BuddoBot was founded on the principle that our success is measured by the value of the results we deliver to our clients. We use an interactive and facilitative approach to acquire a full understanding of our client’s unique situation and needs, the risks that are present, and the solutions that are required. The way in which we deliver value to our clients is equally important. Trust, authenticity, and confidentiality are the foundation of a value-based consulting relationship. We are strongly committed to delivering all that we promise with integrity and respect, maintain an independent and candid view, generate new insights and ways of thinking, and design actionable approaches. Please view our client list and performance summary below.
U.S. Department of Treasury
The Treasury Department is the executive agency responsible for promoting economic prosperity and ensuring the financial security of the United States. The Department is responsible for a wide range of activities such as advising the President on economic and financial issues, encouraging sustainable economic growth, and fostering improved governance in financial institutions. The Department of the Treasury operates and maintains systems that are critical to the nation’s financial infrastructure, such as the production of coin and currency, the disbursement of payments to the American public, revenue collection, and the borrowing of funds necessary to run the federal government.
BuddoBot provides IT Security Assessment and Authorization Services to the Department of Treasury’s Financial Crimes Enforcement Network (FinCEN).
Federal Communications Commission
The Federal Communications Commission regulates interstate and international communications by radio, television, wire, satellite, and cable in all 50 states, the District of Columbia and U.S. territories. An independent U.S. government agency overseen by Congress, the Commission is the federal agency responsible for implementing and enforcing America’s communications law and regulations.
BuddoBot provides Cybersecurity services and Penetration Testing for FCC systems and applications.
U.S. Army Central (ARCENT)
U.S. Army Central conducts shaping operations in the U. S. Central Command (CENTCOM) area of responsibility to deter adversaries in order to reassure and enable partners, while sustaining ongoing U.S. operations in established Combined Joint Operating Areas. Concurrently, USARCENT transitions forces and capabilities in the AOR for roles anticipated in the next decade of the 21st Century.
BuddoBot provides support service in the operation and maintenance of Battle Command systems pertaining to Air and Missile Defense (AMD) in the Command and Operations and Intelligence Center (COIC) and, when required, the Contingency Command Post (CCP) in Camp Arifjan, Kuwait in support of Army Central (ARCENT) G39. Uninterrupted and fully-functioning system operations are critical to the ARCENT mission. BuddoBot ensures that no preventable outages, disruptions, or degradations occur through appropriate planning, proper installation, configuration, and operation of equipment or software, adequate monitoring, appropriate maintenance, or other factors within our control.
U.S. Army Information Technology Agency (ITA)
ITA has been providing support to customers in the National Capital Region (NCR) since 1995. With the signing of Department of Defense (DoD) Directive 8220.1 in 1995, the Deputy Secretary of Defense John P. White charged the Secretary of the Army Togo D. West, Jr. with responsibility for establishing a Single Agency Manager (SAM) to provide Pentagon Information Technology Services for the National Defense community.
BuddoBot provided surge support to the IT and Security Operations team to ensure that the ITA Information Systems (IS) were fully compliant with Army/DoD IAVM and STIG requirements. Our team assessed, patched, and hardened various servers and systems prior to deployment into the production environments. We ensured all applicable IAVM updates were applied to Information Systems as new releases became available.
U.S. Air Force Security Forces Center (AFSFC)
Air Force Security Forces Center, Lackland AFB, Texas: Organizes, trains and equips Air Force security forces worldwide. Develops force protection doctrine, programs and policies by planning and programming resources to execute the missions of nuclear and non-nuclear weapon system security, physical and information security, integrated base defense, combat arms, law enforcement, antiterrorism, resource protection and corrections. Identifies and delivers emergent and future force protection and force application solutions through modeling and simulation. Acts as the executive agency for the Department of Defense military working dog program.
