Merlin International has won $80 million in new cyber work at the VA during the last quarter but the success was years in the making.
Merlin International went on a nice little win streak in the last quarter, capturing $80 million in new cybersecurity-related contracts and task orders at Veterans Affairs.
On the surface it might seem like an overnight success but it was “years in the making,” Merlin Chief Technology Officer Mark Zalubas told me.
The revenue will be recognized over multiple years and “they tell the story that we are committed to this customer,” he said.
The deep relationship with the VA began in earnest with a rather embarrassing incident for the agency. In 2006, a VA employee had their laptop stolen and in it was sensitive personal information to nearly 26.5 million veterans and military personnel, according to the Washington Post.
Merlin was hired to encrypt 300,000 devices and that began the company’s journey deeper into VA and into cybersecurity, Zalubas said.
From that early win, the company has developed a focus on health IT. Today its biggest customers are the VA and Health and Human Services departments.
The $80 million is mostly coming through four contract wins but there are few other small wins included. The $80 million is all new work and doesn’t count revenue already coming in through existing contracts, Zalubas said.
As part of the new wins, Merlin will provide VA’s endpoint security. This is a change from more point solutions where different regions and facilities were doing their own security work, he said.
“This is an enterprise-wide approach,” Zalubas said. “When you have an enterprise system you can make more global decisions instead of local or regional decisions.”
Merlin is also providing a packet capture solution that monitors traffic coming in and out of VA’s networks. Again, this is an enterprise approach, not point solutions, he said.
An enterprise approach to cybersecurity can reduce costs and increase efficiencies but it also gives decision makers better information about what is going on in their networks and where threats are appearing, Zalubas said.
The agency also should more easily meet reporting requirements under FISMA.
“You get economies of scale, more consistency, more centralized policies and better insights,” Zalubas said of the enterprise approach to cyber.
The wins are a culmination of Merlin’s investments in building a cyber practice, he said.
This includes determining what the customer needs and what the company needs to be able to meet those customer needs, he said.
As a result the company holds alliances with technology providers such as Riverbed, NetApp, HyTrust, Palo Alto Networks, McAfee and IBM.
“We had to hire the right people and we had to know what to bid on,” Zalubas said.
Like the ever evolving cyber threat, developing and maintaining a cyber expertise is an ongoing process. “Sometimes you lose but you have to learn what you need to do to be better next time,” he said.