What We Do
What We Do
BuddoBot is your Offense
Offensive cybersecurity, or red team, consists of white hat security engineers (the good guys) who simulate black hat adversaries (the bad guys) to overcome cybersecurity controls and systems. Red teams consist of ethical hackers who evaluate system security in an objective manner. They utilize all the available techniques to find weaknesses in people, processes, and technology to gain unauthorized access to assets. As a result of these simulated attacks, red teams document their findings and make recommendations on how to strengthen an organization’s security posture.
We are here to help...
We help organizations strengthen their cybersecurity posture by identifying areas of exploit. We are not your run-of-the-mill or catch-all cybersecurity company. We are the real deal team of ethical hackers/red teamers. Vulnerability scanning alone is not enough and doesn’t identify all areas that a malicious actor could gain access. Automated scanning is just one of many tools that a seasoned ethical hacker uses for reconnaissance.
Unfortunately, many companies rely on the sole use of automated scans as their proactive approach to a cybersecurity assessment. This provides a false sense of fortification. BuddoBot’s ethical hackers simulate real attacks. We match a logical mindset with out-of-the-box strategic thinking to find the weaknesses that put your organization at risk.
Let us know what systems or data you are trying to keep secure and we’ll identify if it’s possible to take those systems down or capture that data. We thrive on these challenges and we’re very good at what we do. Most importantly, and what sets us apart from most, is we understand the sensitivities of this process and are empathetic in all we do. We are here to help, not hurt. We can be dropped into any environment and create synergy among your internal blue team and IT staff.
The coolest thing for me is watching how well our security engineers get along with our customer’s security and IT teams. Our humble approach avoids a lot of the IT versus Security head-butting that can happen. Our customers realize quickly that we are there to help. It’s the Buddo way.
Penetration Testing (PenTesting)
PenTesting is critical to any organization in fortifying and maintaining their network, data, and physical security. Unfortunately, it is often overlooked and/or underutilized. Many times, it is only conducted to satisfy a compliance checkmark or exercised by internal teams versus a third party, like BuddoBot. Even the most robust environments and top-notch security teams benefit from BuddoBot’s white hat team of ethical hackers to test and identify potential vulnerabilities within enterprise systems, networks, and applications allowing internal teams to fortify and secure themselves against malicious actors.
BuddoBot has a proven methodical approach to PenTesting that is customized and tailored to each customer. We have a robust process and detailed Rules of Engagement (RoE) that keeps stakeholders and internal engineers apprised throughout the test. We deliver a comprehensive report that is easy to understand with key data and details that engineers need to conduct necessary remediation.
We conduct the following types of tests as part of our continuous threat modeling suite:
- Internal/External Penetration Testing (red team)
- Cloud PenTesting
- Mobile App PenTesting
- WebApplication PenTesting
Our team loves what they do. We are passionate and motivated to help your organization become stronger and reduce exposure.
We are with you every step of the way. We have a very process-driven methodology in everything we do and we strive to always provide exceptional service.
Social Engineering (SE)
Social engineering is one of the most common attack methods used by criminals to trick employees into revealing credentials, exposing data, and downloading various malware. Using realistic and hard to detect pretexts lead the targets to a security compromise.
BuddoBot performs phishing and spear-phishing campaigns to allow organizations to gather statistics of click-throughs or potential downloads that could have rendered them compromised. This helps facilitate a practical application to their security awareness programs and training. The best way for a company’s employees to identify phishing and thwart it is to have controlled practice.
BuddoBot gathers publicly available data about our targets (be it the full organization, a business unit, or specific teams) that could be used to create focused pre-texts (e.g., a message from the CEO, HR, IT team, or helpdesk) to see if we could compromise the organization, person, or facility.
Our team can also research social media, search engines, and the dark web to help gather pointed data to help increase the viability in our simulated attack.
The types of social engineering campaigns BuddoBot provides are:
- Phishing Campaigns
- Spear Phishing Campaigns
- PreTexting Emulation
- ScareWare Emulation
Call Center Campaigns
Although offensive cybersecurity is at our core, we do much, much more. We have an amazing team of network engineers, cloud architects, compliance auditors, watch analysts, and system administrators that support critical missions around the globe. All of our services are complementary to one another and serve a role in fortifying our customers networks, systems, or applications.
We place a focus on and overlay security into all that we do. With technological advancements, security can no longer be an afterthought. Every single piece of technology and software has inherent vulnerabilities and deserves the ‘security first’ approach. Afterall, what good is a system or application if it is compromised?
