Our Investment in Second Front: Strengthening America Through Software

The U.S. Government’s investment into defense technology has led to some of the most impactful commercial inventions in history, including semiconductors, modern gas turbines, satellite navigation systems (GPS), and the Internet. And given venture capital’s goal of generating outsized returns by backing world-changing technology, you would think defense tech would be generating as much buzz as AI. Yet there has historically been muted venture capital participation because the timeline and unpredictability of selling to the government has historically been unfriendly to new vendors, with money and time outstripping the runway of a typical startup. This has resulted in the US government being slow to adopt many innovative technologies that could not only strengthen national security and enhance geopolitical stability but do so at a much more efficient cost to the US taxpayer than the status quo.

Nowhere is this more apparent than looking at the $100Bn spent annually on information technology underpinning the federal government – according to a 2019 study by the Government Accountability Office the age of key legacy IT systems range from 8 to 51 years and feature outdated software languages (COBOL anyone?), unsupported software, and known security vulnerabilities [1]. In FY22 over half of this $100Bn went to maintaining these legacy systems whereas only $12Bn was spent on modern cloud services [2]. To help rectify this the Federal Government has begun enacting modernization efforts such as a $1B allocation to the Technology Modernization Fund by the 2021 American Rescue Plan [3]. Additionally, units such as the Chief Digital & Artificial Intelligence Office (CDAO) and its Tradewind acquisition program to accelerate the procurement of artificial intelligence/machine learning, digital, and data analytics solutions with the Department of Defense (DoD) [4]. Indeed it appears the fastest way to strengthen America’s standing in the world is to invest not in bullets but rather bits. Today we are thrilled to announce we have led the Series B financing of Second Front to support their mission of fast-tracking the adoption of disruptive software within the government.

The challenge of selling to the government, especially the DoD, can be seen by the broad consolidation we’ve seen amongst vendors. The National Defense Industrial Association (NDIA) states that the defense ecosystem has lost a net of 17,000+ companies and the DoD estimates the number of small businesses participating in the defense industrial base has declined by over 40% in the last decade [5]. Even though small businesses made up 73% of all companies and 77% of the R&D companies that did business with the DoD in 2021, close to 80% of the money goes to the top 5 defense primes [6,7]. The participation of small businesses, especially emerging startups, are integral to the proliferation and scaling of innovative technologies that make Americans safer – one high profile example is Moderna, a former DARPA (Defense Advanced Research Projects Agency) grant recipient that produced millions of mRNA vaccines to help fight the global COVID-19 pandemic.

A key reason behind the declining defense industrial base is the federal acquisition process is cumbersome – so much so that many companies have chosen to turn away from selling to the government altogether. To deploy software in a government network, a vendor must receive an Authority to Operate (ATO) – a certification that governments use to manage risk in their networks – and then recertify their software for every major update. This used to be a highly manual and bespoke process until the U.S. Government introduced FedRAMP in 2011 to help standardize and expedite the ATO process for cloud solutions. For companies that want to do business with the Defense Department, they may have to go a step further than FedRamp, meeting criteria according to Defense Information Systems Agency’s Impact Level (IL) Certifications.

Image source: Second Front, November 2023

Whether FedRamp or DoD ILs, vendors still need to jump through numerous technical hoops and engage in a long drawn-out process to receive an ATO. This includes identifying a government sponsor (i.e., an authorizing official), hiring a third party vetting agency to conduct extensive testing and complete extensive assessment documentation, implementing relevant security controls that result from that report, and then hiring a devops team to operate and monitor the software after deployment. Achieving FedRAMP certification is typically a 6 to 24 month process that can cost upwards of $1M+, which is cost prohibitive for startups or mid-market software companies and can be a distraction to their non-government commercial activities. Undergoing this process is also quite risky since a vendor typically has to pursue the certification process in advance of having certainty of securing a government contract in the first place. Furthermore, an additional recertification process is required for every major software update as well as periodic reassessments depending on the federal agency so there is ongoing cost and operational overhead for a vendor. As of November 2023, FedRAMP has certified only 320 vendors, implying an average of 26 per year since the program’s inception [8]. This is a staggering low number considering the thousands of startups founded every year (not to mention the thousands of established growth and mid-market tech companies) which have innovative products that could benefit the federal government.

Enter Second Front

Game Warden, Second Front’s DevSecOps platform, enables commercial software vendors to deploy software to DoD customers in a secure, cost-effective, and rapid manner. Game Warden shortens the process to receive an ATO to 60-90 days at a fraction of the cost. Since, ATOs typically vary in requirements, the high degree of configurability enables Second Front to customize the platform to the needs of the software vendor. This includes deployment on multiple public clouds and DoD impact levels, with FedRamp, StateRamp, expanded classified networks, and certifications required by US allies in the works.

Image source: Second Front, November 2023

Customers begin their onboarding journey with a technical review of their application via a CSM. They then upload their application container into the Game Warden Container Repo which hardens the images through a battery of security scans and tests before allowing the containers to be deployed into staging or production environments. Future updates and releases can be completed in a continuous fashion according to modern CI/CD practices without requiring a vendor to recertify their ATO. The vendor also doesn’t need to worry about assembling a devops team to scale the application as Game Warden includes an SRE team for Day Two operations, covering everything from incident response to logging to reporting.

While serving in the U.S. Marine Corps, co-founders Peter Dixon, Mark Butler, and Nate Hughes saw firsthand the damages done by an outdated acquisition system to those on the frontlines of defending our country. To address this critical issue, they formed Second Front as a public benefit corporation with the mission of accelerating the adoption of technology by the US and its allies. Peter has since recruited an elite team of executives to scale the company, including CEO Tyler Sweatt, CTO Enrique Oti, and CPO Michael Neumann. Tyler is a former Army officer with over a decade of experience selling to the federal government. Enrique was previously the founder and commander of Kessel Run within the US Air Force, an agile software development organization known to be the foundation of the movement to bring modern, commercial software development practices into the DoD. Michael Neumann previously spent 15 years in the intelligence community culminating in his leadership as the technical director and Chief Data Scientist of the CIA. We are grateful for the steadfast dedication of the Second Front team in serving our country and it has given them unending customer empathy that makes the team particularly well-suited to executing the company’s mission.

Whether Cloudflare and its mission to build a better Internet or MongoDB and its mission to empower innovators to transform industries by unleashing the power of data, NEA has a long history of partnering with mission-driven founders to build category-defining infrastructure software companies. We are inspired by Second Front’s mission to strengthen America through software and we couldn’t be more proud to back Peter, Tyler, and the entire Second Front team.

Sources:

1. https://www.gao.gov/products/gao-23-106821

2. https://www.csis.org/analysis/accelerating-federal-cloud-adoption-modernization-and-security

3. https://tmf.cio.gov/projects/

4. https://www.defense.gov/News/Releases/Release/Article/3464012/chief-digital-artificial-intelligence-office-celebrates-first-year/

5. https://www.ndia.org/-/media/sites/ndia/policy/vital-signs/2023/ndia_vitalsigns2023_final_v3.pdf

6. https://media.defense.gov/2023/Jan/26/2003150429/-1/-1/0/SMALL-BUSINESS-STRATEGY.PDF

7. https://about.bgov.com/top-defense-contractors/, https://www.joincolossus.com/episodes/47841592/luckey-inventing-the-future-of-defense?tab=transcript

8. https://marketplace.fedramp.gov/products