#18 Mission: Cyber Works with the Federal Cybersecurity Guidelines
Episode #18 of Students vs. Startups has a focus on a cybersecurity startup with the light-hearted name of Mission: Cyber. The CTO and founder, Dan Schulman, sits in the studio and talks about running a startup, being married to his business partner, their new baby, and being a teacher at a local university!
Two students are candidates for a master’s degree in Technology Management from Georgetown’s School for Continuing Studies and one has a diploma in hand. Current students are Jimmy McAndrews and Constance Chen; the graduate is Madeline Tomchick from Applied Information Sciences.
Listen time: 25 minutes
Please support our sponsors
“Our focus areas are helping customers with assessments when they have to become compliant with a framework such as NIST FISMA.” Dan Schuler, Founder and CEO Mission:Cyber
“Private sector is much faster, needs to be done.” Dan Schuler, Founder and CEO Mission: Cyber
“We want to gain the experience from our partners from our primes.” Dan Schuler, Founder and CEO Mission: Cyber
Eastern Foundry on LinkedIn, Twitter @EasternFoundry
The Radiant Group on LinkedIn, Twitter @_RadiantGroup
AcumenSolutions LinkedIn Twitter @acumensolutions
Eastern Foundry Linkedin Twitter @easternfoundry
Mission: Cyber Linkedin
Mission: Cyber Twitter @MissionCyber
If you enjoyed this podcast, you may want to listen to podcast #8 from Gray Street Solutions When Student Becomes Startup
Another similar podcast #9 was the interview with Next Branch Strategies with
Strategies for Improving the Retail Banking Business
This is the transcript
John Gilroy: Welcome to Students vs. Startups showdown at the Potomac. My name is John Gilroy. I’ll be your moderator today. Everyone that hates that fake radio voice so I’m going to get away from that fake radio voice and just talk like I’m sitting in a Starbucks with Madeline. We’re talking about Microsoft products for next year or something. I’m trying to get more loose and un-radio here in this podcast.
This podcast is in the studios of Eastern Foundry. We have a room here. We have a table. We have students on one side of the table. We have a startup on the other. We have a little conversation is all we have. Everyone learns.
The startup gets to find out what the students are thinking. The students actually get to face-to-face with a real live human being that encounters all the problems of being an entrepreneur.
What I’m going to do now is introduce the students and then toss over to the startup. Our students, Madeline Tomchick. She’s a graduate of the Technology Management Program at Georgetown University. Madeline, tell us a little bit about yourself, please.
Madeline T.: I work for Applied Information Sciences, AIS, in Reston, Virginia. I do inside sales with Microsoft. My whole job is to let Microsoft know what we’re doing and to make Microsoft happy.
John Gilroy: Make Microsoft happy. That’s a big job.
Madeline T.: It can be, yeah, but it’s fun.
John Gilroy: Jimmy McAndrews, tell us about your background.
Jimmy: Thanks, John. I’m by day, I’m a Deloitte consultant. I’m working for a federal health initiative. By night, I’m a graduate student at the Georgetown University’s School of Continuing Studies Systems Engineering Management Program.
John Gilroy: Excellent. Connie, your background, please?
Connie Chen: I’m a clinical data manager at a pharmaceutical company. I’m taking the Technology Management Program at Georgetown University.
John Gilroy: We have two students who are about to graduate and one is a success. We have two “wannabes” and one successful student here. On my right, your left, we have our startup. The name of the startup is Mission Cyber. It sounds like an old TV show, doesn’t it. We have the founder here, Dan Schulman. Dan, how are you?
Dan Schulman: Doing well. Thank you.
John Gilroy: How did you come up with this name and tell us about your company, please?
Dan Schulman: The name is rather interesting. We decided that we didn’t really want a name with three initials or a name that didn’t really mean very much, which works for many companies, not for us. The name came from watching a Tom Crews movie on TV.
John Gilroy: What a surprise.
Dan Schulman: I don’t think it was Mission Impossible, but it was a good one. There couldn’t be that many of them. We watched that movie. Then, I thought of Mission Cyber. Went to check that the URL was available. It was. Done deal.
John Gilroy: Interesting.
Dan Schulman: The URL was not taken by a cyber-squatter or anything like that, so we signed up for it. Mission Cyber was born about two years ago.
John Gilroy: Well, I’m not the only teacher in the room here. I hear you teach at George Mason University, don’t you?
Dan Schulman: Correct. Yes. Interesting fact. I actually started taking some of the classes in my younger years at Georgetown. I think it was in the School of Continuing Studies, even back then. 2006 or so, I believe.
