Champa Bhushan – Reston Consulting Group

In 1987, the idea of a cyberattack—that someone might gain control of your computer system and steal your organization’s dollars or data—sounded like science fiction. Back then, the primary threats were of the physical sort: keeping cash in safes and making sure that buildings were properly locked.

Thirty-one years later, the security landscape hasn’t simply shifted; it’s been tectonically altered, heaved up and under by hackers bent on disruption, destruction and discord.

Champa Bhushan, cofounder and CEO of the D.C.-area-based Reston Consulting Group (RCG), understands the new stakes. Her company, founded in 1987, has clients that include government agencies and corporate luminaries which have had to evolve—and improve—with the changing times.

“No one saw this coming,” Bhushan says, herself included.

Despite the hackers’ knack for always being “two steps ahead,” Bhushan says RCG is one company that’s managed to stay hot on their trail—and far ahead of the network infrastructure curve.

Government jobs

As first clients go, the National Oceanic and Atmospheric Administration (NOAA) is a pretty tough act to follow. Established by President Richard Nixon in 1970, the agency is charged with monitoring atmospheric, oceanic and waterway conditions, along with providing inclement weather warnings.

Given NOAA’s scientific purview, state-of-the-art technology is paramount. But when Champa’s husband, Brij Bhushan, introduced himself to a NOAA representative during a 1988 telecom industry conference, the agency’s needs were a bit more basic.

“This was around the time the government started really getting into telecom and more advanced networking technologies,” she recalls. “We started out specializing in landlines and fiber, and NOAA was looking for a terrestrial wide-area networking capability.”

A few weeks later, NOAA formally commissioned RCG to consolidate its networks—which had previously been siloed—using state of the art multiprotocol label switching technology. The agency has been a regular client since, and RCG has most recently worked on its weather wire service, radio and other dissemination systems.

According to Bhushan, government work has become RCG’s “bread and butter.” In 2004, the company helped the Department of Commerce overhaul its entire digital infrastructure, featuring a new “fiber backbone” and voice over internet protocol (VoIP) capabilities for 5,000 employees and a building the size of a full city block.

For the U.S. Small Business Administration, RCG designed, and later upgraded, a wide-area network that allowed the department’s 110 field offices to communicate more effectively.

“Even though we’re a really small company, we’re still able to be competitive for a lot of government contracts,” Bhushan explains. “These entities are operating on tight budgets, so our size gives us a bit of an advantage in that regard.”

However, federal contracts tend to be cyclical—they can change dramatically depending on the administration—which is why RCG is now setting its sights more on the commercial sector, particularly in the realm of security consulting.

And not a moment too soon, either.

The next frontier

According to Juniper Research, a marketing and forecasting firm, by 2019, cybercrime will cost businesses over $2 trillion annually. That’s a fourfold increase from 2015. Just as alarming, the average cost of a data breach will exceed $150 million by the year 2020.

Another statistic: In 2016 alone, the U.S. government spent $28 billion—with a “b”—on cybersecurity.

Given the urgency, RCG’s federal work won’t be drying up. But it’s in the commercial sector that Bhushan sees the greatest opportunity to grow the company.

“Part of the reason security has become so difficult is because it wasn’t a major focus early on—20 and 30 years ago,” Bhushan says. “We’ve been working in that sphere nearly from the beginning, and have developed proven incident response strategies we believe can translate very well to the private sector.”

RCG’s suite of services runs an impressive gamut, from security risk management and strategic planning to disaster recovery and penetration testing. Having operated NOAA’s incident response for 22 years, the company is well-versed in the demands of attack management.

“We don’t just give you a plan and walk away,” Bhushan says. “We give our clients tangible milestones, so that they know how they’re improving and where there’s still work to be done.”

One industry Bhushan cites as especially fertile is banking and finance, where analysts predict a precipitous rise in cyberattacks—many of them aimed at vulnerabilities in new and emerging technologies, from cutting-edge software to machine learning.

While RCG’s corporate foray promises stiff competition for contracts, retaining those clients is one thing Bhushan isn’t really worried about. To date, the company touts a 98 percent customer satisfaction rating, accolades that earned RCG a Small Business of the Year award from the Small Business Administration.

Proud as she is of her company’s accomplishments, Bhushan recognizes—and relishes—the challenges ahead.

“The threats we face are greater than ever, but I believe our team brings a unique depth of knowledge and hands-on experience,” Bhushan says. “We’ve been a difference-maker for many different government agencies, and we think we can bring the same dynamism to private industry.”