by Aaron Jacobson and Mustafa NeemuchwalaNov 28, 2023
The U.S. Government’s investment into defense technology has led to some of the most impactful commercial inventions in history, including semiconductors, modern gas turbines, satellite navigation systems (GPS), and the Internet. And given venture capital’s goal of generating outsized returns by backing world-changing technology, you would think defense tech would be generating as much buzz as AI. Yet there has historically been muted venture capital participation because the timeline and unpredictability of selling to the government has historically been unfriendly to new vendors, with money and time outstripping the runway of a typical startup. This has resulted in the US government being slow to adopt many innovative technologies that could not only strengthen national security and enhance geopolitical stability but do so at a much more efficient cost to the US taxpayer than the status quo.
Nowhere is this more apparent than looking at the $100Bn spent annually on information technology underpinning the federal government – according to a 2019 study by the Government Accountability Office the age of key legacy IT systems range from 8 to 51 years and feature outdated software languages (COBOL anyone?), unsupported software, and known security vulnerabilities . In FY22 over half of this $100Bn went to maintaining these legacy systems whereas only $12Bn was spent on modern cloud services . To help rectify this the Federal Government has begun enacting modernization efforts such as a $1B allocation to the Technology Modernization Fund by the 2021 American Rescue Plan . Additionally, units such as the Chief Digital & Artificial Intelligence Office (CDAO) and its Tradewind acquisition program to accelerate the procurement of artificial intelligence/machine learning, digital, and data analytics solutions with the Department of Defense (DoD) . Indeed it appears the fastest way to strengthen America’s standing in the world is to invest not in bullets but rather bits. Today we are thrilled to announce we have led the Series B financing of Second Front to support their mission of fast-tracking the adoption of disruptive software within the government.
The challenge of selling to the government, especially the DoD, can be seen by the broad consolidation we’ve seen amongst vendors. The National Defense Industrial Association (NDIA) states that the defense ecosystem has lost a net of 17,000+ companies and the DoD estimates the number of small businesses participating in the defense industrial base has declined by over 40% in the last decade . Even though small businesses made up 73% of all companies and 77% of the R&D companies that did business with the DoD in 2021, close to 80% of the money goes to the top 5 defense primes [6,7]. The participation of small businesses, especially emerging startups, are integral to the proliferation and scaling of innovative technologies that make Americans safer – one high profile example is Moderna, a former DARPA (Defense Advanced Research Projects Agency) grant recipient that produced millions of mRNA vaccines to help fight the global COVID-19 pandemic.
A key reason behind the declining defense industrial base is the federal acquisition process is cumbersome – so much so that many companies have chosen to turn away from selling to the government altogether. To deploy software in a government network, a vendor must receive an Authority to Operate (ATO) – a certification that governments use to manage risk in their networks – and then recertify their software for every major update. This used to be a highly manual and bespoke process until the U.S. Government introduced FedRAMP in 2011 to help standardize and expedite the ATO process for cloud solutions. For companies that want to do business with the Defense Department, they may have to go a step further than FedRamp, meeting criteria according to Defense Information Systems Agency’s Impact Level (IL) Certifications.
Image source: Second Front, November 2023
Whether FedRamp or DoD ILs, vendors still need to jump through numerous technical hoops and engage in a long drawn-out process to receive an ATO. This includes identifying a government sponsor (i.e., an authorizing official), hiring a third party vetting agency to conduct extensive testing and complete extensive assessment documentation, implementing relevant security controls that result from that report, and then hiring a devops team to operate and monitor the software after deployment. Achieving FedRAMP certification is typically a 6 to 24 month process that can cost upwards of $1M+, which is cost prohibitive for startups or mid-market software companies and can be a distraction to their non-government commercial activities. Undergoing this process is also quite risky since a vendor typically has to pursue the certification process in advance of having certainty of securing a government contract in the first place. Furthermore, an additional recertification process is required for every major software update as well as periodic reassessments depending on the federal agency so there is ongoing cost and operational overhead for a vendor. As of November 2023, FedRAMP has certified only 320 vendors, implying an average of 26 per year since the program’s inception . This is a staggering low number considering the thousands of startups founded every year (not to mention the thousands of established growth and mid-market tech companies) which have innovative products that could benefit the federal government.