John Gilroy: I did my little research on you on LinkedIn. You’ve got more letters after your name. I started writing down these letters and I ran out of ink. CISSP, ISS, MPP, MP, CISA. Does that make you a BMOC, Big Man on Campus?
Dan Schulman: Please, don’t ask what all those things mean. Certified something or other.
John Gilroy: You’ve got technical training.
Dan Schulman: Yes.
John Gilroy: You’ve got some certifications, some experience. You also own your own company.
Dan Schulman: Yes.
John Gilroy: That’s wonderful. What’s interesting about you, I went to LinkedIn and I saw you wrote an article and it was when Rage and Technology Fail Us. It’s so different from my article. My most recent article on LinkedIn is called Vlog like a Big Dog.
Dan Schulman: I like that. That’s catchy. It’s different.
John Gilroy: Yeah, we’re completely different personalities when it comes to cyber security and technology in general. Well, I’ll ask you the question I ask everyone. What business problem does your company solve?
Dan Schulman: Our focus is mainly two problems. The cyber security industry is actually huge, as many of us know. Some of us think that cyber security is really some person sitting at a computer watching like glowing binary go by. It’s not really that way. Our focus areas are helping customers with assessments when they have to become compliant with a framework such as NIST FISMA.
There’s always HIPPA for the health industry and PCI for the financial industry. Our focus is FISMA. It is not the most fascinating process. A lot of companies don’t like to do it. If you’re a development shop or an operations shop, it’s not really your forte, so we come in and help with that.
On the technical side, we help secure networks with firewalls and intrusion detection systems and things like that.
John Gilroy: This podcast is on the Interweb. Some people have heard some of these terms, some haven’t. FISMA is a term that’s used in the federal government. Maybe Jimmy can ask some questions, a little bit about maybe some of your assessment programs?
Jimmy: Sure. I guess the first question would be, what is FISMA again? Then, secondly, I was looking on your website. You called out again, there are no binary graphic. There’s no sci-fi elements, but so how do you explain the value ad of Mission Cyber to clients in plain terms that they can understand and make decisions on?
Dan Schulman: Yeah. Absolutely. The first part of that, FISMA, is a Federal Information System Modernization Act. I pause there for a second.
John Gilroy: Round of applause. Round of applause. He got that one right. Yeah.
Dan Schulman: I pause every second, because it’s actually changed. In 2003, it was the Management Act. I think it’s now Modernization Act. It’s one of those guys. It’s basically the law of all US systems that have to comply with standards to make sure that they are secure and compliant.
The second part, we help companies and organizations who do not necessarily understand cyber or want to understand cyber. It’s not their business process. We explain it at a level that is easy to digest, we think at least, and we focus on smaller areas.
Our business goal right now is not to compete with the Raytheons and Northrop Grummans out there. They do massive cyber. They do it very, very well. Our goal is to help the smaller groups, the smaller systems. Every agency has small networks, even if they’re not the main ones that need help, again, in a smaller way.
John Gilroy: Madeline, please.
Madeline T.: When you talk about the agencies or the companies that need help, what do you do for the companies that don’t think they need help? That they’ll never get hacked or ever have any problem in cyber security?
Dan Schulman: Fortunately, or unfortunately, it depends on how you look at it, that problem is dying a little bit because of all the news headlines and everyone is getting compromised eventually with the not if, but when, mentality that you will be compromised. When there are still standouts out there, we use examples of instances that have happened.
I’ll pick on OPM, since they’re one of the largest ones, but OPM did not think that they would have a problem until they realized they did. Now, it’s a massive problem. OPM is the Office of Personnel Management that was breached, I think, about two years now. Anyone with a security clearance had their personal information stolen.
It was a very, very big deal because it was a massive number of people. We just use real life events, things that have happened, and we basically say, “Listen, you do not want to be on the cover of The Washington Post like this.”
John Gilroy: Connie, want to jump in?
Connie Chen: I mean, you cater to both private and public sectors. What are some pain points for each that you face?
Dan Schulman: Let’s see. The pain points that we face are usually differences in compliance in organization and communications. A lot of public sector agencies and organizations must comply with the law, must comply with their superiors, and get their documentation in order, but it’s a very slow process.
Private sector is much faster. It needs to be done. It does not necessarily have to follow compliance to the letter because often private sector companies go above-and-beyond.
For example, FISMA may only focus on protecting the data to a certain point. If a private sector company says, “Yes, I want my data protected, but I also don’t want my website defaced so that I’m not embarrassed.” They want a little extra to go above-and-beyond. There are definitely some differences there.
John Gilroy: Jimmy.
Jimmy: Sure. You were telling us about your target markets, but what’s your marketing strategy for going after them?
