Schedule 70 Cyber SINS: 4 Topics you’ll Definitely Need to Cover for Your Technical Oral Evaluation
Technology | 3 Min Read
So, you have either submitted a proposal or a contract modification to get in on GSA’s new Schedule 70 Highly Adaptive Cybersecurity Services (HACS) SINs (132-45A: Penetration Testing, 132-45B: Incident Response, 132-45C: Cyber Hunt, 132-45D: Risk and Vulnerability Assessments). However, you have probably figured out that this is the first time GSA has required applicants to pass an Oral Evaluation in order to get on certain SINs. There is a lot of information about the Technical Oral Evaluation out on the internet but it all tends to be in legal jargon. We have sought to not only aggregate this mass of information but to break it down into everyday language.
The Technical Oral Evaluation Process
A week after the submission of your contract modification or proposal you will be contacted by your contracting officer to set up a time for your Technical Oral Evaluation. The evaluation is 40 minutes max per SIN you apply for with the max time of the evaluation being 3 hours for all four SINs. A contractor is allowed to bring up to 5 participants for the evaluation and the evaluation will be administered by a panel of 4-5 GSA subject matter experts, and 1 contracting officer. The evaluation is simply pass/fail and to pass the evaluation you need to meet minimum requirements for each SIN. You will receive your results of the evaluation within 48 hours after having participated in it.
Before the exam you will be asked three simple Pre-Evaluation questions: Which cybersecurity services do you offer? How quickly can you deploy resources for an engagement? Do you have resources to deploy nationwide?
After these questions, your 40 minute evaluation per SIN will start. Here are 4 topics you are likely to be asked to speak on for each SIN:
What activities do you carry out during the pre-engagement, testing/assessment, and post-engagement phases?
Provide a background of your organization’s Penetration Testing (PT)/Incident Response (IR)/Cyber Hunt (CH)/Risk and Vulnerability Assessment (RVA) capabilities.
Give a scenario when you actually did Penetration Testing/Incident Response/Cyber Hunt/Hypothesis Generation/Risk and Vulnerability Assessments and some of your previous experience with it in the past 2 years.
What are the specific processes and methods used to conduct: reconnaissance/preparation/risk and vulnerability assessments testing activities?
Quick Tips For A Successful Technical Oral Evaluation
Sell yourself, brag about your company! Treat this evaluation as an interview and not an exam.
Incorporate as much prior experience as possible into each question not just when they ask for it. Give an answer then back that answer up with a past performance example your company has dealt with.
When it comes to taking notes during the evaluation, we have seen on multiple websites suggestions that you take thorough notes about your evaluation. After speaking with multiple contracting specialists dealing with the new cyber SINs it is confirmed that you are allowed to take notes during the evaluation, however, it is not allowed to take any of those notes you take out of the evaluation room. The only notes allowed to leave the room are those taken by the evaluators, and these notes are incorporated into your, the vendor’s contract file, and incorporated into the GSA Pre-Negotiation Memorandum (PNM). Evaluator notes although important, are never seen by any potential agencies looking to buy services around the cyber SINs, and therefore won’t play a part in an agencies choice on which vendor to select for a contract.
There are over 300 companies that are very interested in submitting a proposal to get a Schedule 70 contract on these new Highly Adaptive Cybersecurity Services SINs, currently there are only 20 companies actually approved and on the SINs so the time to get on is now. If you have any questions regarding either the new HACS SINs (132-45A: Penetration Testing, 132-45B: Incident Response, 132-45C: Cyber Hunt, 132-45D: Risk and Vulnerability Assessments or just a Schedule 70 contract, don’t hesitate to contact us at Winvale with any questions or concerns, we are more than happy to help!
About Mac Ritch
Mac Ritch is a consultant in Winvale's Government Consulting Practice.