Kortney Calano joins the Security Clearance Careers Podcast to discuss her journey through the Defense Industrial Base. She is a U.S. Army veteran, turned defense contractor, turned GS personnel. Currently, she is a small business owner that is a provider of IT Consulting services to government clients, and prior to that she was the Acting Director and Branch Chief for the Program Management Division of USDA. We discuss how she was able to move up the ranks in the federal space, her contribution in implementing Zero Trust Security and Architecture, her experience as a Contracting Officer Representative (COR), and how CMMC is affecting small businesses within the defense industrial base.
Katie:
I love talking with folks that have supported this sector from a contractor’s perspective, and then moving onto the government side and vice versa. And so you started your national security journey in the military though, and so what did you do and how did you translate your skills to contracting after you separated?
Kortney Calano:
So it’s going to be funny because I didn’t start off in the IT arena when I was in the United States Army. I actually started off in transportation and logistics, and things of that nature. And then I got out and continued my education and that is what landed me into the IT space.
Katie:
Well, and that’s another really huge topic of discussion amongst cleared candidates. I mean, how do you even pivot careers, especially going through a military transition? Maybe your MOS isn’t really what is in demand within the private sector at the time. So, translating those skills I know is really hard. And so it sounds like education was the main thing that was able to propel you into the IT industry.
Kortney Calano:
That is correct. So basically I took advantage of the Vocational Rehabilitation Program that the Veterans Affairs offers vets after they get out of the military. And so in doing that, I enrolled into George Mason University and I decided to basically major in the field that I thought was going to be able to excel in the future. And being a resident of Virginia, I basically looked around and I wanted to see what is it here that agencies are currently looking for. I saw that this was the IT / cyber hub. I saw all of the issues facing agencies from a cybersecurity perspective. And so I then decided to go and major in Information Technology. So I have my Master’s in Applied Information Technology and a minor concentration in Cybersecurity. I decided to do a little more by becoming a Certified Information Security Manager through ISACA that would allow me to basically hone my experience in governance, risk and compliance, and also other areas in cybersecurity as well.
Katie:
Awesome. And so I have to ask, as you were trying to figure out once you’ve separated from the military, what am I going to do next? And then you decided to get more education. Did you hold a security clearance and did you let it lapse? Or how did you work out that process?
Kortney Calano:
Right after I got out of the military, I will say I didn’t go straight into my education. I did become a defense contractor like most of my fellow veterans, there are easily opportunities that you can take and become a defense contractor. Where I served again, I went back to Iraq for two years and Afghanistan for one, and that is where I maintained my security clearance. I made sure that I kept it active by getting on different contracts that continued to hold my security clearance. Once I came back CONUS, I started my education, but I still maintained a career in an area that could hold my security clearance so that it would not lapse.
Katie:
Yeah. I mean, I just know that’s one of the biggest problems that I hear from candidates. I get wanting the break, but making sure that you have a contract to attach yourself to I feel like is so important. And even just thinking about it like, “Okay. Five years down the line, am I going to want to be in this field?” And you really have to take those timelines into consideration.
Kortney Calano:
Making sure that you keep your clearance active is crucial. If you are trying to stay in this industry, if you’re trying to continuously work and elevate and expand your capabilities of a particular salary range, it is crucial that you keep your security clearance active. And if you can also increase the level of security clearances, that’s beneficial.
Katie:
Absolutely. And so that goes for both being a contractor and whether you get a security clearance through the government. And so eventually after being a contractor and getting your education pivoting to gain skills to allow you to pivot careers, you found yourself in a GS-14 acting director and branch chief level role. And so tell us a little bit about how you were able to move up the ranks in the federal space?
Kortney Calano:
Sure. So I originally came onto the government, again, I have to say thank you for the Veteran Affairs who allows disabled government workers and veterans to take part in some of the programs like the Wounded Warrior program. So I was able to take a part in the Wounded Warrior program that allowed me to become a civilian government employee. And I first started with the Department of the Navy. So in doing that, I came in, I would have to say since they don’t do GS, they do pay bands. I came in on a NT-4, NT-3 type of pay band, and then I started my career there. And then that’s when I received the promotion, which is equivalent from a NT-3, NT-4 is equivalent to like a GS-9, 10. And then I received a promotion where I moved over to USDA, which was equivalent to like in 11, 12, and then it was automatically 11, 12, 13 track.
And so it’s just coupled with my experience that I gained over the years in IT, in program management and contracting officer representative aspects, it allowed me to excel to become a branch chief, and then serve in the acting director capacity.
Katie:
Well, and so have you run across any folks who just maybe don’t find themselves successful in the government and aren’t able to move up? What are those things that people find challenging, would you say?
Kortney Calano:
I would honestly say you’re right on the challenging part of moving up in the government. It just depends on, I would have to say the discipline you’re in and also the location you’re in. So if you are in the national capital region area, it seems that it’s more prominent for you to be able to excel and move up in your career. Because there are a lot of agencies that are in this area as opposed to if you’re outside of the area, it seems a little more challenging to move up in the federal space. Also, like I stated, the discipline, it depends on what your discipline you’re in, if it’s saturated, if you’re in, I hate to say this, if you’re in logistics in that area, which I was and I came from, I found that it was saturated and it was hard to progress and to move up.