BuddoBot provided Information Systems Security Management (ISSM) support to ensure system security requirements are achieved and provided security Certification & Accreditation (C&A) packages for the Designated Approval Authority (DAA). We provided technical security evaluations on new products, update existing C&A packages to maintain validity, and conduct security testing, in accordance with the latest security products and processes. BuddoBot defined and validated technical security requirements for proposed IT systems and documented system security design approaches and/or determined if system design approaches met mission security requirements. We reviewed and analyzed new or revised security-related documentation, formal correspondence, technical reports, and recommendations related to IT security for security related guidance and requirements and present results in a report. We developed recommendations based on analysis of IT system security documents and actual posture, and ensure defects are identified. We analyzed network security scans and recommend fixes for vulnerabilities discovered in the application and document in a Test Analysis Report. We monitored network penetration activities and reviewed security data files.
U.S. Department of Justice – Federal Bureau of Prisons
The Federal Bureau of Prisons (BOP) protects society by confining offenders in the controlled environments of prisons and community-based facilities that are safe, humane, cost-efficient, and appropriately secure, and that provide work and other self-improvement opportunities to assist offenders in becoming law-abiding citizens. The Federal Bureau of Prisons was established in 1930 to provide more progressive and humane care for Federal inmates, to professionalize the prison service, and to ensure consistent and centralized administration of the 11 Federal prisons in operation at the time. Today, the Bureau consists of 119 institutions, 6 regional offices, a Central Office (headquarters), 2 staff training centers, and 22 residential reentry management offices.
As prime contractor BuddoBot provided comprehensive Inside Plant (ISP) and Outside Plant (OSP) infrastructure upgrades and improvements for the United States Department of Justice, Bureau of Prisons (BoP), Administrative United States Penitentiary (AUSP) in Thomson, Illinois. The upgrades and improvements were necessary to improve the stability, performance and reliability of the network infrastructure at AUSP Thomson and to update the network baseline to meet current industry standards. The technical solutions implemented at AUSP Thomson were determined, developed, and designed by BuddoBot as the result of a complete and thorough site survey conducted by BuddoBot under a separate BoP contract. The AUSP Thomson campus covers approximately 146 acres and comprises 15 buildings consisting of seven administrative and support buildings, eight inmate housing units.
Previous Contract Support for BOP:
As part of an extensive Outside Plant (OSP) and Inside Plant (ISP) initiative, BuddoBot assessed and documented the status of the current infrastructure of three Federal Correctional Centers. The functionality and security of the communications pathways was compared against industry, Department of Justice and Bureau of Prisons standards in addition to federal and state guidelines. That analysis yielded a comprehensive design that meets all necessary requirements and standards.
The ultimate goal of the surveys was to identify Inside and Outside Plant deficiencies and provide an upgrade plan for a reliable, stable network infrastructure that meets current industry standards. We detailed the infrastructure from the demarcation site (DMARC), all equipment rooms, component installation locations, power availability, grounding, seismic bracing, fire prevention, HVAC, adequate pathways and identified all current copper and fiber optic communications lines between and inside all buildings. The information was compiled into a Site Survey Report and provided to the Bureau of Prisons with a proposed design. We created CAD drawings of the proposed design for each Federal Correction Complex and detailed diagrams were created for each building across the 5 separate correctional facilities in the two locations. These reports serve as the design blueprint for the eventual network and infrastructure upgrade.
U.S. Army PM AcqBusiness
The PM AcqBusiness Program provides Information Management capabilities that support Acquisition community needs for Acquisition data, data management services and Enterprise Business applications. These capabilities enable the consistent, effective and efficient conduct of the acquisition business. Planning and development of additional capabilities are ongoing with rapid prototyping, user involvement and rapid capability distribution as core elements of the program strategy. The Acquisition Business Program is not a traditional program; it consists of a continuing series of independent software projects managed to cost, schedule and user requirements. This program strategy is modeled after best industry practices for rapid development and distribution of enterprise software solutions. The initial Service Oriented Architecture has been deployed and provides an initial set of capabilities.