Dan Schulman: Well, we are a newer startup. We are going on two years this year. Our marketing strategy is to focus primarily on the government market and to not “prime” contracts right off the bat. Our marketing strategy right now is just to subcontract quite a bit.
We want to gain the experience from our partners from our primes. We want to learn from their accomplishments and their mistakes. There will be mistakes. There are always mistakes, us included.
We do want that to go that direction and not to get on a contract vehicle or anything like that because we don’t need to, frankly. We can sub. Many large businesses have small business requirements. Agencies have small businesses requirements, especially women-owned small business requirements, which we are. That’s our marketing strategy at least for the next few years.
John Gilroy: Madeline.
Madeline T.: Since it’s only been a few years that you’ve been around, why did you choose Eastern Foundry to have your Startup?
Dan Schulman: It’s actually a very good question. It started when we needed some office space. We were looking into the co-location space like a Regus or a WeWork. Some of the Regus, WeWorks of the world, did have some problems. In my opinion, they were very open. They were not conducive necessarily to government work or some of our conversations we had.
Eastern Foundry’s a little bit better at that, but once we found out that Eastern Foundry, with all the programs they do, and how they help incubate small companies, it was absolutely a no-brainer. We signed up within a week, I believe, once we met with Lauren.
John Gilroy: Connie, please.
Connie Chen: How did you decide to go into cyber security?
Dan Schulman: I started in a technology role. There’s no other way to say it. I’m a computer nerd. I always have been, all right? The security aspect of it was more interesting to me than anything else, especially the last eight years or so.
From a business standpoint, frankly, it’s pretty lucrative these days because everybody needs it. It’s a job that I enjoy and we can do quite well at it. Absolutely. Yeah. Cyber security was the way to go for us.
John Gilroy: I have a question about CDM. Continuous Diagnostic and Monitoring. Is that part of FISMA? Do you do that as well? Separate category altogether?
Dan Schulman: They are closely related. The traditional FISMA, to comply with FISMA, you have the risk management framework. In that risk management framework, up until a few years ago, you had a three year authorization. You have a system and it’s good to go for three years and then it has to be re-certified.
CDM is the effort to go with a continuous authorization so that you are constantly monitoring your system so you can have an ongoing accreditation. They are different, but they are closely related to one another.
John Gilroy: If people want to have more information on your company, Dan, where should they go?
Dan Schulman: Start with our website. missioncyber.com. www.missioncyber.com, which they both work. LinkedIn. We’re pretty heavy on LinkedIn and Twitter and Facebook as well.
John Gilroy: Great. The founding sponsor for Students vs. Startups is The Radiant Group. If you enjoy solving problems and like to work for bright people, The Radiant Group is the place for you. Contact Al Di Leonardo and Abe Usher at theradiantgroup.com. We are hosted by Eastern Foundry, a community of government contractors who are bringing innovative solutions to the government marketplace. For more information, go to eastern-foundry.com.
Welcome back to Students vs. Startups. Show down at the Potomac. There’s my fake radio voice. What do you think, Jimmy, pretty good?
Jimmy: Pretty good.
John Gilroy: I’ve got to work on that fake radio voice. Well, you know what we do? We have a table here with Eastern Foundry and students on one side of the table, startups on the other. Just have a little friendly conversation. Our students, we already know. Madeline Tomchick., Jimmy McAndrews, and Connie Chen. Our startup today is Dan Schulman. His company’s called Mission Cyber.
Our previous podcast, back at the ranch, our previous podcast, we had a gentleman in the studio here who is a Marine. He was partnering with a Marine. I always thought that would make for like a difficult partnership in a company. How does your company ownership work anyway, Dan?
Dan Schulman: We are proudly a woman-owned small business where the woman in our business is actually my wife. My wife owns our business, 51%. I have 49%. I’m the minority owner and more than happy to be that way.
John Gilroy: Madeline?
Madeline T.: What challenges come up if it’s you and your wife together owning the company? Do you fight more?
John Gilroy: Wrong question, Madeline.
Madeline T.: Is it more fight in the direction of the company because you see different visions?
Dan Schulman: No matter what I say, I love you, dear. Get that out there first. No, actually my wife’s background is also in the government industry, before our company. She is management and I am labor. I joke about that but it’s really very true. She’s 100% in charge of the company from the accounting to the contracts and that, etc. I’m in charge of the technical end and the client interfacing.
Since we do have very different roles, I think we complement each other well. Believe me when I say, we actually don’t fight about business very often. We work very well together.
John Gilroy: Jimmy, any questions about ownership and maybe future plans?
Jimmy: Yeah, yeah. I was curious about your strategy where you see going forward the next 12, 24, 36 months, partners, investors? What’s the path for you all?
