Enterprise Risk Management

Sharese Walker

Director of Operations

Sharese Walker is the Director of Operations at CANDA Solutions LLC, a software company specializing in Risk Management including continuous vetting, industrial security, and investigations management.

Joining CANDA Solutions after 30+ years at a Federal Government – Intelligence Agency, Sharese is a Supervisory Information Technology Specialist, Program Management Professional and Business Finance Manager with extensive experience in; Information Technology, Project and Portfolio Management across multiple technologies; IT contract management, agile methodologies; DevOps and in leading teams in delivering mission critical enterprise solutions.

Sharese has a Bachelor of Arts in Information Systems Management and holds a DOD Top Secret /SCI clearance.

AI RIDE

As the value of U.S. Federal Government and Corporate Intellectual Property (IP), reputation, brand, and national interests increases, organizations will have to leverage new, cutting edge security technologies and integrations to increase protection from inside and outside threats.

Fresh Haystack innovative AI (Artificial Intelligence) RIDE (Risk Integration & Decision Engine) allows out customers to profit from true integrated risk management and data driven decision making. Though it is a work in progress, the following features are already currently available:

Hyperautomation
Enables any internal/external system integration
Event Broker
Predictive Decision Modeling
Harmonization of Risk Silos
Organizational Resilience

Investigations Management • Background Investigations

The Fresh Haystack Background Investigations solution is an environment that provides a method to scope a Background Investigation (BI). The solution auto-creates leads that are extracted from candidate SF85p/SF86 form inputs and additional criteria, and then auto-assigns leads using the proprietary WATO (Work Assignment and Tuning Optimization) algorithm to investigators based on the multiple factors such as geographical location of the lead to be investigated, complexity of the case and others.

During an investigation, the Fresh Haystack Investigators Portal provides an environment for the Background Investigator (BI) to to upload individual investigative artifacts, complete leads, and auto generate editable Reports of Investigation (ROI). Flexibility is built into the environment so the queue of investigation leads can be managed in a way to prevent investigator overload, but control and/or redirect investigations to alternate investigators based on investigative performance, case workload, case complexity, geography, etc. This method and structure of Investigations Management allows the entire investigative workload of cases to be distributed across multiple Investigators in any manner deemed appropriate to ultimately speed up case completion and reduce the cost of each completed BI.

CARE • Supply Chain

The recent desperate hunt for PPE (Personal Protective Equipment) and medical supplies (ventilators, testing kits, etc.) during the global pandemic has had numerous impacts, including driving competition and unparalleled friction between the USA and China, still the full effects have yet to be seen. Global competition has highlighted the fact that critical customers – the Federal Government, States, hospitals, manufacturing facilities, and other businesses across our country – have very limited technological capabilities to accurately measure or predict urgent supply needs such as delivery timelines, costs, or needed volume; all at scale.

Our strategic partnership and integrated solution with a leading data provider, LexisNexis Risk Solutions, offers a full array of business data solutions to streamline and strengthen one’s procurement process. With the powerful combination of unparalleled data reach and proven analytics, agencies/corporations can tap into business intelligence to:

Verify a supplier’s self-provided data
Conduct thorough business audits
Uncover related businesses and potentially risky connections
Recognize suspicious activities or owners
Identify non-compliance with regulations
Streamline evaluations and ongoing scrutiny
Ensure consistency no matter who performs the research

Our combined solution provides better business data, workflow efficiency, compliance, and modern technology to help mitigate vendor-related concerns. From identifying and assessing a business and its associates to monitoring for changes over the lifetime of the relationship.

Insider Threat Defense • Continuous Vetting

Combining Continuous Vetting (CV), Counterintelligence (CI) and Insider Threat into a single analysis environment ensures that each of these critical functions are sharing information in the right context and only relevant alerts are raised. We are providing a holistic approach that breaks the mold of silos and pockets of excellence, to prepare integrated context for Cyber Security, Financial, Criminal, Foreign Influence, Identity Resolution, Behavioral Risks, Human Factor, Dark Web, Open Source and Social Media analysis. Our system provides notifications / escalations on the facilities, contracts and associated the workforce / companies under risk evaluation.

Our solution truly addresses continuous, multi-factor situational risk awareness across the entire Enterprise, along with all suspicious and reportable activities of selected individuals outside of the workplace in a way that is transparent and protects privacy rights.

The ITD (Insider Threat Defense) module is based on the Enterprises’ ability to setup a risk baseline based on variety of data sources across critical programs and personnel, facilities within FH ecosystem to access, manage, investigate and mitigate Risk continuously.

