Saving Our Customers
Time & Money

Step 1 TELESIS Approach

• TELESIS engineered an organizational change at SBA
• Team participants were trained in Agile fundamentals
• User stories, iterations, and sprints incorporated into open discussions
• Governance framework to support Agile practices
• Self-managed teams, transparency in problem-solving, and rapid releases

Step 2 Agile Transformation

• Implemented a major system overhaul and new technology – movement to Cloud.
• An all-Agile team of certified Agilists (CSM, CSPO, CSP)
• Implemented Scrum, daily stand-ups and iteration planning sessions
• Backlog grooming, reviews and retrospectives
• Adopting aspects of Lean, DevOps and SAFe to maximize team performance.

Step 3 Innovative Steps to Accelerate Development and Delivery

• All-cloud infrastructure on Amazon Web Services (AWS)
• Leveraged Chef for rapid deployment and consistency
• Continuous integration and delivery pipeline using Jenkins, Code Deploy, and scripting
• Automated unit and functional testing
• RSPEC and Selenium to increase product quality; 90%+ automated test

Step 4 Product Launch

• TELESIS developed and delivered a working prototype in six weeks
• Launched the first certification, Woman-Owned Small Business (WOSB) to production in 7 months.
• Applications to the WOSB program increased by 600% during the first month, and US Small Business Administration praised TELESIS for rapid delivery, awarding an “Excellent” rating to the effort.

The Challenge:

TELESIS was tasked with assessing security compliance on CISCO switches and routers prior to the Command Cyber Readiness Inspection (CCRI).

The Solution:

TELESIS provided an automated method of auditing compliance of Cisco switches and routers which resulted in an extremely efficient way of assessing the security posture with a quick review of a dashboard. Telesis offered this new method for scanning and reporting compliance audits on Cisco IOS routers and switches using Tenable SecurityCenter custom audit files and Nessus scanners. The audit files make use of DISA Security Technical Implementation Guides (STIGs) and are built for the specific site with custom modifications made to meet the unique implementation in place.

The method was employed at numerous United States Marine Corps sites. Regional assessments were performed using this new method prior to the site’s Command Cyber Readiness Inspection (CCRI). This resulted in a dramatic reduction in the time required to assess Cisco devices as a majority of the required checks were automated and identified vulnerabilities were remediated rapidly. This allowed the site, at a glance, to gauge the status of their compliance across all Cisco network devices at their installation or region.

The Challenge:

USSOCOM required the ability to test new and improvements to existing technologies in an unrestricted environment on a simulated SOCOM Information Enterprise (SIE). They had limited facilities to test and evaluate not only new technologies but also any improvements to existing technologies in a non-restricted or locked down enterprise environment. Most of the technologies required development of new procedures that are non-existent in the commercial and military arena. This made it difficult to evaluate against any established standards. They were of the opinion that new technology can be selected for evaluation based on the ability to fill gaps in existing programs of record or adding more capabilities to existing technologies. Other challenges were the development of network configurations that would both satisfy operational and security requirements.

The Solution:

The Telesis IDF team, along with their government leadership, reached out to programs of records for their requirements and shortfalls. Once the need was identified the team researched and contacted various venders, to see what they had to offer to fill these gaps. If their product(s) were a viable option the team recommended bringing in the technology, creating test procedures and configurations to assess the requirements. If one stood out as a worthwhile product or software it would be sent up to the SOCOM Integration Facility (SIF) for further testing and secured under Security Technical Implementation Guide (STIG) protocols. Testing was not limited to just fill shortfalls but also included possible new ways of doing business. The results were stored or forwarded to the section that would most likely benefit from the new technology.

The TELESIS Team worked with NAL Research to develop a new firmware for the SHOUT TS device that can natively send and receive limited Command and Control (C2) and Situational Awareness (SA) messages with JBC-P FoS. This firmware uses the Variable Message Format (VMF) 6017A+ message standard that is already in use by JBC-P platforms.

During the testing procedure the Telesis IDF team, when directed, produced manuals, quick reference guides and training curriculums for future implementation into the SIE. The documents were sent with the evaluation reports to the program of record to provide them with a base line for official technical material. The team also provided helpdesk support and training to site personnel either CONUS or deployed locations as required.

Results:

• Supported 25 commands/units worldwide with Wide Area Voice Environment (WAVE) Radio over Internet protocol (RoIP) configuration, training and troubleshooting
• Produced accurate evaluations and documentation so that SOCOM acquired the best products to support the war fighter
• Established the baseline “Best Practices” for implementation of equipment into the SIE
• Designed (with Solidworks) and produced 3D printed products for access point circuit boards, MANET radios vehicular mounts, microcomputers and various other projects.

The Challenge:

TELESIS was tasked with providing secure access to the On-Premise Vulcan Backend Servers in the C4 IDF Lab. Vulcan is a web-based application that provides portal presence for vendors looking to advertise and generate interest in new/developing technologies and capabilities to the SOF Community. The Portal also allows SOF users to discuss these technologies with vendors and other users. The application has been running for three years and boasts over 3000 users and is a regular fixture at the annual SOFIC event in Tampa FL. The purpose of this initiative was to design and secure access of the Vulcan cloud-based front-end reverse proxy servers to the on-premise web and database servers located in the C4IDF Lab at USSOCOM HQ. Users were accessing the Vulcan application through one of two Cloud sites provisioned by a third party located in New York, NY and in San Francisco, CA. The reverse proxy servers would receive the user traffic and then route the traffic to the servers located at USSOCOM. However, only light-weight encryption was being used to secure the traffic, which became an issue as Non-Disclosure Agreements and other sensitive information was becoming more and more prevalent. A more secure method was needed to protect the traffic, while at the same time minimizing disruption to the functioning of the current reverse proxy servers.

The Solution:

The Telesis C4IDF Team designed a Site to Site IPSec VPN topology utilizing 256-bit encryption. Working with the Vulcan Development team at Cylitix, the Telesis C4 IDF staff implemented and configured Ubuntu Linux virtual servers to act as network gateways, running StrongSwan VPN clients at both the New York and San Francisco sites where the Vulcan reverse proxy servers were located. The VPN tunnels were then setup to terminate at the C4 IDF Perimeter Firewall, providing full encryption of all of the user traffic down to the network. For additional security, a third network gateway was stood up at a third cloud site in New York to allow a secure and separate management path for the Cylitix Developers to access the Vulcan back end servers remotely for ongoing maintenance and development without disturbing user traffic in the other tunnels

Results:

• Highly encrypted IPSec VPN tunnels provided a much more secure method for protecting sensitive user traffic flowing between the reverse proxy servers in the cloud and the on-premise Vulcan web/database servers
• A third dedicated highly encrypted IPSec VPN tunnel for remote management provided a secure method of remote management of the on-premise Vulcan servers and data by Cylitix Developers
• Vendor NDA and sensitive data ultimately is better secured