Elisabeth Nguyen, Founder, and CEO
Solarwinds, Operation Sea Dragon, Bonneville Power Administration, just to name a few. These are some of the reported cyber-attacks on the U.S. government and the Department of Defense (DoD) perpetrated by nation states like Russia and China who crawl their way to our nations secrets by attacking unsuspecting small and midsize businesses who support the DoD and the federal government. Considering the sheer breadth of the DoD supply chain network —with so many third-party vendors and partners of all sizes and abilities—these vital partners who are part of the larger DoD contractor ecosystem present a huge cyber risk. What does it all mean? What can we do? In response to the need for commercial cybersecurity requirements and compliance, a new security framework called the Cybersecurity Maturity Model Certification (CMMC) is being rolled out and will soon be required for all businesses to obtain a DoD and possibly a federal government contract that handles Controlled Unclassified Information (CUI). Understanding these security requirements and then implementing them to pass a CMMC audit for a level 1-5 certification will be no easy feat. This is where The Enterprise Security (TES) Consultants, a Minority and Economically Disadvantaged Women-Owned Small Business that provides cybersecurity consulting services, steps in to leverage their experience in Supply Chain Risk Management (SCRM), Continuous Diagnostics and Mitigation (CDM), Vulnerability Management, FISMA, FedRAMP, NIST, and Privacy audit and compliance with both government and commercial clients.
Many companies supporting the defense industry struggle to grasp what CUI is and what may become CUI in the future. Even after a company gains an understanding of CUI, many companies will struggle to understand the scope and requirements to define what is CUI and protect it. To most, security is something that is considered only after a business establishes operational processes or right before an audit. However, CMMC requirements are meant to change this paradigm by requiring vendors to show cybersecurity hygiene and “maturity” which means showing security has been in place for up to a year before an assessment. TES Consultants understands this challenge. “We understand small business, we are a small business. We understand that many businesses out there can’t afford expensive technical solutions to security let alone have the ability or know how to manage these complicated technologies. Food service providers have enough to worry about with produce prices and delivery. Mechanics and Machine shops have enough to worry about with keeping their tools working. Consulting companies need to worry about relationships, communications, and retention of their expertise. At TES Consultants, we will train you on CUI, build out your entire package for the audit, conduct a gap assessment, address deficiencies, and walk you through the remediation process. We will be there for you during the audit to interpret or anticipate any questions from the assessor(s). And most importantly, before we leave, our clients will have a CUI program implemented into their corporate environment. This program will be a roadmap on how to manage and handle CUI going forward. We clearly define a boundary for these companies to maintain their CUI which will keep them in compliance.”
Brian Frankenberry, COO
One of the qualities that makes TES Consultants different from its competitors is its ability to relate to and communicate with customers. “One of the most important things we do is helping clients understand CUI and guiding them in what qualifies as CUI data today and potentially tomorrow,” says Brian Frankenberry, COO at TES Consultants. “Clients don’t need to understand how encryption works or how to read audit logs from every IT solution. We’re happy to explain that, but we do believe that companies will be successful and secure after a basic understanding of CUI and how to manage it.” This does not mean TES Consultants doesn’t use cutting-edge technologies and automated tools to provide cybersecurity advisory and audit compliance services. While many of their competitors resort to manual processes, TES Consultants uses automated tools to provide real-time visibility into their client’s security posture. With a collaborative approach, TES Consultants handholds its clients and builds out an easy to use, real time reporting tool for clients to see their existing vulnerabilities and status reports on plans to remediate them.
We help companies determine their authorization boundary around CUI, reduce their CUI footprint and enable them to obtain a CMMC
In a typical engagement, TES Consultants will help their clients build an appropriate security authorization boundary to ensure CUI is segregated from the enterprise and to reduce their CUI footprint. Upon onboarding the client, TES Consultants will hold a session to validate their requirements and understand their hardware and software assets. TES Consultants will identify the client’s system’s vulnerabilities and built a security roadmap that will enable them to achieve the required compliance. We also realize that not every engagement will be typical, when dealing with the diverse nature of the many companies that provide services to the government, being agile and adaptive to each companies’ unique needs is paramount to their success as well as ours. Our multi-discipline expertise and experience allow TES Consultants to adapt on the fly as the client’s needs changes or as unique challenges arise. “We are up to the task to provide best in class service under any given circumstance” says CEO, Elisabeth Nguyen.
Although TES Consultants is a young and emerging company, it has acquired a far-reaching reputation in the cybersecurity consulting arena. When Elisabeth founded the company in 2018, her standing in the industry enabled them to quickly partner with larger companies. Since then, the company has maintained a strong personal relationship and trust with its clients, partners, and colleagues and continuously brings value to the table with its reputation. Moving ahead, TES Consultants plans to continue supporting their commercial and federal government clients by providing unmatched cybersecurity consulting services. As trusted advisors, TES Consultants strives to bring its technical capabilities and experience in achieving and maintaining compliance most effectively and efficiently.