Fresh Haystack ITD integrates with multiple federated third-party data providers like LexisNexis Risk Solutions, ESR, TRSS (Thomson Reuters Special Services), TransUnion, Appriss and IDInsight as examples. Data sources and the criteria they cover are aggregated into sample packages: Bronze, Silver, Gold, Platinum. These data sets can be configured to form a risk factor baseline that provides similar analysis to government investigation standards, but with the capability to add additional data sets commensurate with varying configurable risk baselines across the enterprise and/or personnel population. As an example, a Professional Services firm may want to select the Bronze program for all employees and contractors that are customer facing, gaining access to customer sites, and/or operating company vehicles. Likewise, that same firm may elect to enroll employees with access to Research & Development (R&D), IP or “Keys to the Kingdom” in the Gold or Platinum program for a heightened level of inspection.

Insider Threat Defense

Trust Everyone until given a reason not to…

CE is a personnel security investigative process that leverages an automated records check (ARC) methodology and applies standardized business rules to identify adjudicatively relevant information to assess cleared individuals’ on-going eligibility for access to classified information **Source ODNI / NCSC

Fresh Haystack approaches Continuous Evaluation, Insider Threat and CounterIntelligence via a multi-source, “always-on push model”. When an adverse event happens, whether inside work or outside work, an alert is created in the source system or 3rd party federated data provider and then received by Fresh Haystack. A case is auto-generated, the appropriate security individuals are notified, and the adverse event is viewed in context with the subject’s role in the company and in the context of the adjudicative criteria of the classified contracts, programs, facilities, devices, badges and credentials relative to the subject.

This capability enables your organization to view all available data points from a “whole-person” perspective; adding an extra dimension to your corporate risk management and employee safety strategies.

This approach combines:

Activities within the Enterprise (Insider Threat actions)
Activities outside the Enterprise using push technology (true CV) based on configurable risk indicators
A state-of-the-art case management system view of workforce personnel data

All in order to proactively identify and mitigate the threats before they fully mature.

Personnel Security • iRisk Center

The Fresh Haystack platform enables automating the majority of onboarding, HR, and Security processes. The platform further provides the transparency, speed, accuracy, and accountability required for NISPOM and ICD 704 compliant security clearance processing. Our tool does this by implementing industry best practice workflows, business improvement, and automation metrics that are enabled with SLAs (Service Level Agreements), escalations, and notifications. These are enabled for any actions taken by an employee, applicant or contractor during any workflow step in the system and combined with triggered notifications and escalations as timelines are approached and breached. Currently the most common workflows used in the system are: Prescreen Workflows, Program Management (PM), Suitability & Public Trust, Collateral and Sensitive Compartmentalized Information (SCI) Security, Outgoing / Incoming Visit Requests (OVR / IVR), and Document Control.

CANDA Solutions iRisk Center is well-versed with the Fresh Haystack platform and is ready to assist you with outsourced Onboarding, Vetting, Adjudications and Security process functions. This will allow your organization to onboard candidates faster and increase billable revenue while cutting operational costs without compliance compromise. Crucially important is that our customers can dedicate more time to their mission and growing business rather than wasting time on the manual tasks and paperwork.

Personnel Security • Collateral, SCI, Suitability & Public Trust

Fresh Haystack is an enterprise class industrial/personnel security case management system. Our approach goes beyond compliance and features data driven workflows designed to eliminate errors in security clearance processing for seamless submission and process standardization. Our system acts as a force multiplier for your security department, closing the gap on time and expense in security clearance processing. Our clients generally reduce national security contract onboarding time by 66% and reduce security clearance packet submission errors by 80%.

We are different from our competitors and since inception offer modern, secure, web-based interface, scalable architecture, integration and automation with many internal/external systems.

Compliance and Tracking
SLA based Workflows
DCSA Audit Readiness
Notifications & Escalations
Reporting & Metrics
Collateral, SCI, Suitability & Public Trust

Facilities, Contracts, Personnel
Incoming & Outgoing Visit Requests
Documents, Containers, Drawers, Locks
Applicant Portal & Prescreens
Integrations APIs
Cloud-based or On Premise

Personnel Security • Human Resources

The COVID-19 pandemic accelerated the need for many large organizations to reinvent themselves with a focus on innovation in an attempt to enable technology and streamline their hiring practices, breaking down business silos (HR, PMO and Security) the marketplace is seeing a shift in this area. Our Fresh Haystack software has been integrated with multiple Human Resources Systems (HRIS) Systems, Applicant Tracking Systems, Contracts Systems, and Enterprise Reporting Systems. As an example, our multiple integrations with Workday HR, and Workday Recruiter produce the following three high-value integrations that should be considered:

HR Employee Demographic Import and Nightly Batch – An initial import of demographic data from Workday HR. Then, on a nightly basis, the integration picks up any new entries and/or changes to existing personnel. If there are any duplicate entries, they are flagged for correction in our system via our personnel merge function.

