By Aliahu (Alli) Bey
Totem Technologies’ story begins in 2015 with the establishment of our parent company, Haight Bey & Associates (HB&A). Following an extraordinary win of a multimillion-dollar U.S. Air Force (USAF) tactical weapons support contract — all from proposals that I wrote in my basement — HB&A has grown to become a Prime Department of Defense (DoD) Contractor that specializes in industrial, commercial, and government systems sustainment.
After previously being let go in June of 2014 from a large DoD prime contractor citing “conflicts of interest,” I spent the next year sulking over being fired, writing proposals, hoping, and waiting for that first big break. When I was not researching how to be a business owner or writing, I was working random jobs to get my family by. During the fall season of 2014, I spent my days at Snowbasin Ski Resort in the rental shop as a Ski and Snowboard Technician. My job was to fit our guests with their required recreational gear and to ensure that each guest would have the best day ever. I made $9.75 an hour as well as the occasional tip, but I greatly enjoyed the direct customer interaction. I loved helping people from all over the world on a daily basis, and I am still friends to this day with quite a few patrons that passed through the rental shop.
Once the season ended, I started working the graveyard shift at Tyson Foods supervising the Don Julio brand tortilla manufacturing line. This also was an eye-opening experience, as I labored with some of the hardest-working people I have ever met, some of which were working three jobs just to pay the rent and put food on the table for their kids. I learned many things during my time at Tyson, although the one thing that sticks with me the most is the fact that most people are willing to work their fingers to the bone to ensure their kids have a better life than they have had. It was a very humbling experience for me — one I still think about quite often. Tyson paid a decent wage of around $17 per hour, but as a family of five, we were still struggling to pay the mortgage and put food on the table. In addition to this, we were behind on student loans and had less than $500 in the bank. So, to ensure that we could make it through these financially tight times, my wife and I cashed out our 401(k)s and sold our rental home in Colorado. We understood the risk associated with these decisions, but we knew that it gave us the best chance to keep moving forward.
Then, the big break that I had hoped for finally arrived. As Haight Bey & Associates was beginning to take shape, the U.S. Air Force accepted our proposal and awarded us with a multimillion-dollar tactical weapons support contract. We were ecstatic, and we were ready to hit the ground running. However, as I am certain all my fellow small business owners have already learned, adversity does not always disappear so easily. Only 10 days after being informed of the decision, we were hit with a Small Business Administration (SBA) protest, which delayed the kickoff of our USAF contract by 45 days. This was a quick lesson for us that operating as a small business is incredibly challenging, and this experience (along with many others) has helped us resonate with many of the challenges your small business is facing today.
Small Business Cybersecurity Challenges
A significant portion of the contract was to implement cybersecurity solutions on ruggedized deployable laptops used by the U.S. Air Force. Fortunately, I had already developed a subcontracting plan with my former business colleague Adam Austin and his company H-Bar Cyber Solutions. Adam was even kind enough to write the entire Information Assurance response for our winning proposal. As a cybersecurity expert, Adam’s education, experience, and leadership capabilities were a requirement for the new contract, and a must-have resource for Haight Bey. As our relationship and bellies grew through copious evening conversations involving beers, burgers, wings, and seafood (usually not at the same time!), a brand-new business endeavor neither of us had expected started to emerge. Immediately, we began to envision a cybersecurity offering that would benefit other small businesses — in turn positively impacting both of our companies.
Fast-forward to 2016. Rumors started bouncing around the Defense Industrial Base (DIB) concerning a new Defense Federal Acquisition Regulation Supplement (DFARS 252.204-7012) clause directing all contractors to protect Controlled Unclassified Information (CUI) they may handle on a contract. This clause states that small businesses (like ours and yours) must comply with more than 300 cybersecurity requirements that the large prime contractors adhere to: the standards published in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. When Adam brought this requirement to my attention, my first reaction was to reach out to our Managed Service Provider (MSP) and other cybersecurity providers to find out what it would cost to bring our small company into compliance. Upon doing so, we quickly realized two things:
• Cybersecurity compliance in the world of DoD contracting (DFARS) was not understood by most companies offering security compliance services.
• Those companies who said they could do it were priced for the large enterprise companies and had no small business solutions.
We received quotes ranging from the low end of $50,000 annually all the way up to over $250,000 just for the organizations to try and get our small seven-person shop compliant. These prices came with no guarantees, especially since most of these organizations really had no idea how to interpret the requirements. As a small DoD contractor, I felt like the lack of small business resources and the prices being charged to support us were part of an unconscious effort to push small business out of the DoD contracting space. So, we were left with only one viable solution: to “roll our own.”
Armed with an entrepreneurial spirit, unshakable drive and old-fashioned determination, Adam and his team spent nearly a year combing through hundreds and hundreds of requirements. This allowed them to educate our company on these NIST requirements, in turn helping us build our own “internal know-how.” All this work just to avoid as much of the exorbitant costs of compliance being charged by other companies.