See our general cybersecurity services we offer below:
We are problem solvers at heart. We love taking on complex challenges and figuring out the best approach to exceptional solutions.
Cyber Advisory Services
What we do...
- Comparative Rating and Analysis
- Cybersecurity Action Planning
- Cybersecurity Awareness Briefing and Training
What we do...
- Cloud Vulnerability Assessment
- Enterprise Vulnerability Assessment
- WebApplication Vulnerability Assessment
- Mobile Application Vulnerability Assessment
What we do...
- NIST Cybersecurity Assessment
- GLBA Cybersecurity Assessment
- FISMA Cybersecurity Assessment
- HIPAA Cybersecurity Assessment
- PCI Cybersecurity Assessment
- SOC 2 Cybersecurity Assessment
What we do...
- Systems Engineering and Automation
- System Administration
- STIG Compliance
- Cloud Migration and Sustainment
- Network Architecture
- Configuration Management
Industries We Serve
Industries We Serve
We support many different agencies with varying levels of security and highly sensitive data. We care about the privacy and security of that data. We apply industry security controls for any environment we are providing services within, whether your data is classified or not.
BuddoBot got its start serving the Department of Defense, providing solutions to military agencies across the globe. Over the years, our team and capability have evolved and strengthened into a unique and highly skilled workforce. We have branched out our suite of cybersecurity services into multiple industries including: Fortune500, medical/hospitals, education/universities, and financial institutions. Our team researches industry and organization specific pain points and understands the systems, data, and/or intellectual property they need to keep secure. This enables us to reach far beyond the boilerplate cybersecurity company and general offering into specific targeted threat-based offensive cyber. BuddoBot will get your organization into a proactive state.
See what BuddoBot has been up to...
We’ve provided innovative and reliable cybersecurity and IT solutions for over a decade. We support highly sophisticated agencies with projects in both cleared and uncleared environments across all industries served. For the integrity of our offensive cybersecurity customer’s and their privacy we do not release company/organization names. We do list our government and commercial customers of which the awards are publicly released.
We have taken on some incredible projects over the years. It’s amazing to watch our engineers and capability strengthen and evolve. We thank our customers for giving BuddoBot an opportunity to serve your organization.
Expand to read:
March 2022 – BuddoBot was named among the top 35 cloud cybersecurity companies by Risk.Coffee.
February 2022 – BuddoBot is awarded contract to support Software Company with their FedRamp Ready assessment.
January 2022 – BuddoBot, via joint venture Agile-Bot II, has been awarded multi-year contract to support Army North (ARNORTH) in Cybersecurity, IT, and Help Desk services in San Antonio, TX.
October 2021 – BuddoBot is awarded contract to provide internal Penetration Testing services to a private College. This was a multi-threat vector internal test to simulate an attack from within the college’s network, as a faculty member, and as a student.
July 2021 – BuddoBot is called upon by MedStar Health to expand its Technical and Programatic Management team along with Telecommunications Engineering services and personnel.
June 2021 – BuddoBot is awarded contract to provide Social Engineering and Phishing Simulation to a private College.
January 2021 – BuddoBot, via joint venture Agile-Bot II, has been awarded a 5 year contract to provide Advanced Cyber Support Services II (ACSSII) supporting the Marine Corps Cyber Operations Group (MCCOG).
May 2020 – BuddoBot is awarded 4.5 year contract to provide Support Services for the Office of Commercial Vessel Activities (CG-CVC) Port State Control (PSC) Program, the Quality Shipping in the Twenty First Century (QUALSHIP 21)/E-Zero, and Large Fleet programs to the Unites States Coast Guard.
February 2020 – BuddoBot is awarded second contract to perform a cybersecurity and governance/control audit for a private College.
Jan 2020 – BuddoBot is called upon by a Fortune 500 Organization to perform forensics analysis and incident response services to support the containment and analysis of a malicious threat actor.
Jan 2020 – BuddoBot is awarded four year contract to manage critical systems and communications security Outside the Continental United States (OCONUS) to U.S. Army Central (ARCENT) G39 Air and Missile Defense (AMD).
Expand to read:
Sept 2019 – BuddoBot Inc. is awarded multi-year contract to provide Cybersecurity and Penetration Testing services to a private College.
June 2019 – BuddoBot Inc. is awarded contract to provide External Penetration Testing services and Internal Cyber Health Check to a Fortune 500 organization.
