BY ROY HARRYMAN
This article originally appeared in The Kansas City Star.
A Kansas City company is at the forefront of federal efforts to make government computing secure.
WillCo Technologies helps the U.S. Army and the Department of Defense assess what security training is needed by millions of employees and tracks their progress.
WillCo’s chief product, a Web-based program called IASTAR, was developed in response to legislation passed in the wake of the Sept.11 terrorist attacks. The Federal Information Security Management Act requires tighter computer security – and therefore security training – for people who work for or with the federal government.
Before starting WillCo in 2005, CEO Kevin Williams had worked in a military training division of Anteon International Corp. As a result, he had already become familiar with the federal mandate and was asked to join a Department of Defense panel tasked with implementing the law.
In 2006, he was given 15 minutes to speak to a Pentagon group about his solution. Two months later, he had a contract with the U.S. Army for a pilot project for 1,000 licenses. That led to an expanded contract for 20,000 users the following year.
The Pentagon had designated multiple levels of security, ranging from secretaries who use e-mail to network administrators. Williams helped the Army expand the program to cover all its computer users. That push led to a contract for one million licenses in 2008. The resulting infusion of funds helped WillCo move into its Downtown Kansas City office and begin expanding its staff.
In the summer of 2008, WillCo started getting attention from Congress when Sen. Kit Bond inquired about the company. As a result, $1.6 million was approved to broaden the use of IASTAR beyond the Army to the Department of Defense for a total of three million users.
Williams is the owner of the 10-employee company, which had revenues of $1.9 million last year.
IASTAR provides a five-minute online assessment to determine what kind of security training employees need, then tracks them through the process. A digital dashboard allows supervisors to view the training data at global or local levels, depending on their security privileges. In addition, the Web-based system allows personnel around the world to share the data instead of having it sit in isolated computers.
Williams said developing the system was a challenge, given the Army’s vast array of constantly moving parts.
“I’ve been told that the U.S. Army is the most complicated organization in the world,” he said.
Williams said the federal government has the expertise to manage its own training, but WillCo is singularly focused on that task.
“I believe any business can be successful if it focuses on the needs of the customer and tries to be a solution for that need,” he said.
The CEO is pursuing other federal agencies that are implementing the law. He’s also in discussions about customizing his program to track other types of military training.
Williams said his company’s track record with the complicated systems of the Army and Pentagon put it in a good position to help other agencies.
“We took the largest and the toughest and we got a solution for them,” he said.
Doris Wright, an analyst in the Army’s Information Assurance Directorate, said WillCo’s online assessment is unique. The program automates and streamlines training by creating a plan for each employee.
Pressing a few buttons generates volumes of training information, she said. Previously, four or five systems were required to generate the same data.
“Before we did not have a tool to track (training),” said Wright, who works for Lockheed Martin in Crystal City, Va. “The tool has helped tremendously.”
WillCo is also involved with projects for Kansas City, Mo., the state of Missouri and the Jackson County Election Board.
WillCo redesigned the board’s Web site, installed a new server and implemented a user-friendly voter reference system. Voters can use a simple button on the home page to determine which political subdivisions they reside in.
“We’re extremely happy,” said Tammy Brown, a director of the board. “Whatever we asked them to do, they got it done. It just worked.”
In addition to serving government clients, Williams wants to spread the system to the private sector, which could use a modified version of IASTAR. The system can manage employee training for courses in sexual harassment, Sarbanes-Oxley compliance and other business needs.
“There are any number of things within any organization that should be tracked, and that tracking and reporting should be easy,” he said. “We can track anything.”