1.14.22 – SIW
The Security Business expert integrator panel outlines the challenges, pitfalls and potential massive reward of federal, state and local government security contracting (January 2022 cover story)
This article originally appeared as the cover story in the January 2022 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.
Federal, state and local governments annually spend billions of dollars on physical security equipment and services at locations ranging from military bases to elementary school campuses. Government security projects are a lucrative market for those integrators well prepared to navigate a host of regulations and contractual obligations.
According to a report conducted for the Security Industry Association by market research firm Omidia, the government market for physical security equipment alone was worth nearly $730 million in 2020, with video surveillance equipment accounting for roughly 55% of that revenue.
A market of that size is bound to attract the attention of many integrators. But is the government market – particularly federal departments and agencies – right for all security providers?
We asked that and related questions of the Security Business exclusive three-member integrator expert panel – John Nemerofsky, COO of Sage Integration; Michael Ruddo, Chief Strategy Officer for Integrated Security Technologies (IST); and Brad Wilson, CPP, President and COO of RFI Communications and Security Systems.
The three were unanimous in the opinion that government security projects are best left to integrators willing to spend the time and money preparing for what, in many cases, is a difficult market to crack. So how does an integrator begin working with government clients?
“Do your homework,” Nemerofsky says. “Talk to experts in the field. Hire a consultant and measure the market size before getting into government security markets.”
Federal Work: GSA Schedules, Product Choices and More
To work with federal agencies, integrators, manufacturers and other businesses require a GSA Schedule contract to sell products and services. A schedule is a contract used by firms supplying federal, state and local governments with more than 11 million commercial products and services at volume discount pricing.
“Consider a GSA schedule your fishing license to play in this market,” Nemerofsky explains, adding a warning that government security jobs do not follow the process of typical commercial installations. “Government contracts are going to be a much heavier lift than a negotiated sales contract with a commercial entity, where you are working on a purchase order that follows your terms and conditions.”
Not only that, but the entire GSA Schedule process has been undergoing a modernization and transformation process for well more than a year – meaning integrators and contractors who were already accustomed to the schedule process may need a refresher. These changes were outlined in a comprehensive article by expert Lynn de Seve in the June 2021 issue of Security Business.
The three integrators say just getting a GSA schedule incurs costs not required with commercial security projects. Some integrators hire in-house staff to complete the application process, while others work with experienced consultants. Either choice comes at an additional cost.
IST puts federal agencies into one of three buckets – civilian, defense and intelligence – each with slight differences in the procurement process. Some federal agencies maintain additional contract vehicles beyond GSA schedules. It is important to closely follow all contract requirements or “you don’t get paid,” Ruddo warns.
Just knowing when and where new contracts become available is a chore. Some integrators employ outside consultants to help. Ruddo says IST maintains a federal team dedicated to tracking and winning jobs.
Nemerofsky compares the federal project structure to a pyramid. The ground level consists of agencies and departments requiring less security from an integrator’s employees. These projects are best for integrators looking to break into the federal security business; however, competition will be greater. The middle-tier agencies generally require at least one integrator employee to have a secret clearance. There is less but more experienced competition at this level.
“Reach the top of the pyramid and you probably need a top-secret clearance,” Nemerofsky says. “There are fewer opportunities and competitors for these projects, and they often require embedded integrator employees.”
“If you are not doing it now, I would not start with a big government job,” Wilson says. “Start small if you are going to start at all. Take time learning to navigate through the systems and be prepared for its many hidden costs.”
Audits, reporting and background checks:The cost and time of securing a GSA Schedule to work with the federal government is only the beginning. Annual audits are also routine with federal security projects.
“You need internal or external resources to develop systems to remain in compliance,” Ruddo explains. “If it is found you are not giving an agency pricing consistent with the contract, you will be in big trouble.”
Additionally, the federal Davis-Bacon Act of 1931 requires paying employees and subcontractors local prevailing wages for public works projects. Lead integrators must submit weekly certified payroll reports on federally funded projects.
“These are costs you do not have with traditional commercial work,” Nemerofsky explains. “If you told the average integrator that you need certified payroll with a job, most wouldn’t have – or even know how to get – the forms to comply.”
Wilson says RFI handles payroll reporting through an experienced national payroll service, which of course creates another cost to doing business with the federal government.
Employee background checks are another cost of doing government business. Background checks for federal projects are likely to be more expensive as they often involve clearances for agencies handling classified projects.
Approved products: There are also regulations regarding the equipment used in a federal security project. Integrators must choose video, access and other systems from the GSA’s Approved Products List (APL); however, manufacturers bear the cost of getting and staying on the APL.
Nemerofsky says if his team wants to use a product not on the APL, Sage works with the manufacturer or an outside consultant to get the device listed.
The regulations and costs of working with the federal government may scare away many smaller integrators; however, according to Ruddo, even large national prime contractors often shy away, although for different reasons. “These are companies used to dealing with eight- to nine-figure opportunities,” he says. “They may try dipping their toes into the security space, and they find a six- to seven-figure security project keeps them from doing the ‘real work’ they typically do.”
State, Local and Municipal
If your integration firm shies away from GSA Schedules and added costs and regulations of federal government work, there is still a ripe opportunity in the local and municipal sectors.
Ruddo says there are fewer regulations for winning state and local business, although both levels offer wild cards with strict rules, which often result from the federal government funding a project. “The feds demand their rules be followed in what is referred to as Federal Acquisition Regulations (FAR),” Ruddo says.
Nemerofsky adds that compared to the federal government, local jurisdictions and schools are a bit like the old Wild West, with more undefined regulations around security technology and its use.