May 2019 – BuddoBot Inc. is awarded task order to provide Security Validation services for Department of Treasury’s, Financial Crimes Enforcement Network (FinCEN).
February 2019 – BuddoBot Inc. is awarded contract to provide External Penetration Testing services to a commercial mortgage financial instituition.
October 2018 – BuddoBot is awarded prime contract via Mentor Protege Joint Venture, Agile-Bot LLC, with mentor Agile Defense. In support of the U.S. Air Force – Air Mobility Command’s (AMC) Applications, Infrastructure and Support Services, Increment 3 (AISS III), at Scott Air Force Base, Illinois. This mission will continue the support and evolution of Mobility Air Forces (MAF) Command and Control (C2), In-transit Visibility/Business Systems framework. This is a multi-year contract with an initial value of $103.2 million.
Aug 2018 – BuddoBot, as part of the Savantage Solutions Small Business Team, is awarded Information Technology Enterprise Solutions-3 Services (ITES-3S). ITES-3S is a potential nine year, $12.1 billion contract which encompasses areas of enterprise IT including cybersecurity, integration, consolidation, telecommunications, supply chain management, operation and maintenance, business process engineering, and education and training services to the U.S. Army.
Aug 2018 – BuddoBot Inc. is awarded contract to provide External Penetration Testing services to a Fortune 500 organization.
July 2018 – BuddoBot Inc. is awarded task order to provide Security Validation services for Department of Treasury’s, Financial Crimes Enforcement Network (FinCEN).
June 2018 – BuddoBot Inc. is awarded contract to provide Program Management Support to Telecommunications and Voice over IP (VOIP) projects to Medstar Health.
March 2018 – BuddoBot Inc. is awarded contract to provide External and Internal Penetration Testing services to commercial financial services firm.
February 2018 – BuddoBot is awarded FCC Enterprise Testing Support Services contract to provide Penetration Testing services, as subcontractor, in support of the Oasys International Corporation IV&V team.
Expand to read:
December 2017 – BuddoBot is awarded contract to provide External Penetration Testing services to Software Development and Data Aggregation Firm.
October 2017 – BuddoBot provides Penetration Testing and Cyber services to DC/MD/VA Hospital System.
June 2017 – BuddoBot Inc. is awarded U.S. General Services Administration (GSA) 8(a) Streamlined Technology Acquisition Resources for Services II (STARS II) Governmentwide Acquisition Contract (GWAC).
May 2017 – BuddoBot Inc. is awarded five year contract to provide Cybersecurity Assessment and Authorization Services to the Department of Treasury’s Financial Crimes Enforcement Network (FinCEN).
March 2017 – BuddoBot Inc. and Agile Defense Inc. form SBA 8(a) Mentor Protege relationship and are provided official approval by the U.S. Small Business Administration.
February 2017 – BuddoBot provides Penetration Testing services in support of Oasys International Corporation for the Federal Communication Commission (FCC) customer.
December 2016 – BuddoBot is awarded Defense Logistics Agency (DLA) J6 Enterprise Technology Services (JETS) IDIQ contract as a CTA member of the Savantage Solutions team.
November 2016 – BuddoBot is called upon to provide Forensics Analysis to critical systems within a Fortune 500 organization.
June 2016 – BuddoBot is called upon to test and evaluate the security posture of an enterprise email and antivirus system for large hospital system.
March 2016 – BuddoBot is awarded contract to provide ongoing Penetration Testing and Information Assurance/ Governance services to Fortune 500 organization.
March 2016 – BuddoBot as team member to Savantage Solutions was awarded the Program Management Support Services Three (PMSS3) IDIQ contract vehicle from the U.S. Army.
January 2016 – Agile-Bot (Joint Venture between BuddoBot and Agile-Defense) is awarded four year contract to provide OCONUS cybersecurity and system administration services to U.S. Army Central (ARCENT) G39 Air and Missile Defense (AMD).
Expand to read:
November 2015 – BuddoBot is awarded contract to provide Secure Voice Over IP (VOIP) deployment and management services to MedStar Health.
October 2015 – BuddoBot provides Penetration Testing services in support of Oasys International Corporation for the Federal Communication Commission (FCC) customer.
August 2015 – BuddoBot receives approval from the SBA for the 8(a) Joint Venture (JV), Agile-Bot LLC. Partnered with Agile Defense, Inc. Agile-Bot will provide Cybersecurity and Information Technology services to the Federal government and Department of Defense agencies. This strategic alliance captures the essence of small business while providing the resource power and expertise of a larger entity.