Forms Automation – An initial setup for set of the forms needs to be collected from the applicant per contract and/or agency. Then, using Applicant Portal, the secure data collection from applicant, data validation, electronic signature using DocuSign integration and forms generation needed for government submission.

Training Automation – An initial setup for set of the applicant/employee training requirements based on the contract and/or agency. Then, using Applicant Portal, the secure data collection from applicant, training requirements validation, electronic signature using DocuSign and training expiration notifications.

Our clients find that these integrations pay for their entire industrial security tool by simply cutting a few days in the onboarding process for cleared candidates.

Prescreen HRIS Integration – Within your HRIS the Recruiting team can initiate a Security Prescreen on an Applicant the moment they become a Candidate. This provides Recruiters and Hiring Managers with the Prescreen security assessment while making interviewing and hiring decisions.

HRIS-Integration_Recruiting-Clearance-Request_2

Security Clearance HRIS Integration – If the Candidate accepts an offer with CLIENT, their status in Workday is updated to “Clearance Transaction”, and Workday delivers a message to the security tool initiating a Security Clearance Request workflow automatically with no lost time. Ultimately, these 3 integrations generate significant Return on Investment (ROI).

Onboarding • PreScreen

Fresh Haystack helps security departments craft narrowly tailored “clearability” questionnaires for use in conducting security prescreening of candidates for positions involving Collateral/SCI clearances and positions of Suitability and Public Trust. Our questionnaire includes issues such as criminal conviction resulting in incarceration for one year or more; unwillingness to surrender a foreign passport; mental incompetence, as determined by a DOD-approved psychiatrist; discharge from the Armed Forces under dishonorable conditions; or current unlawful use of or addiction to a controlled substance can trigger an automatic denial. This may also include specific guidance provided by government clients involving their suitability standards such as US citizenship required, which can trigger automatic denials. Lastly, this process allows an applicant to remove themselves from the process by “opt out” from moving forward which saves time and resources.

RIDE provides valuable predictive analytics driving contract specific performance metrics allowing to accurately estimate EOD (Entry on Duty) date. This capability is unique in the market.

HR/Recruiting/Hiring and PMs using our system can eliminate bench time and issue an offer letter to the candidate based on the Personnel Security Questionnaire (PSQ) they completed via the Applicant Portal and the adjudicative guidelines evaluated by the Security team. This feature allows users to predict contract start dates which allows for better customer service, planning, and increased contract revenue; furthering the value and billable revenue that the HR and Security team deliver to the organization.

Onboarding • Applicant Portal

Our candidate portal helps applicants fill out, digitally sign (using our strategic partner DocuSign) and submit these forms for PM/Hiring approval. It also assists the PM/Hiring in assembling the packets necessary to submit to the government POCs for EOD (Entry on Duty), saving countless hours of managing paper forms, emails, fax machines and mailing costs. Each of these forms are retained for audit purposes and the data can be used to resubmit updated forms when renewals are necessary, thus eliminating the redundant yearly fire drill and hours spent on manual data entry. This process also provides impactful transparency and accountability in workforce onboarding enabling continuous improvement for all parts of the organization based on metrics, Service Level Agreements (SLA), and response times.

Services Orchestration

We built Fresh Haystack as a digital platform for the business and multiple teams, both within and outside of Security, to take advantage of real-time, event-driven orchestration of business services and automation. Our risk-focused services are built on top of the case management framework, providing integration and automation for any business user of our ecosystem. Design of the system services is achieved through a combination of:

Services orchestration
Automation
RBAC (Role-based Access Controls) resource provisioning and integration with SSO solutions
Event-driven application workflows including SLAs (Service Level Agreement) and checklists
System administration console
AI RIDE to manage data pipelines and scoring ruleset evaluation
Notifications and escalations for task statuses and alerting users when new events are triggered
Reporting and Metrics

All of these features allow us to expand the role of traditional workload automation and deliver cost-savings, digital transformation, operational efficiency and process standardization.

Change Management

Our Agile processes, tooling, repeatable infrastructure and DevSecOps delivery pipeline provide an excellent baseline to ensure nimble ability to quickly pivot to the new requirements, timelines and react to market and policy decisions that may impact systems operations, processes, or business rules implementation.

