Due to the size and influence of the United States, it is certainly not a surprise that the U.S. government is one of the world’s largest consumers of manufactured technologies. According to GovConWire, the U.S. federal government spends an average of $500 billion yearly on contracts. In comparison, the Swedish economy runs at around $300 billion per annum.
In the 2021 Fiscal Year, the federal government spent approximately $637 billion on contracts. One of the biggest government contract providers is the United States Military which includes: the Department of Defense (DoD), the Department of Homeland Security (DHS) and the Department of Veterans Affairs (VA). Certification requirements for working with the DoD include organizations needing to certify companies to work for them. Reef Systems Corporation is one North Carolina company addressing the need for businesses qualified for government contract work.
Building a Support System
Founded in 2008, Reef Systems Corporation, a small business based in Cary, North Carolina works with federal, state and local agencies to provide cybersecurity services, information technology, administrative support, human performance optimization and healthcare solutions. Reef Systems is committed to working with its current and prospective customer base to reduce risk and provide flexible and adaptable service solutions.
Myriam Batista, the chief information and compliance officer for Reef Systems and Rad Rouzky, the founder and president of Reef Systems, met in college in Massachusetts and were married shortly thereafter. “We were both in the rat race. It was a high-flying executive environment,” Batista reminisces. “We realized we wanted a better work-life balance when we had our son. Our son was starting preschool and we wanted him to be in the same house from preschool to graduation and founding Reef Systems in North Carolina allowed that. It was the best decision we ever made. North Carolina is home.”
Rouzky’s role in the company is to establish working relationships with organizations both in and outside of North Carolina by attending events and conventions like the one where he met NC State University Industry Expansion Solutions (IES) director of North Carolina Defense Industry Initiatives (NCDII), Michael Mullins. “I was attending a cybersecurity conference and Michael Mullins spoke about the types of services NC State University IES provides and it was exactly the type of services we were looking for,” Rouzky recalls.
What Rouzky and Reef Systems were looking for was a C3PAO authorization. C3PAO stands for Cybersecurity Maturity Model Certification Third-Party Assessor Organization. These organizations will conduct assessments under the authorization of the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) and issue the appropriate cybersecurity certificates to companies in the Defense Industrial Base. Companies cannot perform contract work for the DoD without a CMMC certification.
When asked why Reef Systems decided to pursue a C3PAO authorization, Batista says, “One of the reasons we felt this was in our wheelhouse is because Reef Systems was previously involved in cybersecurity and we identified growth opportunities. Offering compliance support services was an area we felt our company could grow a sustainable business model. We did the ISO 9001 certification and the ISO 27001, so this felt like a natural evolution of our path.” Reef Systems C3PAO authorization journey was supported through a series of grants awarded to IES from the DoD OLDCC (formerly known as OEA).
Embracing the Challenge
“We understood that it wasn’t going to be an easy task, but we were up for the challenge,” Rouzky says when he recalls the C3PAO authorization process. The experience in engineering and cybersecurity background many of his employees already had given Rouzky the assurance he needed to begin. After receiving their ISO 9001 and ISO 27001 certificates, Reef Systems was confident they had the practices, tools, experience and knowledge to pursue the C3PAO authorization.
“We worked with Michael Mullins, who has been constant during our efforts. It was over a year of preparation. We invested time, energy and resources to make it happen and in the end, we saw the reward for our hard work – a C3PAO authorization,” Rouzky said proudly. “Now we have the opportunity to help local North Carolina companies become certified government contractors.”
Mullins, Nora Milley, IES improvement specialist and Rex Raiford, a recently retired IES improvement specialist helped facilitate the ISO 9001 certification that was the initial set in the pathway of obtaining C3PAO authorization. Batista and Rouzky say they couldn’t do it without their direction. “Michael walked us through our strengths and weaknesses and we benefited from how pragmatic and full of knowledge he is.” Batista continues, “He gave us actionable, direct instructions and helped us see what was reasonable and would be advantageous for the future of our company. Everyone we’ve worked with at IES has been complete professionals and we couldn’t be happier to have worked with them.”
Hard Work and Luck
After Reef Systems received its ISO 9001 and ISO 27001, they were inspired to give back to the community. “We identified small businesses that could benefit from a free one-day gap assessment for existing government contract requirements. We wanted to give back by providing that service,” Batista says.
Reef Systems became one of only two North Carolina organizations with C3PAO authorization and joined the elite company of the 21 C3PAO-authorized organizations nationally. Reef Systems is now authorized to conduct certified C3PAO assessments and also offers consulting services to assist companies with self-assessments for both CMMC level-1 and CMMC level-2. They also facilitate cybersecurity training and implementing processes necessary for an organization to maintain compliance with cybersecurity regulations in a government contract.
“I believe in two things: hard work and luck,” Rouzky says matter-of-factly. “You can work as hard as you want but if you aren’t in the right place at the right time, things might not work out for you. I met Michael by being at the conference when he was – that’s luck. Being in North Carolina with a great support system and working hard, we’ve achieved the success we’d hoped. We hope to inspire other companies.” Batista concludes, “Being involved in the cybersecurity and government compliance world is the next chapter of our organization that we’re looking forward to.”