The result was an early version of what we now call the Totem™ Cybersecurity Compliance Management Tool.
Totem to the Rescue!
Totem™ is an innovative Software-as-a-Service solution that meshed perfectly with our cybersecurity and compliance requirements. Adam and I quickly realized that this was not only a cost-effective and revolutionary discovery for our company, but that it should be used to help our small business peers reach and maintain compliance. I believed then as I do now: this was more than just a business endeavor, it was our responsibility and duty to help ensure U.S. small businesses, the backbone of our economy, always remain an integral part of the Defense Industrial Base.
In September of 2017, we began marketing Totem™ and consulting as a service under Haight Bey. We hit the road with high expectations, traveling from San Diego to London and making stops at every tradeshow we thought was worth our time. This was a fun and exciting time which resulted mostly in a very expensive lesson learned. We misspent tens of thousands of dollars attempting to promote our new service offering without having the knowledge or skillsets to do so properly. Marketing and Business to Business (B2B) sales was a foreign language to Haight Bey, and while we had all the desire and drive to make this work, marketing a niche product in a niche environment is not a task to be taken lightly. To put it bluntly it’s hard as hell to do and even harder to get right! Sometimes those hard and expensive learning curves are the best ones.
In October 2018, I asked my Veteran business coach/mentor to escort our Haight Bey to the Veterans In Business (VIB) Network annual conference in Southern California just to observe and give our team some advice on what we were doing right and what we could improve upon. Looking back, I believe that was an essential step in our success as a company. Some of the feedback we received that stood out the most to me includes:
• Our services and solutions are great and needed
• Our marketing strategies were nonexistent
• Our services were not well defined
• Our branding was confusing
Armed with this knowledge, our team decided to:
• Hire a marketing professional
• Define and narrow our scope of services
• Develop a marketing strategy
• Launch a “Doing business as” (DBA) name to help clear up our branding
• Hire a sales team
In January of 2019, Totem Technologies launched with our consulting and software services as our primary sources of revenue. Our team would travel to a customer’s location and spend a week performing an on-site gap assessment. This would typically include developing a System Security Plan (SSP), Plan of Action & Milestones (POA&M), and Incident response plan (IRP) for the client according to their specific needs and requirements. This model was successful almost immediately. However, just like most start-ups, the growth of this endeavor proved to be slow. Honestly, I had a hard time getting used to the fact that slow is not bad. The growth was steady and consistent, which to us also meant predictable. The way our team consulted with our clients allowed for long-term educational interactions, which we thoroughly enjoyed, and our clients praised. We had in-person seminars and one-on-one engagements booked every month of 2020 at 20 locations around the United States. To us, business was booming, and we were enjoying the ride.
Then, March 2020 happened.
A Pandemic-Sized Monkeywrench
The COVID-19 pandemic caused the world as we knew it to come to a screeching halt. I remember quite well the exact moment our momentum stopped as a result. At the time, we were sponsoring, presenting, and attending the annual APTAC conference in Chicago. Halfway through the event, handshakes turned into fist bumps, everyone started bringing out hand sanitizer and sanitary wipes, and no longer was anyone interested in face-to-face conversations. In just a matter of weeks, all our hard work establishing our consulting business was erased by the pandemic. Our phones stopped ringing, we had to cancel all in-person events, and our source of revenue nearly disappeared completely.
For the next few months, I was very concerned with the survival of Totem. Thankfully, it did not take long for our team to come together and develop a plan to “go virtual.” We found a way to perform most of our consulting and training through an online learning platform, and this minor pivot made our services even less expensive for our customers, more accessible and manageable for all sizes of business, and more scalable for our team. I can confidently say today that we are emerging from the pandemic stronger and more dynamic than we ever thought possible.
Our compliance software was created out of necessity. We know that proper cybersecurity and compliance are much more than eye-catching graphics, packaging, or firewalls. These daunting requirements are complicated to understand as well as time consuming and expensive to implement. Not to mention it’s just one more headache for all of us business owners! The unfortunate reality is that they are not going away, so it’s up to us as a small business to develop a simple, concentrated, proactive, and continued solution to get and stay compliant. This is ultimately why we started Totem Technologies.
We are not a “pop-up” cybersecurity company trying to capitalize on the Fear, Uncertainty, and Doubt (FUD) around cybersecurity. We are here to develop a long-term relationship with our clients and to guide and support them throughout their entire journey. Our services and software fit perfectly with most small to medium sized business structures, and they are customizable, so they will grow with you. We have clients with less than five employees and clients with over 1000. We are proud to have built a company with an inclusive internal culture where we treat each of our employees and every customer asa valued member of the Totem Team.
We hope to soon welcome you and all our small business peers to Team Totem.