Our proven FARM methodology is the result of refining, over many years, best-practice Agile delivery with client feedback. Our clients tell us that the collaboration and communication level within FARM is valuable for delivering the right mix of stakeholder involvement throughout the project lifecycle.

As in any innovative and enterprise solution, Fresh Haystack implementation will initially require a significant Change Management (CM) activity. In our experience, success of the implementation and delivery of timely milestones will depend on the following factors:

Laying the groundwork for building the CM plan and ensuring all participants and partners understand the process, timelines, expected outcomes, and responsibilities.
Building a shared understanding of change objectives and establishing a user working group to support creation of the CM plan. This allows collaboration and assessment of the impact on changes for the different user segment, for example Security, Applicant, Investigator, Quality Assurance, PM, Adjudicator, and so forth.
Identifying and addressing barriers likely to prevent users from successfully adopting changes.
Documenting a CM plan tailored to unique change requirements of different staffing segments and defining metrics to track change progress and achievements/milestones.
Reviewing the effectiveness of the CM plan in supporting change outcomes.

Insider Threat Defense • Adjudicative Review

The most recent SEAD-4 describes 13 Adjudicative guidelines as well as the number of disqualifying and mitigating criteria for each. The topics covered by these guidelines range from allegiance to the United States to foreign preference and influence, and from psychological conditions to use of information technology.

Fresh Haystack adjudication workbook and process follows a comprehensive, “whole-person” concept that involves a careful weighting of risk factors in someone’s life when determining if a person is a trustworthy and is an acceptable security risk. Our approach allows for Rapid Vetting, defined and measurable adjudication model of person’s risk based on the data collected for all risk variables involved.

AI RIDE (Risk Integration & Decision Engine) integrates all available data sources and based on the rules compromised of these risk variables – and their weights – calculates risk score, highlights anomalies, and allows risk rulesets changes on the fly. This risk criteria and weights that define adjudication criteria and trustworthiness have never been a constant over time and will continue to evolve with Trusted Workforce 2.0 (TW2.0) initiative. Lastly, out-of-the-box we can support the policy changes and advancement of the personnel security standards.

Investigations Management • Insider Threat

The Fresh Haystack Insider Threat (InT) Investigations solution is an environment that provides a method to scope a InT Investigation, auto-create leads that are extracted from a myriad of integrated data source inputs (i.e. Criminal, Financial, Social Media) and then auto-assigns leads using the proprietary WATO (Work Assignment and Tuning Optimization) algorithm to the Investigator team based on the multiple factors such as significance of the risk score or the lead to be investigated, complexity of the case and others.

This method and structure of InT Investigation Management allow the entire case to be tracked, documented, audited and approved via flexible workflow potentially distributed across multiple business units (i.e., Legal, HR, Security) in any manner deemed appropriate to ultimately speed up investigation and reduce the Enterprise Risk.

CARE • Physical Security

Our Integrated Risk Management (IRM) approach enables security convergence and provides an understanding of operational workforce risk by integrating Physical Security, Cyber, HR and Personnel / Industrial security.

The platform uses various ingestion, mapping, linking, and Artificial Intelligence (AI) techniques; to automatically determine and notify on relevant alerts or issues in real-time. Usually, cyber and physical security data is treated differently, but they should be considered as major threat vectors, and included in the enterprise risk profile.

CARE • CMMC / Cyber

Our Integrated Risk Management (IRM) approach enables security convergence and provides an understanding of operational workforce risk by integrating Cyber, Insider Threat, HR and Personnel / Industrial security. This allows for companies to prepare for CMMC self-assessment activities needed for reducing risk exposure.

Cyber risk vectors specific to CMMC have capability to store and track not only controls related to each CMMC level, process or practice but also capture mitigation date/actions as well as artifacts with proven completion of a particular control. And most importantly, this process can be digital, accelerated and efficient since all the controls are tracked, audited and distributed to the multiple teams with a set of suspense dates and overall risk score.

Insider Threat Defense • CounterIntelligence

Our Integrated Risk Management (IRM) approach enables security convergence and provides an understanding of operational workforce risk by integrating Counterintelligence (CI), Insider Threat, Cyber, HR and Personnel / Industrial security. This allows for companies to truly understand operational personnel risk and define activities needed for reducing risk exposure.

Our capability enables analysts to see what key words are being used to search out information about your organization, people, products and services. Features include search terms used, critical technology types based on the Industrial Base Technology (IBTL), methods of operation and methods of contact linked to programs, users, facilities and country of origin to derive analytics accessing individual / program via risk scorecard.

