home / about
// Who we are

Cybersecurity,
delivered end to end.

Bald Man Technologies is a Tampa-based, Service-Disabled Veteran-Owned cybersecurity and network engineering consultancy focused on the federal authorization process. Assessments, architecture, and documentation built to hold up under the kind of review that regulators and auditors tend to bring.

// 01 / the short version

Specialized in the authorization process.

The work lives in the space between a system being built and a system being authorized. Requirements are translated into controls, controls into evidence, and evidence into an authorization package or an audit report that holds up.

Led by a practitioner with nine-plus years across federal cybersecurity engineering, network architecture, and the Risk Management Framework. Active clearance for work in secure government environments. Twenty-eight years U.S. Army background underneath.

Engagements are scoped around the specific authorization or audit a system has to clear. Templates come out when they help and get rewritten when they do not. The output is documentation and evidence that holds together on its own.

// 02 / how we operate

Four operating principles.

01

Tightly scoped.

Each engagement is scoped to the authorization or audit the system is actually walking toward. Work that falls outside the scope is flagged, not billed.

02

Evidence-first.

Controls are only as real as the evidence behind them. The SSP, SAR, and POA&M are written against what the system actually does, with artifacts that an assessor can verify.

03

Hands on the system.

Architecture, control implementation, and testing are done against the live system, not only on paper. Findings that come out of real traffic tend to be the ones that matter.

04

Written to be read.

Deliverables are written in the register of the audience: assessors, 3PAOs, and ISSMs for the package itself; leadership summaries for the people funding it.

// 03 / working knowledge

Frameworks & programs
delivered against.

Frameworks and programs the firm has delivered against in production engagements.

  • NIST Risk Management Framework (SP 800-37)
  • NIST SP 800-53 rev 5 control assessments
  • NIST SP 800-171 & CMMC L1 / L2 readiness
  • FISMA compliance & A&A support
  • ATO lifecycle & continuous monitoring (NIST SP 800-137)
  • Penetration testing aligned to NIST SP 800-115
  • NGFW deployment (Fortinet, Cisco, Check Point)
  • IPSec VPN with FIPS-validated cryptography
  • AWS, Azure, and GCP security architecture
  • Active Directory, GPO, and DISA STIG implementation
  • ACAS vulnerability management & SCAP compliance
  • Section 889 / FAR 52.204-21 basic safeguarding
// want to talk?

Send us a program.
We'll send back a plan.

donovan@baldmantech.com Services →