I said, “I need to find a discipline that is going somewhere that is easier to move up in.” And so I chose the IT arena and cybersecurity space. There’s a shortage of us right now. So it’s going to be easy to move up. It’s not going to be as challenging as other disciplines. And so in the federal government, I would advise if you’re looking to excel in your career and you’re looking to climb the ladder in the GS scale, look at where you’re placed, look at the discipline you’re in, and look at where you’re currently located.
Katie:
That’s a great point, especially for those that might be contracting and looking to dip their toe in government work. Or younger folks who are just interested in national security careers and government might be a good fit depending on that discipline and location, and all of those factors.
Thinking about your last government role, you were a big driver of Zero Trust security and architecture. So could you explain what that is and why it’s important for folks listening?
Kortney Calano:
Yes. So in my previous role, what I was in charge of was ensuring that Zero Trust was implemented throughout the entire USDA. So when the Executive Order 14028 came out from the White House, my branch was in charge of reviewing that, defining and developing a strategy to implement it, and comply. Zero Trust is basically a shift in paradigm, so instead of having a perimeter based focus on security, we’re now looking at users, assets, and data. It is more coined to basically take a look from the perspective of the user in introducing things such as like ICAM, which is Identity, Credential and Access Management. Looking at that level of data and implementing multi-factor authentication.
Katie:
Security is both important for agencies and companies, which we’ll talk about your small business in a moment.
You probably have a ton of insight for our defense contracting partners, whether they are recruiters listening, I know a lot of FSOs tune into the podcast, HR professionals. So topics like business capture and meeting contract requirements, obviously understanding from a COR’s perspective is super important. So any advice that you’d like to share with those listeners today?
Kortney Calano:
I would say from a previous COR perspective, one thing that I would tell small business owners or BD capture, planning people is to ensure that they build those relationships. That’s one big thing I know, building relationships, making sure that you can get in front of the program office, and then trying your best to take advantage of the programs that they offer, which is 8(a). So I know a lot of companies are leveraging the 8(a) program. I will honestly say making sure that outside of that you’re able to get those contracts or being able to get work past performance without that. That is one thing that I will honestly say, because once you’re in that program and you graduate from it. Basically they’re going to want to know, “Are you able to sustain and be able to sustain without having specific programs at your disposal? Or you can continue to grow your business?”
Katie:
Absolutely. Gosh, breaking into this industry, it’s so tough, but you are doing it and you have the experience to back it up coming from the military, serving as a contractor, a direct billet, and then moving on to the government and now owning your own small business. So you’re using all of that experience to be an entrepreneur. And so tell us a little bit about what general challenges you see as you are providing IT consulting services to different clients, but then specific to the defense industrial base, like topics like CMMC.
Kortney Calano:
So there are two in particular that I’m seeing, even though I have the inside knowledge of how to conduct business with the federal government. Some challenges that make me want to go back into the federal government are gaining past performance and requirements such as CMMC. Having those requirements, sometimes they are pushing small businesses out of competition or being able to actually go after certain work with certain agencies. Because I understand from a cybersecurity perspective with making sure that we have rules and regulations in place so that we can make sure that we are protecting the data and infrastructure. However, what I don’t want is to see that those rules and regulations basically complianc-ing out the small businesses.
So that’s why I say they are basically putting things in place that are challenging for small business to comply. Because of the dollar value that it takes in order to actually get those auditing, those third party auditing agencies to audit you and for you to be deemed compliance.
Past performance is also becoming an issue because a lot of large businesses are not looking to partner with those small businesses due to the fact that they don’t have past performance. And it’s like, what is it? The chicken before the egg or the egg before the chicken. It’s hard to gain that past performance without the help of another organization or another company assisting them. And it’s challenging because these large businesses, they have subcontract opportunities, but then when you go to them, they’re saying, “Oh, well, do you have past performance?” “Well, no, I’m trying to gain that.”
Katie:
Yeah. Well, and from a candidate or job seekers perspective, “Do you have this amount of experience?” “Well, no. No one’s taken a chance on me and I’m trying to gain that experience.” And I know that with any compliance to policy, I mean, I’m thinking just because I’m a former recruiter, OFCCP, it’s always tougher for the small business. There’s not a lot of resources, there’s not a lot of capital. You’re trying to, again, like you said, break into this industry, and so some of these rules and regulations to comply with are tough. It’s a lot of time and it’s a lot of energy and resources.
Kortney Calano:
I definitely agree with that. The resources that it requires to comply with CMMC is large for a small business. But like I stated, I understand that the government wants to ensure security and wants to ensure their security requirements. Because the security requirements surrounding CMMC framework, it complies with NIST Special Publication 800-171 and this NIST Special Publication 800-172. Now, understanding that, you understand the reason why you have to have those security requirements in place.
Katie:
And so there are pros and cons to owning your own business, working for the government, working in the private sector, or working as a contractor. So thank you for telling us about your journey today.