Based on the risk, a precursor report is generated, and targeted personnel could be added to the Insider Threat program or additional Training and Awareness might be provided to eliminate future risks.

Onboarding • PreHire

CANDA Solutions’ approach is to supply all the building blocks of successful onboarding process and risk management automation through the Fresh Haystack platform. We picked as our strategic partner – Employment Screening Resources® (ESR) – for delivering built-in comprehensive Background Checks. ESR is a global background check firm and a strategic choice for employers who need accuracy and compliance in their background screening programs. ESR is serving more than 244 countries and territories worldwide, more than 50 industries, all 100% of operations are US based and its Certification & Accreditation program puts it in the top 1% of screening firms.

All data available via ESR is integrated into Fresh Haystack which removes the need for manual data entry and enables automation and analytics in the background check execution and results evaluation. It is the one and only company providing real-time compliance with -zero- FCRA suits or actions and fast turnaround times; 90% of searches returned in less than 32 hours.

The Fresh Haystack platform combined with the comprehensive ESR background screening services and solutions empower our clients to make FCRA compliant, informed hiring decisions. In 2020, ESR was named both the #1 Background Screening Firm for Enterprise Organizations and #1 in Quality of Service by HRO Today magazine in its annual awards. In 2018, ESR won the Tektonic award in the background screening technology category, which recognized ESR Assured Compliance® as innovative and disruptive.

User Experience

We assembled the Fresh Haystack platform from the ground up to deliver business benefits and enhance user experience for any business role or user of our product. As a core competency we built in automation, integrations and features within the Fresh Haystack design and development. Furthermore, we continue to enhance our capabilities using the latest technologies such as AI (Artificial Intelligence) and RPA (Robotic Process Automation).

We understand that customer experience, ease of use and operations are crucial to digital evolution and are committed to leveraging new UX technologies, while continuing to adopt, explore, and prioritize the innovations by demonstrating their value to the business, internally and to our partners.

Investigations Management

The Enterprise Investigations Management is a suite that provides a method to scope an investigation, auto-create leads that are extracted from candidate F85p/SF86 form inputs and additional case criteria, and then auto-assigns eads based on the proprietary WATO (Work Assignment and Tuning Optimization) algorithm to investigators based on the multiple factors such as geographical location of the lead to be investigated, complexity of the case and others. The Investigators Portal allows full-cycle accomplishment of:

Investigation initiation and assignment – Geography-based
Investigation Scoping – Auto-scoped based on Tiers 1-5
Investigator Travel – Minimized travel based on geographical assignment approach
Investigator Sourcing – Flexible sourcing via controllable queue
Investigator Assignment – Automated assignment, but with flexibility to manually assign
Investigator Review and Quality Assurance (QA) – QA checks built into workflow
Investigation Invoicing – Invoice generation via BI Contractor contract with expectation that invoices will be lower than normal due to geography-based lead assignment approach.

Investigations Management • Workplace Violence

Workplace Violence (WV) is on the mind of many organization and security leaders. Our WV Investigations solution is an environment that provides a method to scope a WV Investigation, auto-create leads that are extracted from a variety of internal/external data sources (i.e., Security, HR or Social Media) and then auto-assigns leads using the proprietary WATO (Work Assignment and Tuning Optimization) algorithm to the Investigator team based on the multiple factors such as significance of the risk score/threat or the lead to be investigated, complexity of the case and others.

This method and structure of WV Investigation Management allow the entire case to be tracked, documented, audited and approved via flexible workflow and potentially could be distributed across multiple business units (i.e., Legal, HR, Security) in any manner deemed appropriate to ultimately speed up investigation and reduce the Enterprise Risk.

Personnel Security • Trusted Workforce 2.0

Establishing and maintaining trust is the core goal of the Federal personnel vetting program. In March 2018, Trusted Workforce 2.0 (TW2.0) transformational effort was launched. Fresh Haystack started updates to its platform immediately to enable effective personnel vetting outcomes, facilitate transparency and accountability for our customers to support TW2.0 initiative.

Our platform supports holistic risk management by bridging the gap between the personnel, their profiles, critical facilities, programs and assets, networks and cyber activity to continuously deliver trust while minimizing organizational risk exposure. And our Personnel Security and Insider Threat solutions include all corresponding standards and business outcomes beyond simple compliance – driving continuous improvements based on the data driven security and risk management practices.