Our team performed services across two critical task areas: IT Operations and Information Assurance. We performed weekly vulnerability scans, assessments, audits, and reporting. BuddoBot handled the development and compilation of DIACAP focused Certification and Accreditation (C&A) artifacts such as: SSP, DIP, SIP, TSP, as well as POA&M management. We also performed accreditations of internal systems and enclave changes.
Our IT Operations Team designed and implemented a physical system reduction across all PM AcqBusiness systems. This resulted in a 70% reduction of physical inventory. We further improved storage utilization by designing a Storage Area Network based on Fiber-Channel technology. In a separate engagement our engineering team participated in the consolidation of systems from disparate organizations into a single “Next Generation” architecture.
Our team was able to reduce cost, create efficiencies and position PM AcqBusiness for a three year Authority To Operate (ATO). This was the first within PM AcqBusiness as well as PEO-EIS.
Virginia State University
Virginia State University (VSU) has a student population of over 5,300. In 2008, U.S. News & World Report acknowledged VSU’s excellence by naming the University the top, public, master’s level HBCU in America for the second consecutive year. Virginia State University was founded in 1882 as the Virginia Normal and Collegiate Institute, making it the first fully state supported, four-year institution of higher learning for African Americans. Today, Virginia State University is one of Virginia’s two land-grant institutions.
BuddoBot conducted a network penetration test to determine the University’s susceptibility to internal and external threat agents. The purpose of this engagement was to identify and prioritize the potential areas of security vulnerability in VSU’s infrastructure and servers. BuddoBot also scheduled interviews with VSU personnel and conducted research associated with current VSU policies, procedures, and methods that fall within the Virginia Information Technologies Agency (VITA). BuddoBot provided remediation guidance to assist VSU in applying controls mandated by the Information Technology Resource Management Information Security Standard SEC501-06 and NIST Special Publication 800-40, version 2.0.
The BuddoBot Team conducted a thorough review of the Virginia State University (VSU) network architecture and operations. During this evaluation, we reviewed network diagrams and the configurations of some of the key infrastructure devices (firewall, switches, routers, etc.). Additionally, key members of the VSU network staff were interviewed and discussions were held to determine the true nature of the network’s resiliency against an attack. A detailed report was delivered defining the true state of the VSU network along with detailed recommendations associated with critical vulnerabilities.
BuddoBot performed an analysis of the University’s Microsoft Windows Group Policy Object (GPO) deployment. A thorough assessment was conducted and an itemized report addressing each GPO was delivered displaying its current state. Recommended changes along with instructions were created built off of Virginia’s Information Technology Resource Management (ITRM) Virginia Security Standard (SEC501).
Office of Naval Research
The Office of Naval Research (ONR) is an executive branch agency within the Department of Defense; ONR supports the President’s budget. ONR provides technical advice to the Chief of Naval Operations and the Secretary of the Navy. ONR reports to the Secretary of the Navy through the Assistant Secretary of the Navy for Research, Development and Acquisition. Led by the Chief of Naval Research, its senior leadership oversees a portfolio of investments ranging from immediate, quick-turnaround technologies to long-term basic research.
BuddoBot completed a full assessment of ONR’s Information System (IS) environment to assure vulnerability findings were identified and courses of action including remediation were planned appropriately. BuddoBot guided and assisted ONR IT and IA staff to work towards the completion of all applicable STIGs, Security Readiness Review Scripts (SRRs), Gold Disk Remediation, Retina IAVA patch compliance, and Server and Desktop Image correction. BuddoBot successfully removed over
300 vulnerabilities across both server and desktop platforms. BuddoBot also
created zero CAT-I and CAT-II images for both desktops and servers that have been deployed across ONR’s legacy network.
BuddoBot provided a thorough analysis of ONR’s Active Directory (AD) and Group Policy Object (GPO) set. We were tasked with creating an “as-is” overview of their GPO set and deliver a “to-be” architecture that would function more efficiently. BuddoBot created new policy sets and delivered a new functional baseline GPO that allowed the user workstations to receive the appropriate policies to maintain compliance. Some configurations to the Local Firewall settings through the Microsoft Group Policy Management Console (GPMC) were necessary and enabled us to correct Software Firewall Policy findings for the entire domain.