Dan Schulman: In the future, anything’s possible, certainly. In the immediate timeframe, we are certainly continuing to build our company. We’re still trying to get that brand out there and build the image. Myself personally, I’ve made some very good contacts.
I hope that I have a very good reputation in the industry. I like that to happen for the transition over to the company as well. We want to build on top of that. For the next 12 months, even the next few years, I still see us growing and building.
John Gilroy: Connie, you have a question for Dan, please?
Connie Chen: To bounce off of that question, are you thinking about growing in terms of solutions or size of your company?
Dan Schulman: We are. Actually, we’re 100% services company right now. Our business is people. We help our government customers and private sector customers with service solutions. If they need products, they usually go elsewhere.
We are actually thinking about partnering with a couple of other companies that do well security licenses, firewalls, intrusion detection systems, things like that. We are thinking of going that different route or adding that dynamic, if you will, to the company.
John Gilroy: I have a quick question for you. How does IOT impacted your cyber security plans and the plans for the federal government?
Dan Schulman: It is huge, actually. My wife will actually make fun of me for this, because
John Gilroy: Internet of Things. IoT.
Dan Schulman: Right, right, right. Our house, I have separate Internets set up for Internet of Things. We have thermostats. We have the baby cam. We have everything. I will not let it run on any network that has our computers or anything like that.
John Gilroy: Isn’t that interesting?
Dan Schulman: The Internet of Things is very, very handy. It is the way of the future. Our microwaves, our refrigerators, smoke detectors, will all have internet connectivity, if they don’t already. I think it’s wonderful. I think it’s great, but they do not have any business, in my opinion, talking to our personal computers with our personal data on them right now.
John Gilroy: Some people would call that an air gap?
Dan Schulman: Yeah. That’s one way to think about it, absolutely.
John Gilroy: Jimmy, you have another question, please?
Jimmy: Sure. I guess as the technology part of the partnership, what uniquely qualifies you going forward out in the marketplace?
Dan Schulman: My background, number one, I’ve been doing this for at least 11, 12 years, thinking back now on it. Not the entire time in security. Operations and server administration, server administration and engineering, that’s how I started. Desktop tech. That’s how I started, all the way up to cyber security and implementation.
I really feel that I have the full breadth of knowledge. The only thing I don’t really do, I’m not a co-developer. I can’t code a website. I use WordPress for our website, thank goodness, because I couldn’t do it on my own. I tried once and it didn’t work out well.
I have the hands-on experience. I know what the client pain points are usually, which usually revolves around services.
If a client has a particular product, whether it’s Windows or it’s a firewall, usually it’s not a problem with the Windows, machine or the firewall. Usually, it’s how it’s implemented or the follow through or the client can’t get in touch with the company to fix it. It’s really like any other business, I think, and I know that they need good service.
John Gilroy: Madeline.
Madeline T.: From today’s perceptive, is there anything you would go back in time and say, “I would fix that if I could.”?
Dan Schulman: Actually, I’ve thought of this question before. The only thing I might change is I would have started the company a little bit sooner. I’m fully … I have absolutely no regrets. I’m in my middle 30s right now.
I’m more than happy that we started the company just not too long ago. I think we could have made more of an impact if I did start it a little bit sooner. That’s not necessarily possible with the time line of our personal lives, but that would probably be the one thing that I would change.
John Gilroy: Connie, want to jump in?
Connie Chen: I do see like the challenges of having family and starting a company. What kind of advice would you give people in the same situation where they have family and want to start a company?
John Gilroy: That’s good.
Dan Schulman: It’s a very good question. I’ll let you know when I figure that out. You know, it’s funny. We have been doing this lately, actually. My wife and I both have been bringing the have a process notion home from the office and do it at home as well. Have a schedule. I have my time in the office and she has her time when she has to work in the living room. We have dinner a certain time.
We’re very organized, if you will, at home, which does help quite a bit. It does get hectic there. Some nights are calmer than others. My wife actually is working on a proposal right now, late at night. I mean, there’s different changes. Definitely changes, but having some kind of process, some kind of schedule, especially with child and child care, definitely helps.
John Gilroy: I’ve got to jump here and I’m decidedly older than everyone else in this room and my generation looks at things differently, but it’s interesting how your generation can juggle the family, the life, the work, everything. People in my generation, I once had a guest speaker in the class. He came in. He said, “You can either be married or you can be an entrepreneur. You can’t be both.”
You are teaching and you’re working, and you’ve got kids, and you’ve got a wife, and you’ve got a company. A lot of NoDoz in the back of your truck there? I mean, how do you … This is not as easy as it sounds.