Personnel Security

NextGeneration_Industrial-Security-Blueprint_PerSecDetail-10

Accelerate the Federal Government Security Clearance Process

Fresh Haystack makes it easy to accelerate candidates and employees through the security clearance process and easily organize, manage and track all associated artifacts and data. Gain instant velocity with a fresh approach.

Give your Security Team the best Tools in the Game

Your Security Team wants to process candidates fast and error free so your company can have happy customers and be more profitable, not fight with messy spreadsheets, hanging email and outdated software that slows them down.

Gain Top-Line Revenue, Reduce Bench-Time and Maximize classified position profitability.

Leverage Fresh Haystack to fill classified positions across your portfolio of contracts ~24 business days sooner than industry average. An extra 192 hours per new-hire makes a significant impact to the business.

Case Studies

Onboarding

The Deltek Government Contracting Industry Study (11th Annual Comprehensive Report) conducted in 2020 found that “finding, recruiting and retaining qualified talent continues to challenge the government contracting sector. Talent shortages and commercial competition for candidates have complicated matters for human capital management leaders.” It also discovered that “high turnover rates are affecting all companies, but 47% of large businesses are experiencing 16% or higher turnover”.

Findings in this report are significant and bring onboarding issues and automation to the forefront of the onboarding process. Another major challenge is the pandemic and the new “normal” with many large organizations planning to allow WFH (work from home) for an unknown period of time, if not permanently. This shift creates multiple challenges with applicant/candidate enrollment, onboarding procedures, collecting forms and fingerprints, and delivering badges and/or assets to the applicant/candidate.

Fresh Haystack developed a set of services (A to G on the diagram) which connect multiple business users and processes to remove bottlenecks in the cycle, enable seamless and automated integrations between Human Resources (Hiring and Recruiting), Project Management, Security and applicants/candidates. We crafted this solution to shorten the onboarding cycle, streamline the overall experience, deliver time savings, and provide hyperautomation customizable to any level of the organizations’ deployment strategy.

Onboarding • Forms Automation

Fresh Haystack provides tools for the Program/Hiring/Recruiting Managers to assist with contract or agency specific onboarding which delivers a self-service for contract document completion, submission, and approval. Typical documents required for Entry on Duty (EOD) may include government wide forms like the OF306, agency specific forms such as DHS 11000-25, contract /badge specific and required training as well.

Hyperautomation

Fresh Haystack developed a set of risk-focused services connecting multiple business users and processes, typically operating in the silos, to:

Remove bottlenecks in the Risk Management processes
Enable seamless and automated integrations between Human Resources (Hiring and Recruiting), Project Management, Security and applicants/candidates
Shorten the onboarding cycle
Streamline the overall experience
Deliver time savings, and
Provide hyperautomation customizable to any level of the organizations’ deployment strategy.

Our solution brings transparency and accuracy, cost reduction, and faster process speeds to all business units involved as well as continuous improvement and automation metrics. The flexibility of this platform enables any, small or large, organization to realize time to value with low-cost and low-risk investment.

A message for C-Suite

Productivity

We deliver transformative and improved security operations, all while significantly increasing productivity.

ROI

Your Security Operations will deliver unparalleled Return on Investment (ROI) – become a profit center and not a cost center!

Integration

By integrating with your HR, Contracts, Recruiting, Timesheets and other critical to business operations systems, we streamline the complex security management processes, remove manual touch points, and bring clarity to candidates, security personnel, adjudicators, investigators, and internal auditors.

Customer Benefits

See for yourself!

Run the numbers in our FREE Business Case Calculator

Before and After Fresh Haystack

We can help you achieve this, too. Try your FREE Business Case today!

Chris Hagenbuch

Principal

Chris Hagenbuch is a Principal at CANDA Solutions, a software and services firm specializing in industrial security, insider threat, continuous vetting, and counterintelligence, as well as Investigations management. CANDA’s flagship product Fresh Haystack has been proven to increase billable revenue by 60% and cut expenses by 40% when implemented throughout the hiring cycle of the Defense Industrial Base contractors. Chris’s subject matter expertise is sought after for insider threat, continuous vetting, and investigative analysis.

This knowledge was built while spending 20 years supporting law enforcement, threat assessment, background investigation and credentialing programs within DHS (such as Registered Traveler, TWIC, HME, FFDO, Aviation Workers, TSA Personnel Security, Federal Air Marshals, US-Visit and The US Secret Service), and over 25 years providing project, program, and portfolio management services with direct P&L to $250M. He has a Bachelor of Arts in Engineering from Lafayette College and a Executive Education Certificate of Finance From the Wharton School

Known for his work and presentations regarding Agile system delivery, identity management, information assurance, vetting and credentialing practice areas, his experience spans across consumer, corporate, and government areas. A leading security expert, Hagenbuch has been engaged in various working groups, participated in publications, provided speaking engagements and lectures, and received several awards.