U.S. Army Materiel Command
The U.S. Army Materiel Command is the Army’s premier provider of materiel readiness – technology, acquisition support, materiel development, logistics power projection, and sustainment – to the total force, across the spectrum of joint military operations. If a Soldier shoots it, drives it, flies it, wears it, eats it or communicates with it, AMC provides it. AMC is headquartered at Redstone Arsenal, AL., and impacts or has a presence in all 50 states and 150 countries. Manning these organizations is a work force of more than 70,000 dedicated military and civilian employees, many with highly developed specialties in weapons development, manufacturing and logistics.
BuddoBot was called on to conduct an IA and DIACAP documentation review for AMC’s Army Enterprise Portal (AEP), the Army’s largest enterprise portal. The AEP serves as the gateway to Enterprise Services that will enable transparency within the AMC and Assistant Secretary of the Army for Acquisition Logistics and Technology (ASA/ALT) communities (i.e., the Army acquisition domain). The BuddoBot team assisted with DIACAP preparation and review sessions to deliver recommendations to key stakeholders. We also assisted in the Security Technical Implementation Guide (STIG) compliance review to help deliver proper mitigation responses for critical IA controls across sensitive systems.
U.S. Navy ERP
Navy ERP is an integrated business management system that updates and standardizes Navy business operations, provides financial transparency and total asset visibility across the enterprise, and increases effectiveness and efficiency. Enterprise Resource Planning (ERP) is the generic name of a software-based management system used by forward-leaning corporations around the world to power their crucial “back office” business functions. The Navy ERP Program uses a product from SAP Corporation, which allows the Navy to unify, standardize, and streamline all its business activities into one completely integrated system. The result is the Navy will achieve the highest standards for secure, reliable, accessible, and current information; everyone involved in conducting the Navy’s business will thus work using the same procedures and reports. Business processes are updated and simplified; redundancies are eliminated; efficiencies save money.
BuddoBot provides services cross industry. Our client base in the commercial sector is growing. We have provided Information Security and Secure Infrastructure services to large Fortune 500 organizations. These organizations have selected to remain anonymous for security purposes. BuddoBot can appreciate and fully understands this request. Below you will find short summaries of our performance serving Fortune 500 organizations.
BuddoBot conducted an internal and external network penetration test to determine the client’s susceptibility to internal and external threat agents. The purpose of this engagement was to identify and prioritize the potential areas of vulnerability in the client’s infrastructure and servers.
The client captured potentially suspicious files off of their systems; BuddoBot was called upon to do a thorough assessment. Those files were analyzed by our team for any malicious properties and for any activity that could have been spread across the network. Our team was able to successfully identify the malware and deliver recommended fixes to be applied to the infected systems as well as across the network.An assessment was performed to determine the health of the client’s McAfee EPO environment, with a focus on McAfee’s best practices, current industry standards, and practical application in the client’s anti-virus environment. Unique configurations needed to be created due to the larger scale of the system environment and the geographic locations of their hosts. This is typical for larger enterprise system environments. BuddoBot completed the assessment, delivered recommendations, and assisted with the remediation process.
Hospitals and HealthIT
BuddoBot provides an array of ongoing Cybersecurity and IT Management services to leading hospitals and healthcare IT systems in Pennsylvania and the National Capital Region (NCR).
Pennsylvania Hospital System
BuddoBot provides ongoing Cybersecurity and Penetration Testing services to Central Pennsylvania’s leading healthcare and hospital system. Annual audits and adhoc tests are conducted against single systems and enterprise systems and applications.
National Capital Region (NCR) Hospital System
BuddoBot is currently providing program management support services to a large DC, MD, VA Hospital system. Specifically to assist in meeting or improving time, schedule, cost, and quality objectives. BuddoBot provides on-site senior-level Information Systems program manager support responsible for direct client support as well as the development, management, and upkeep of portfolio management artifacts.