July 2015 – BuddoBot named “Best Subcontractor” in Washington Technology’s Insider Report 2015. We greatly appreciate our partner/s that made this submission.
May 2015 – BuddoBot receives multiple awards for Penetration Testing services in the commercial and medical space.
September 2014 – BuddoBot receives an 8(a) direct prime contract award from The U.S. Department of Justice (DOJ), Federal Bureau of Prisons (BOP). BuddoBot will be performing an Inside Plant (ISP) / Outside Plant (OSP) infrastructure survey and post survey planning and installation for one of BOP’s critical Penitentiaries.
August 2014 – BuddoBot receives second award for Cyber Security Services for large Hospital System.
June 2014 – BuddoBot receives award for PCI and Security Assessment services for a large Fortune 500 organization.
May 2014 – BuddoBot receives award for Cyber Security services to the leading hospital and healthcare system in Central PA.
May 2014 – BuddoBot becomes official Protege to Sotera Defense Solutions for the DHS Mentor Protege Program.
February 2014 – BuddoBot receives award for Cyber Security Assessment and Penetration Testing Services to Virginia based University.
Expand to read:
November 2013 – BuddoBot receives award for Cybersecurity services to provide IAVM and STIG compliance support for the US Army Information Technology Agency (ITA).
November 2013 – BuddoBot receives an admission award as an 8(a) Prime Contractor on the Navy Seaport-e contract vehicle.
October 2013 – BuddoBot receives an award for Cybersecurity Management services for Headquarters Air Force Security Forces Center (AFSFC) Security Equipment Integration Working Group (SEIWG) Interoperability Verification Tool (SIV-T). BuddoBot will be performing Security Management, Security Engineering, C&A, and Validation services for this effort.
July 2013 – BuddoBot receives subcontract award, from Computer Aid Inc. (CAI) for Penetration Testing and Vulnerability Assessment services to multiple commercial industry vendors.
March 2013 – BuddoBot receives an admission award as subcontractor on NIH’s Information Technology Acquisition and Assessment Center (NITAAC) CIO-SP3 IDIQ contract vehicle with Sotera Defense Solutions.
September 2012 – BuddoBot is awarded prime contract to conduct Secure Infrastructure Surveys and Assessments for the Department of Justice (DOJ) Federal Bureau of Prisons (BOP). Tasked with assessing and documenting the existing infrastructure conditions to provide improved security, stability, performance and reliability of the network infrastructure through Inside Plant (ISP) and Outside Plant (OSP) infrastructure upgrades and improvements.
July 2012 – BuddoBot receives an admission award as subcontractor on the Navy Seaport-e contract vehicle.
May 2012 – BuddoBot receives its Minority Business Enterprise (MBE) certification by the State of New Jersey.
January 2012 – BuddoBot receives its 8(a) certification by the U.S. Small Business Administration (SBA).
Expand to read:
December 2011 – BuddoBot is awarded contract to provide Computer Forensics Analysis and Information Security services to Fortune 500 manufacturer.
September 2011 – BuddoBot is awarded prime contract for Network Penetration Testing and Vulnerability Assessment services for Virginia based University.
May 2011 – BuddoBot becomes an approved vendor for Cybersecurity and Information Technology services for the Commonwealth of Virginia on the Supplier Managed Staff Augmentation (SMSA) and SOW vehicle.
December 2010 – BuddoBot receives subcontract award, from Smartronix Inc., to deploy a team of Security Engineers, Systems Engineers and Information Assurance Analysts in support of the Office of Naval Research (ONR) Authority To Operate (ATO) Certification and Accreditation process.
May 2010 – BuddoBot receives three year subcontract award, from BAH, to provide Cybersecurity and Information Technology services, covering two task areas, in support of the U.S. Army Product Manager Acquisition Business (PM AcqBus).
January 2010 – BuddoBot receives subcontract award, from BAH, to provide Cybersecurity services in support of the Army Materiel Command (AMC) Information Assurance Division.
February 2009 – BuddoBot is awarded prime contract to design and develop new corporate logo, marketing material, and website for large commercial builder, CVT Construction.
Contract With Us
Contract With Us
We're ready to support your organization
Doing business with BuddoBot is easy – we have a number of avenues and contract vehicles available to support your organization and mission.