Paul Perkins

Senior Vice President of Global Sales

Paul Perkins joined CANDA solutions in 2020 as the SVP of Sales focused on growing the business, revenue & the team for the Fresh Haystack Enterprise Industrial Security solution as well as the CARES (Continuous Adaptive Risk Evaluation solution).

Paul focuses on Federal, State & Local Governments, Higher Education and the Commercial market for CANDA as well as growing our partner community both technology and VAR. Paul has practiced in the Cyber Security solution market for over 20 years and joins CANDA Solutions with experience in both sales & sales leadership with companies such as Unisys, IBM, Dell and Bit9.

While at Unisys Paul led a team of experienced sellers and sales engineers focused on all of the public sector security sales efforts & the Stealth solution, Paul was able to grow revenue by over 200% and the partner community by over 300%. At IBM Paul was a leader in taking the standard IBM Security suite of solutions and converting them to a SaaS offering focused on the Federal, SLED and commercial markets, growing revenue by 300% and the partner community by over 500%.

Andy Farrell

Chief Growth Officer

Andy has extensive experience in Federal and Commercial Business Development, Capture, and Customer Account Management. He brings a track record of successful business acquisition within ultra-competitive market environments. Andy is seen by his co-workers, customers, and partners as a leader with high integrity and driven to achieve results.

At CANDA, Andy’s focus is on the alignment of the Federal and Commercial Business Development, Direct Sales, Channel Sales & Marketing. Andy works closely between our product teams, the market, and industry as we look to continue developing new avenues of business growth.

Chris Leonard

Chief Delivery Officer

Mr. Leonard has extensive experience delivering information technology consulting services for government and commercial clients. Demonstrated management success in leading teams to deliver mission critical, high-quality, enterprise solutions and achieving outstanding customer satisfaction ratings.

Chris has considerable experience with a variety of technologies including systems architecture, design, and full life cycle system development including Agile methodologies and DevSevOps. He has project management experience at the project and program management level including full P&L and business development responsibilities.

Andrew Razumovsky

Principal

Principal of CANDA Solutions, LLC, Andrew Razumovsky is responsible for the systems’ delivery, operations, and business development efforts. Mr. Razumovsky brings more than 22 years of total industry experience of computer based business applications, data warehouse, databases development, customer support using various operation systems, tools, and hardware platforms.

With over 15 years of extensive experience as an information technology specialist with focus on risk and threat assessment, law enforcement and case management programs, Mr. Razumovsky has advised major US government clients such as Dept. of Defense, Dept. of Justice, State Department, NASA and the Department of Homeland Security. He has a concentration in the persistent challenges of security focused Human Capital and Enterprise Risk. Razumovsky’s vast experience, including working with IBM, Arbitron and CommerceOne, paves the way for Fresh Haystack, the next generation risk focused case management solution. He is an acknowledged expert in the development of innovative solutions for database, credentialing, security systems, and Agile delivery.

His main focus areas at CANDA are Enterprise Risk Management, Product Innovation and Business Development driving customer acquisition resulting in significant growth for the company and industry awards.

Mr. Razumovsky currently serves on INSA (Intelligence and National Security Alliance) Security Policy Reform Council (SPRC). Andrew is giving back to community as a board member of the Associated – Jewish Federation of Baltimore and Jewish Community Services (JCS).

Mr. Razumovsky earned a Master of Science degree in Applied Mathematics from the Tbilisi State University and received a Certificate of the Management Excellence at Harvard Business School.

ENTERPRISE INVESTIGATIONS MANAGEMENT

Streamline Investigations Management through Algorithm-based Optimization and Assignment

The Enterprise Investigations Management is a suite that provides a method to scope an investigation, auto-create leads that are extracted from candidate F85p/SF86 form inputs and additional case criteria, and then auto-assigns eads based on the proprietary WATO (Work Assignment and Tuning Optimization) algorithm to investigators based on the multiple factors such as geographical location of the lead to be investigated, complexity of the case and others. The Investigators Portal allows full-cycle accomplishment of:

Investigation initiation and assignment – Geography-based
Investigation Scoping – Auto-scoped based on Tiers 1-5
Investigator Travel – Minimized travel based on geographical assignment approach
Investigator Sourcing – Flexible sourcing via controllable queue
Investigator Assignment – Automated assignment, but with flexibility to manually assign
Investigator Review and Quality Assurance (QA) – QA checks built into workflow
Investigation Invoicing – Invoice generation via BI Contractor contract with expectation that invoices will be lower than normal due to geography-based lead assignment approach.