Wilson provides an example of a recent trend that may impact integrators. Many city and county governments now use a lease-back method of financing new construction and renovations. A general contractor agrees to complete the project and then leases the building back to the government for 20 or more years. This arrangement requires the security integrator to work through the contractor’s master service agreement and labor arrangements.
In some cases, a job in a metropolitan area may have state, county, city and labor union regulations apply. These organizations often request compliance audits during a project. “You fail one of those audits and you can be fined and face other issues,” Wilson says. “If you are going to swim in that pond, you better know what you are doing. You may think you are making a lot of money and then get hit with one of these audits – and that might not be good.”
Nemerofsky warns that school security projects have another potential downside. “You work on a project in hopes you are going to get paid every 30 or 60 days. But while your subcontractors may have rights to lien you, you have no rights to lien the school, a public utility,” Nemerofsky explains. “There is risk-taking on these projects. You need to weigh your risk-reward benefits when taking on local government entities like schools.”
The number of potential jobs at any time often varies between government levels. Compliance drives many federal projects, while events, such as school shootings, lead to more state and local spending on security, Ruddo says.
“When shootings happen like Sandy Hook and 2019’s Virginia Beach Municipal Center that killed 12, new requirements will pop up,” Ruddo explains. “If you are engaged with the government, you typically deal with longer selling cycles.”
There are also differences in the amount of competition to win projects at various levels of government. Ruddo says he faces six to eight competitors for a federal project, while a state or local job can attract up to 30 other bidders.
The integrators agree their federal clients heavily focus on physical access control systems. The emphasis on PACS goes back to a 2004 presidential directive (HSPD-12) issued in the wake of the 9/11 attacks.
Federal agencies work with The National Institute of Standards and Technology (NIST) to develop personal identity verification (PIV) cards with embedded IC chips containing an employee’s demographic data, including a biometric, to access doors, computer workstations and other devices.
That said, HSPD-12 was an unfunded mandate. Ruddo says the “richer agencies” have complied with the requirements, while others are just now doing so as the third version of NIST-approved PIV cards near arrival.
Video, while necessary at the federal level, is much more prevalent for state and local government security jobs. “State and local governments want more video – especially intelligent video solutions,” Wilson says. “Video plays a huge role in controlling access to the perimeter at the street, building or internal levels.”
Awareness of security technologies varies between government levels.
“In a lot of cases, the federal folks are technically savvy,” Ruddo says. “It is different on the state and local sides. Their goals are a little more undefined. They are relying on their integrator to tell them what they need for the given set of circumstances.”
As it is for most industries today, Wilson reports a strong move toward touchless technologies in government security installations in response to the COVID-19 pandemic.
Cybersecurity and the Cloud
As the crossover between physical and social security continues, do integrators hoping to work on government projects need to be cyber-aware or cyber-proficient?
“Going forward, cyber is a thread that is woven through everything we do as an integrator,” Wilson says. “Today, if you are not at least cyber-aware, you shouldn’t be in our business.”
Ruddo says IST has cyber experts on staff. The alternative is hiring an outside cybersecurity firm. Either way – hire IT-savvy staff or choose a vendor – it is another cost for many integrators looking to win government security projects.
According to Nemerofsky, a general lack of IT and security resources around schools and other municipal facilities have officials choosing cloud-based solutions to eliminate worries about onsite servers or software upgrades. Reliance on the cloud leads to more RMR opportunities for integrators.
The federal government has been slow moving to the cloud, Ruddo says, but he adds it is only a matter of time before agencies make the move. “We saw this a few years back with the transition between analog and digital technology, until manufacturers said they would only make IP cameras,” Ruddo says. “Today, many of the vendors we deal with have future platforms solely based on cloud technology. If the government does not head that way, the manufacturers will.”
According to Wilson, getting service and maintenance agreements at the local level may pay long-term dividends when new jobs come to bid. Once anchored in the role, the integrator’s name may appear in the specifications before new construction begins. “You control a little bit of the game clock if you have the maintenance and service contract,” Wilson says. “That early engagement lets you prepare and position for the award before it even hits the streets.”
Ruddo suggests paying attention to which political party is in power when planning for RMR. “Historically, Democrats favor big government while Republicans prefer small governments,” he explains. “A big government is hiring employees to provide many security-related services. If a government is getting smaller, officials often outsource those requirements – that is where integrators can play a role in gaining recurring revenue through embedded staff.
“Staff augmentation is a big deal within the federal government,” Ruddo adds. “That is where the real RMR opportunities exist.”
How to Get Help
While it may seem that breaking into government security markets is difficult, all three integrators say that government entities offer a variety of programs enabling novice integrators to get a start.
Many federal agencies, including the Defense and Homeland Security departments, the Coast Guard and NASA, offer mentor-protégé programs. Look for many of them online.
Government contracts often demand large integrators subcontract a percentage of revenue to minority-, woman-, veteran- and disabled-owned firms. “There are huge benefits to doing government work if you do it right,” Ruddo says. “Make contacts with a well-versed consultant or prime contractor to help you get started and learn the processes.”
Many state and local governments have small business offices that sponsor procurement webinars and other events. Ruddo urges integrators to take advantage of these opportunities. “There may be a mini-trade show where you can get a 10-foot table to showcase your abilities to procurement managers parading through the hall,” he says. “You may be next to a guy selling cleaning supplies, but you are gaining contacts.”
Nemerofsky recommends working with manufacturing partners. “In many cases, manufacturers have staff members dedicated to government business,” he says. “They are on the schedules already and have been around the market for a while. Take advantage of these industry experts.”
Jon Daum of security-centric PR firm Daum Weigle (www.daumweigle.com) contributed to the writing of this article.