Dan Schulman: It is not.
John Gilroy: It’s not easy. Yeah, I’ll just go home and do … No. You’re probably in trouble because you’re in this podcast tonight and not home and your turn to make dinner.
Dan Schulman: I will not comment on that. It is very challenging. It is absolutely challenging. It takes dedication from everyone. Especially the 15-month old. He has no idea what he’s into, but he has signed up.
It takes organization. It takes compromise. If I teach a class for computer security, Net Security+, something like that, it takes a few weeks. Usually, it’s an evening class. That means my wife is home alone with the child.
It’s give-and-take. It’s compromise. It’s having an understanding and working everything out in advance with one another.
John Gilroy: Georgetown University is trying to encourage women to get involved in STEM and technology, and I think this is a real important conversation to have here, because it’s the real world now. You’re going to be a shining example, I hope, of how this all works, but I think all three of the people on the left side of my table are thinking.
These questions. I mean, Jimmy, Connie and Madeline. They’re all going, “Geez. I may want to start my company in five years and I might have a baby by that time.” Jimmy, this is an important topic to bring up. It’s not a technical topic, but it’s a real topic.
Jimmy: Absolutely. Absolutely. It affects everybody. That’s why it’s the family element that drives you forward on this. I was kind of curious, for a very small tight knit team, but there’s only one Dan here. How do you stay current on all the various trends out there and the new technologies to keep providing that great strategic advice to your clients?
Dan Schulman: SPAM. SPAM email. Pretty much, actually. One of my tools that I use are a lot of contacts I have with vendors. Vendors do love to email you with their marketing tools, things like that, but with those marketing tools comes invitations to conferences, prerecorded webinars that you can sit. When you actually have an hour in the day that you can take a break during lunch or something like that, you can learn a ton.
YouTube. YouTube has some excellent material on cyber security. It also have some horrible material on cyber security. You just have to take it for what it is. Take it with a grain of salt.
RSS feeds. I like going old school. RSS feeds. They come right to my Outlook email box for things like that. I do find a way. There isn’t one way that I necessarily go about it but I get little bits-and-pieces here-and-there and I do stay abreast of emerging technologies.
John Gilroy: Madeline, you want to jump in?
Madeline T.: We were talking more about the family and how to balance everything. Was there anybody who inspired you? Was it the big greats in technology? Was there somebody who just … Was it a professor that hit you one day and it was like, “You know what? I can do this. I can balance it all.”
Dan Schulman: Yes, actually. Wonderful question because it’s a good tie into Georgetown. The adjunct professor that I had at Georgetown, did inspire me quite a bit. Not only to go about my business, which at that time, I didn’t think about too much, but it did inspire me to start teaching.
John Gilroy: Well, was his name John Gilroy? What was his name? Come on, now. We’ve got to know. We’ve got to know.
Dan Schulman: His name, of course, he did me lots. I certainly remember it. It was Scott Edington. He did work for Georgetown. I believe he moved to the West Coast many years ago, but he taught … What did I took?
I think I took a Network+ class back then. Taught it. He was, at that time, I do believe, a vice president for Booz. Booz Allen Hamilton. He didn’t exactly need the job, I don’t think. I think he did it to give back, which is something that I want to do.
He is probably, if I had to put one person, I think that he’d be probably one of the biggest mentor, if you will.
John Gilroy: Connie, you want to jump in with a little final question here, please?
Connie Chen: How do you get the name of your company out there to others?
Dan Schulman: Networking. It’s like any other business, if I just sit back and wait for it to happen, it won’t. This is one of the tools with Eastern Foundry that’s been wonderful. Working with partners. Somewhat old companies. I’ve worked for three or four companies, I’ve left all of them on wonderful terms.
Some of them have been large businesses, so they still need some small business credit. They need to work with small businesses so I go that route. I go to conferences. I get involved and stay in social media and LinkedIn and make my presence known there. There’s a bunch of different ways, but it pretty much boils down to networking.
John Gilroy: Dan, if someone wants to find more information from you, why don’t you slowly spell out the name of your website, please.
Dan Schulman: Sure, absolutely. It’s missioncyber.com. M-I-S-S-I-O-N-C-Y-B-E-R.com.
John Gilroy: Woo! Music to my ears. Thank you very much. We’re running out of time here, big Dan. If you liked the podcast, give us a review on iTunes. I’d like to thank our founding sponsor, The Radiant Group, and our host, Eastern Foundry. Signing off, from high atop a nondescript building in lovely downtown Rosslyn, Virginia. I am John Gilroy. Thanks for listening to Students vs. Startups Show Down on the Potomac.