CONTINUOUS ADAPTIVE RISK EVALUATION

CARE solution bridges this gap by converging the individuals, their profiles, access, networks, risks and activity into a single pane of glass for agencies and corporations to evaluate true risk exposure by consistently making intelligent data-driven decisions to access, track and capture mitigation opportunities while continuously delivering Trust and minimizing Enterprise risk

The CARE module is based on an Enterprises’ ability to baseline and prioritize critical programs, personnel, facilities, suppliers / vendors / subcontractors, and assets within the Fresh Haystack ecosystem to access, manage, investigate, and mitigate Risk continuously

Our out-of-the-box CARE approach aligns with 4 out of the 5 pillars of the National Counterintelligence Strategy released in February 2020.

Protects the National Security Infrastructure
Reduces threats to Key US Supply Chains
Counters the Exploitation of the US Economy
Counters Foreign Intelligence Cyber & Technology Operations

CMMC Risk Stream coming soon

INSIDER THREAT DEFENSE (ITD)

Trust Everyone until given a reason not to…

CE is a personnel security investigative process that leverages an automated records check (ARC) methodology and applies standardized business rules to identify adjudicatively relevant information to assess cleared individuals’ on-going eligibility for access to classified information **Source ODNI / NCSC

Fresh Haystack approaches Continuous Evaluation, Insider Threat and CounterIntelligence via a multi-source, “always-on push model”. When an adverse event happens, whether inside work or outside work, an alert is created in the source system or 3rd party federated data provider and then received by Fresh Haystack. A case is auto-generated, the appropriate security individuals are notified, and the adverse event is viewed in context with the subject’s role in the company and in the context of the adjudicative criteria of the classified contracts, programs, facilities, devices, badges and credentials relative to the subject.

This capability enables your organization to view all available data points from a “whole-person” perspective; adding an extra dimension to your corporate risk management and employee safety strategies.

WHAT YOU CAN HAVE WITH FRESH HAYSTACK

Productivity

We deliver transformative and improved security operations, all while significantly increasing productivity.

ROI

Your Security Operations will deliver unparalleled Return on Investment (ROI) – become a profit center and not a cost center!

Integration

By integrating with your HR, Contracts, Recruiting, Timesheets and other critical to business operations systems, we streamline the complex security management processes, remove manual touch points, and bring clarity to candidates, security personnel, adjudicators, investigators, and internal auditors.

What makes us different?

I want to make DSS Compliance easy!

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

ENTERPRISE INDUSTRIAL SECURITY

Accelerate the Federal Government Security Clearance Process

Fresh Haystack makes it easy to accelerate candidates and employees through the security clearance process and easily organize, manage and track all associated artifacts and data. Gain instant velocity with a fresh approach.

Give your Security Team the best Tools in the Game

Your Security Team wants to process candidates fast and error free so your company can have happy customers and be more profitable, not fight with messy spreadsheets, hanging email and outdated software that slows them down.

Gain Top-Line Revenue, Reduce Bench-Time and Maximize classified position profitability.

Leverage Fresh Haystack to fill classified positions across your portfolio of contracts ~24 business days sooner than industry average. An extra 192 hours per new-hire makes a significant impact to the business.

ENTERPRISE PERSONNEL SECURITY

Accelerate the Federal Government Security Clearance Process

Fresh Haystack makes it easy to accelerate candidates and employees through the security clearance process and easily organize, manage and track all associated artifacts and data. Gain instant velocity with a fresh approach.

Give your Security Team the best Tools in the Game

Your Security Team wants to process candidates fast and error free so your company can have happy customers and be more profitable, not fight with messy spreadsheets, hanging email and outdated software that slows them down.

Gain Top-Line Revenue, Reduce Bench-Time and Maximize classified position profitability.

Leverage Fresh Haystack to fill classified positions across your portfolio of contracts ~24 business days sooner than industry average. An extra 192 hours per new-hire makes a significant impact to the business.

Members of

Trust Everyone until given a reason not to…

Accelerate the Federal Government Security Clearance Process

Give your Security Team the best Tools in the Game

Gain Top-Line Revenue, Reduce Bench-Time and Maximize classified position profitability.

Streamline Investigations Management through Algorithm-based Optimization and Assignment

Trust Everyone until given a reason not to…

Productivity

ROI

Integration