Enter Second Front
Game Warden, Second Front’s DevSecOps platform, enables commercial software vendors to deploy software to DoD customers in a secure, cost-effective, and rapid manner. Game Warden shortens the process to receive an ATO to 60-90 days at a fraction of the cost. Since, ATOs typically vary in requirements, the high degree of configurability enables Second Front to customize the platform to the needs of the software vendor. This includes deployment on multiple public clouds and DoD impact levels, with FedRamp, StateRamp, expanded classified networks, and certifications required by US allies in the works.
Image source: Second Front, November 2023
Customers begin their onboarding journey with a technical review of their application via a CSM. They then upload their application container into the Game Warden Container Repo which hardens the images through a battery of security scans and tests before allowing the containers to be deployed into staging or production environments. Future updates and releases can be completed in a continuous fashion according to modern CI/CD practices without requiring a vendor to recertify their ATO. The vendor also doesn’t need to worry about assembling a devops team to scale the application as Game Warden includes an SRE team for Day Two operations, covering everything from incident response to logging to reporting.
While serving in the U.S. Marine Corps, co-founders Peter Dixon, Mark Butler, and Nate Hughes saw firsthand the damages done by an outdated acquisition system to those on the frontlines of defending our country. To address this critical issue, they formed Second Front as a public benefit corporation with the mission of accelerating the adoption of technology by the US and its allies. Peter has since recruited an elite team of executives to scale the company, including CEO Tyler Sweatt, CTO Enrique Oti, and CPO Michael Neumann. Tyler is a former Army officer with over a decade of experience selling to the federal government. Enrique was previously the founder and commander of Kessel Run within the US Air Force, an agile software development organization known to be the foundation of the movement to bring modern, commercial software development practices into the DoD. Michael Neumann previously spent 15 years in the intelligence community culminating in his leadership as the technical director and Chief Data Scientist of the CIA. We are grateful for the steadfast dedication of the Second Front team in serving our country and it has given them unending customer empathy that makes the team particularly well-suited to executing the company’s mission.
Whether Cloudflare and its mission to build a better Internet or MongoDB and its mission to empower innovators to transform industries by unleashing the power of data, NEA has a long history of partnering with mission-driven founders to build category-defining infrastructure software companies. We are inspired by Second Front’s mission to strengthen America through software and we couldn’t be more proud to back Peter, Tyler, and the entire Second Front team.
The information provided in this blog post is for educational and informational purposes only and is not intended to be investment advice, or recommendation, or as an offer to sell or a solicitation of an offer to buy an interest in any fund or investment vehicle managed by NEA or any other NEA entity. New Enterprise Associates (NEA) is a registered investment adviser with the Securities and Exchange Commission (SEC). However, nothing in this post should be interpreted to suggest that the SEC has endorsed or approved the contents of this post. NEA has no obligation to update, modify, or amend the contents of this post nor to notify readers in the event that any information, opinion, forecast or estimate changes or subsequently becomes inaccurate or outdated. In addition, certain information contained herein has been obtained from third-party sources and has not been independently verified by NEA. The companies featured in this post are for illustrative purposes only, have been selected in order to provide an example of the types of investments made by NEA that fit the theme of this post and are not representative of all NEA portfolio companies. The company founders or executives or any other individuals featured or quoted in this post are not compensated, directly or indirectly, by NEA but may be founders or executives of portfolio companies NEA has invested in through funds managed by NEA and its affiliates. Any statements made by founders, investors, portfolio companies, or others in the post or on other third-party websites referencing this post are their own, and are not intended to be an endorsement of the investment advisory services offered by NEA.
NEA makes no assurance that investment results obtained historically can be obtained in the future, or that any investments managed by NEA will be profitable. To the extent the content in this post discusses hypotheticals, projections, or forecasts to illustrate a view, such views may not have been verified or adopted by NEA, nor has NEA tested the validity of the assumptions that underlie such opinions. Readers of the information contained herein should consult their own legal, tax, and financial advisers because the contents are not intended by NEA to be used as part of the investment decision making process related to any investment managed by NEA.