Technical environments were difficult to establish and maintain.
  • Procurement practices do not support the flexibility required by Agile.
  • Federal oversight bodies want status reports and statistics at waterfall-based intervals, which may not align with Agile’s delivery of demonstrations of working software.

The same respondents identified several effective Agile practices:

  • Start with Agile guidance and an agile adoption strategy.
  • Continuously improve Agile adoption at both project and organization levels.
  • Seek to identify and address impediments at the organization and project levels.
  • Obtain stakeholder/customer feedback frequently and closely.
  • Empower small, cross-functional teams.
  • Gain trust by demonstrating value at the end of each iteration.
  • Track progress daily and visibly.

What is your experience with Agile Methods? Have you been a team member of successful or unsuccessful Agile teams? Tell us your tale in the comments!

No Comments »

Software Engineers Have the Best Jobs!

by Jamil Evans May 15th, 2012 Software

Considering a career in tech? Give Software Engineering a closer look – CareerCast’s annual study ranks 200 jobs from best to worst, and this year, Software Engineering came out on top! No surprise there – many of Evans & Chambers’ software engineers love their jobs – here’s what one of our developers had to say about it:

“I like that my job is laid back and fun.  It’s like doing a giant sudoku puzzle every day.  It’s challenging and feels really good when you’ve completed your tasks.  You also usually know when you’re done (unlike when writing a paper).  You can obviously always make things better, but things either work or they don’t.”

That makes a pretty good case, but the CareerCast study was more than just anecdotal. The study factored physical demands, work environment, income, stress, and hiring outlook in its rankings by assigning scores for each category to individual jobs. When added together, these scores provided the total overall score used in the rankings.

With an overall score of 176, software engineering captured the number one spot for the low physical demand and comfortable work environment. Although tight deadlines, product releases, and hitches in a project can increase the engineer’s stress level, it was comparatively ranked very low in consideration of those jobs that are life-threatening, hazardous, require a lot of physical demands or travel, or involve a lot of publicity. The hiring outlook is also fairly high, based on a complex analysis of data from the Department of Labor on employment growth, income growth potential, and unemployment.

Software engineering is also a lucrative career: with a median income level of $88,000 and max of $133,000, a software engineer might increase his salary by 142% over the course of his career.

Here’s how some other popular careers ranked:

5 Best Jobs of 2012
Software Engineer
Human Resources Manager
Dental Hygienist
Financial Planner

5 Worst Jobs of 2012
Dairy Farmer
Enlisted Military Soldier
Oil Rig Worker
Newspaper Reporter

No Comments »

EC Labs is Building a Mobile App

by Jamil Evans Jan 31st, 2012 EC Labs Mobile Software

Bookbook ScreenshotIt’s official.  Our EC Labs team is building a mobile app, and we’re really excited about it.  Our first mobile app project is currently called “Bookbook.”  A company called Twelve South already picked this name for their unique MacBook and iPad cases, so it’s not that unique of a name after-all and will probably be changed.  Who knew?  On top of that, Facebook’s legal policy won’t allow me to register this app for the Facebook API because Bookbook sounds a little too close to Facebook:

You will not use our copyrights or trademarks (including Facebook, the Facebook and F Logos, FB, Face, Poke, Wall and 32665), or any confusingly similar marks, without our written permission.

We’re so not interested in fighting that battle with Facebook.  Moving on.

What does Bookbook do, you ask?  Bookbook is the brainchild of our marketing analyst and social media puppet master, Nicole Tripodi.  Being an avid reader, Nicole dreamed up a Foursquare-style app allowing her to keep tabs on what her sister is currently reading, and vice-versa.  An app like this enables that interaction via the concept of “virtual book clubs,” making the act of reading a very social activity for readers across the world.  Think about it: for generations, readers have enjoyed reading books, discussing books, arguing about themes and ideas, criticizing books, recommending great books, and even fraternizing over a common love of reading. But it hasn’t always been easy to convince your friends to read the books you want to read (The Finer Points of Sausage Dogs by Alexander McCall Smith? Anyone?), or to find tailored recommendations for books you’d really enjoy.

As the first step of project planning, we felt it was extremely important to follow agile methodology precepts by defining a product vision statement.  A clear and strong vision statement will help us focus on delivering the best product, minimizing scope creep and analysis paralysis.  Here’s the vision statement we came up with:

Develop a mobile app for avid readers who want to share their perspectives on books, gather perspectives of others on books they are reading, and find new books to read through shared experiences. Bookbook is a social media app for tablets that connects readers.  Unlike other mobile check-in applications, our product focuses solely on checking into books with a delightful user experience that is above the competition.

We’re excited about kicking off the first sprint in this month.  Stay tuned for updates on the project!

No Comments »

Predictive Software May Forecast Crimes

by Jamil Evans Jul 20th, 2010 Software

Last week, I attended the NIJ Conference 2010 and sat in on a fascinating session: “How Predictive Policing is Changing the Law Enforcement Landscape.” Predictive Policing has interested us at Evans & Chambers for some time. We do a lot of work with law enforcement agencies, and Predictive Policing is the newest movement in policing and is the marriage of law enforcement and technology.Think for a moment of old police shows and movies in which police officers use pushpins and a big wall map to visualize the locations of previous crimes. This is the traditional method of policing: manually analyzing past events and looking for patterns to emerge. The new methods use the past events, too, but new software and technologies can be used to predict areas where future events might occur. This allows officers to focus attention in those “hot spot” areas, with the goal of focusing police efforts in the hot spot area and perhaps catching the criminal in the act.

At the Conference, Lieutenant Raymond Guidetti, Manager of the Regional Operations Intelligence Center, New Jersey State Police, explained how the predictive software operates and talked about successful applications of this software in New Jersey.The software combines areas of interest, past events, and factor data to determine the future hot spots where crime is more likely to occur. Factor data comes mainly from open-source data, and might be information about how far a robbery occurred from a landmark like a bar, bus stop, or even fire hydrant. The software then finds other areas on the map with “geospatially similar” features, which may be used to predict a higher likelihood of crimes in that area.This process has been successfully used to predict shootings in Jersey City, NJ. Jersey City officers plotted previous shootings on a map, and ran an assessment using predictive software. The software highlighted areas with geospatially similar features, highlighting the hot spots that indicate a higher likelihood of future shootings. Police were then able to allocate resources to those areas indicated by the software. In order to test the accuracy of the hot spots, the next three instances of shootings were plotted on the map. All three were located in the hot spot areas indicated by the predictive software. In one particular hot spot, no previous shooting had occurred. Without the software’s identification of the area as a hot spot, the police would have had no reason to suspect that a future shooting would occur.There are quite a few other success stories of the software’s accuracy in Philadelphia, PA and in cross-county commercial robberies in New Jersey. This research is promising for the future of law enforcement and Predictive Policing. Evans & Chambers will continue to follow the latest news as Predictive Policing technology develops.

No Comments »