MSA and Purchase Orders
We work within the contract and purchase order processes of your organization. We also have our own Master Services Agreement and Purchase Order system that can be utilized and customized to cover single or multiyear projects and contracts. With these systems in place BuddoBot can be rapidly deployed into your organization.
GSA 8(a) STARS III
U.S. General Services Administration (GSA) 8(a) Streamlined Technology Acquisition Resources for Services III (STARS III) Governmentwide Acquisition Contract (GWAC). The STARS III GWAC is a multiple-award, indefinite-delivery indefinite-quantity (IDIQ) contract designed to promote small business utilization when purchasing information technology (IT) services or IT services-based solutions for the federal government. It is reserved exclusively for qualifying certified 8(a) small business concerns as the prime contractors. With a $10 billion program ceiling and a five-year base ordering period, 8(a) STARS III allows for long-term planning of large-scale program requirements while strengthening opportunities for 8(a) small businesses. BuddoBot, via Joint Venture Agile-Bot II, is an 8(a) Prime Contractor on this vehicle.
Agile-Bot II LLC, is a veteran and minority owned 8(a) small business, has been awarded the U.S. General Services Administration (GSA) 8(a) Streamlined Technology Acquisition Resources for Services III (STARS III) Governmentwide Acquisition Contract (GWAC). The STARS III GWAC is a multiple-award, indefinite-delivery indefinite-quantity (IDIQ) contract designed to promote small business utilization when purchasing information technology (IT) services or IT services-based solutions for the federal government. It is reserved exclusively for qualifying certified 8(a) small business concerns as the prime contractors.
Contract Name: GSA 8(a) STARSIII
Contract Number: 47QTCB22D0360
Point of Contact: Samantha Daniele
Contract Expiration Date: August 30, 2021
Program Ceiling: $50 billion
Directed Award Ceiling: $4.5 million per contract
Contract Type: Multiple Award IDIQ / GWAC
The 8(a) STARS III GWAC is a dynamic Indefinite Delivery/Indefinite Quantity (IDIQ) contract vehicle, engineered to provide cutting-edge technology solutions from award-winning 8(a) Small Businesses to federal agencies. For the Government, 8(a) STARS III offers streamlined procurement for participants since prices have been pre-competed. Also because each technology provider has been proven, agencies are assured quality work with a much shorter procurement lead-time and lower user access fees while receiving socioeconomic credit.
• Directed task orders up to $4.5M
• Enables federal clients to earn 8(a) and Small Business credit
• Pre-competed, easy-to-use contracts
• Saves time and money by reducing procurement lead time
• Free Training and support from STARS III GWAC acquisition team
• Avoids bundling concerns
• Limited protestability in accordance with NDAA 2008
• Low user fee (0.0075) capped for large orders
• Allows for long term planning of large scale program requirements
• Offers flexibility of contract types to mitigate risk
• Facilitates integrated IT solutions
• Promotes contract compliance and reduces risk of adverse audits
• FAR 16.505 Fair Opportunity process supports best value awards
• Minimizes protest risk and supports timely order award for optimal mission support
• Ordering procedures based on Fair Opportunity (FAR 16.505)
Task Order awards under this STARS III contract vehicle for BuddoBot are pending.
|TASK ORDER||TASK ORDER NUMBER|
DLA JETS is a $6B total ceiling value eight-year contract that provides full IT services across the DLA IT Enterprise. The DLA IT Enterprise serves as the Information Operations business services broker, assessing, developing, and delivering a full range of IT solutions necessary to support the transformation and sustainment of the Information Operations mission and its associated commitment to the warfighter. JETS also allows for de-centralized ordering by other Defense agencies. Through JETS, companies provide support for information technology solutions, technical support, maintenance and sustainment; operations support; application development, maintenance and technical support; program management support; and lifecycle management. BuddoBot is a CTA Member on this vehicle.
The ITES-3S contract allows the US Army to quickly procure high-quality, cost-effective IT solutions and services for the Army’s enterprise business systems that support the warfighter. ITES-3S is a consolidated contract vehicle for solutions and services. It serves as a follow-on to the original ITES-Enterprise Mission Support Services Solutions contract with services including business process re-engineering, information systems security, information assurance, IT services, network support, systems operations and maintenance, program management, enterprise design, integration and consolidation, and education and training. BuddoBot is a subcontractor on this vehicle.
We look forward to working with you and finding the best contract mechanism for your organization to get BuddoBot working asap.