Starting a business that sells products and services into the federal government and government agencies is no easy task thanks in large part to ever-shifting federal priorities, long acquisition cycles, and seemingly endless amounts of regulatory and compliance guidelines to follow. These challenges are just a few that face business owners looking to work with and service the federal government – forcing companies to be agile, flexible and technically savvy in order to not only survive, but thrive in the federal contracting space.
One local business in the National Capital Region that has embraced and overcome these challenges is VariQ Corporation, an information technology and IT security services company that serves federal, state, and local government departments and agencies in the Washington, DC metro area. The company has grown tremendously since it was founded in 2003. This growth – which includes a 692% growth rate over the last 5 years and over 100% over the last 3 years – led to the company being named the “Growth Company of the Year” ($25M- $75M) at this year’s ACG National Capital Corporate Growth Awards.
We recently had a chance to sit down with Ben Edson, CEO and Founder of VariQ, to gain some insights into the company’s impressive growth and success, and how the company has gotten where it is today. Here is what Ben had to say:
Corporate Growth Capital Style (CGCS): For those of our readers that may not be familiar with the company, can you tell us a little bit about VariQ? What does the company do, and how did it get started?
Mr. Edson: VariQ is an IT services company that designs and delivers cybersecurity, software development services, and IT infrastructure services to federal customers.
I started VariQ as a small business offering cybersecurity and other IT services to the federal government after serving as a security consultant for the U.S. Congress. As with any startup, it took some time to get things off the ground, but by 2008, we had built the team and started winning contracts. In 2012, the team doubled after we won a contract with the IRS.
The company has evolved over the years, and today, about a third of our employees are dedicated to cybersecurity, a third to DevOps and the rest are split between systems engineering, project management, and business analysts. Right now we are doing a lot of work on integrated solutions like managing the DHS E-Verify system – an Internet-based system that allows businesses to determine the eligibility of their employees to work in the United States, in addition to the Automated Biometric Identification System (IDENT), which is a Department of Homeland Security system which collects and processes biometric and limited biographic information on over 220 million users. We are becoming more diversified as we grow.
CGCS: The company focuses on selling secure IT solutions into the federal, state and local government marketplace. Why is “secure” the key word there? What is the threat landscape facing these organizations, and why are they so susceptible to security breaches?
Mr. Edson: Considering the number of breaches that occur today, “cybersecurity” has become a buzzword for the mainstream media. The truth is that cybersecurity has always been important because of the organizational disruption that an attack causes. When a cyber attack occurs within the federal government, the mission is halted, which can cause serious downstream effects. And when a breach becomes public in some way, causing reputational disruption or loss of sensitive information, it may be devastating and can take years to recover from.
Technology within enterprises is extremely complex at every level – whether you’re looking at user access or network security. Federal customers are especially susceptible to security breaches because of the personally identifiable information (PII) they use and maintain.
At VariQ, security is cultural and embedded into everything we do. It’s important for organizations to focus on cybersecurity and ensure all employees are following the right procedures and protocols. One of the greatest challenges as a business owner is implementing the right security controls while enabling effective collaboration between employees.
CGCS: How has the security landscape shifted and evolved since the company was founded? How have threats evolved? How have malicious actors evolved?
Mr. Edson: Over the past twenty years, I have seen much more of a focus on cybersecurity within federal government contracting. There’s an emphasis on security controls, and more of a focus to ensure controls are properly implemented. Over the years, though, organizations have become more complex, making this function more challenging than before.
As an example, organizations have pushed tools to their users which they have created themselves, and these tools are increasingly web-based. More users today are remote so the adversary has more surface area to attack, and as such, organizational exposure to attackers has increased. While companies and agencies have gotten better about putting controls in place, they must be more diligent than ever because – as we’ve learned – once a hacker is inside the system, they can move around and cause additional damage.
Nation states pose an increasingly large threat to government systems. If a nation state is looking to attack our government, it’s difficult to have the security tools to defend against that persistent threat from a well-funded and sophisticated attacker. It’s a great environment to be in if you’re an attacker with a specific mission. If you’re a generalist just trying to go find something, there are other smaller organizations that aren’t nearly as sophisticated in their defense as the US Government.
CGCS: VariQ was recently named a Growth Company of the Year by the National Capital Chapter of ACG. What do you attribute this growth to? What trends in the security industry and the public sector marketplace – in particular – are driving the company’s growth and success?
Mr. Edson: A big part of our success in recent years has been due to key IDIQ (indefinite delivery/indefinite quantity) contracts we’ve won. As an organization, we’re very nimble and quick at adopting new technologies and adapting to change so we can help our customers reach that change in a short amount of time. Part of our culture is to be extremely flexible and responsive so we have developed a great reputation for being agile and tech savvy.
We look at opportunities with optimism and even if we don’t know all of the ins and outs of a prospective customer, we can and do still respond to them. We are also extremely partner friendly and transparent with our customers. There are no hidden agendas with us and companies do business with us because we’re practical. We deliver what we say we’re going to deliver. We’re also not in this business to build and then sell the company. VariQ is in it for the long term.
CGCS: Selling into the public sector can be difficult, and the government IT services marketplace is very crowded. What best practices from VariQ’s rapid growth can you share with other companies that may be looking to sell to the government and establish a footprint in the government marketplace?
Mr. Edson: The government acquisition cycle is very long so you have to be very patient but also understand your customer. There are so many regulatory and compliance guidelines that must be followed when it comes to government contracting. So you have to be on top of everything from that standpoint and track requirements. You have to focus on delivery of service as well as compliance.
In addition, some agencies and awards may only take a few months before they are complete whereas others could take a few years. Government contracting is a funnel, so you must have enough volume moving into the funnel to sustain the business while you’re waiting for some of these contracts to move through the funnel.
Being able to staff up quickly is sometimes necessary when it takes longer than anticipated for an award to close and resources are no longer available to work on the project. You need to be able to staff and recruit to fit the need of contracts that took a long time to close.
Finally, for new companies, the amount of documentation required can be a challenge in government contracting. Everything must be documented and many people don’t understand how to put a 200 page document together when they’re a consultant or integrator.
The upside is that winning government work can also be very rewarding as the contracts can be multi-year, creating stability which can help with growth. As companies such as VariQ outgrow the small business status, competition becomes tougher among are thousands of contracting companies. You have to keep evolving or someone will out maneuver you or undercut you.