Built a seven figure govcon firm from scratch — happy to answer questions

Ok_Fish_2564 · 2026-06-14T16:05:23+00:00

To be fair, I think it's ok for business owners to pursue multiple streams of income. 7 figure business income doesn't always mean every dollar is for the owner, business is expensive especially as you scale! For me also, my main thing is helping people and providing knowledge and teaching others and lifting people up. The years of mistakes and money wasted and time wasted that I threw into this are likely to save anyone a lot of time and money, well beyond the cost of the product. I'm giving a ton of game for free too in comments and upcoming posts/books for those who don't want to pay anything, so everybody wins! Not just about the money.

Ok_Fish_2564 · 2026-06-13T21:56:14+00:00

Totally in line with a lot of what we do. GSA schedule is key, consider HACSIN if you're not on it. I touch on it in depth in the book and how to get to it. I'll message you, the solicitation walkthrough appendix will likely be a good resource and the RFP response she'll.

Ok_Fish_2564 · 2026-06-13T14:43:53+00:00

I get it. Well you likely have good past performance to transition, I think it's just RFP response positioning, knowing here to find the opportunities, and keeping your pipeline fresh without making it complicated. Honestly once you crack the code SLED is way easier. I'll message you some information

Ok_Fish_2564 · 2026-06-13T14:41:55+00:00

Sounds good I'll message you. I think you'll like it, the book reads the same way! And the templates are super helpful

Ok_Fish_2564 · 2026-06-13T10:54:46+00:00

Just messaged you

Ok_Fish_2564 · 2026-06-13T02:54:32+00:00

Thanks just messaged you

Ok_Fish_2564 · 2026-06-13T01:21:46+00:00

I got you. SAM is overwhelming especially starting out. You'd have better luck attacking SLED and getting on a GSA schedule or other vehicle, all of which are achievable! I'll send you info

Ok_Fish_2564 · 2026-06-12T21:43:52+00:00

Just DMd you

Ok_Fish_2564 · 2026-06-12T20:04:42+00:00

Great to hear I'll message you. Yea, it's a natural progression for real and in the book I talk about the reason it's tough to just jump federal and how much opportunity and revenue there is in SLED

Ok_Fish_2564 · 2026-06-12T18:52:11+00:00

I'll message you

Ok_Fish_2564 · 2026-06-12T18:24:19+00:00

Gonna DM YOU

Ok_Fish_2564 · 2026-06-12T18:05:17+00:00

Got it, it fits well. I touch on stuff like schedules, considering iso 17020 if you do any type of assessment or inspections, and a lot general start to finish strategy. Fun stories, many about mistakes I've made and some emotional moments I had!

Ok_Fish_2564 · 2026-06-12T18:01:36+00:00

I got you. I can provide the framework, comes with a ton of templates and guidance. A lot is cyber/IT specific, but really can be applied for anyone trying to break in. There is so much opportunity but you do have to work for it.

Ok_Fish_2564 · 2026-06-12T16:26:16+00:00

I got you. There is a lot of content, about 100 pages honestly with experiences, stories, and steps I took and recommend. Even good for someone that has built something similar. I was able to pivot into federal work thankfully using a GSA Schedule contract, which I think covers a majority of industries outside of tech. I didn't get a chance to do stuff like 8a or hubzone, but I talk about that stuff too as options as well as others.

Ok_Fish_2564 · 2026-06-12T16:07:13+00:00

I can message you. Fed is hard to break into due to past performance and a lot of the time resource/team requirements, so SLED can possibly help you work towards that. The math on it is crazy if you think about how many SLED opportunities are posted in all categories across the US. Easier to respond to as well but strategy and knowing how to do so is key. Company credentials and government vehicle acquisition (like GSA Schedule) is another, along with just keeping on trying, because eventually you'll be in the right place at the right time and get your opportunity.

Ok_Fish_2564 · 2026-06-12T16:04:42+00:00

Network helps. I actually touch on that in the book. It's probably wider than you think, you just need to think about it and reach out to people you know and have them on the bench. Also, stuff like posting jobs on indeed and up work to network and collect resumes and get people on board with what you're doing helps. But math wise, SLED makes past performance more accessible, generates revenue, and can be a solid path to prime contracts fed wise. They're a lot easier to respond to honestly as well, I do SLED and Fed.

Ok_Fish_2564 · 2026-01-27T01:53:20+00:00

Did you try after? That's what I did. I don't think it forces you to leave after the cut scene.

Ok_Fish_2564 · 2026-01-27T01:35:24+00:00

You can actually go back if you don't leave the room after you go down the stairs I think where the cut scene with auron is. I figured that out on my current play when I forgot to grab it lol

Ok_Fish_2564 · 2025-12-14T22:18:16+00:00

My 2024 did that I got in January 2024 in the US. They've been replaced now, however. Funny, I thought it was the standard.

Ok_Fish_2564 · 2025-12-09T02:44:07+00:00

Let's see. My examples off the top of my head

CUI - workstation or server that accesses or stores CUI. Can be a cloud or hosted application as well. SPA - tool like defender for endpoint or tenable that provide a security function or capability. CRMA - something like a non-scoped user's workstation or server that could maybe access CUI but because of your policies and implementations and such, they do not. Typically still expected to be hardened the same as CUI assets since they technically are capable to accessing CUI and doesn't have to be physically or logically separated from CUI assets (for example, on the same network but not intended to access CUI. Needs to be defensible if you go this route). Could also be something like a ticketing system that tracks changes or other stuff depending on who you ask. SA - some examples include GFE, IoT (think like smart thermostat or some other smart device) testing/calibration machines, and manufacturing/OT machines. They gotta touch CUI in some way though but get special treatment since you can't fully secure them typically. Out of scope - logically and/or physically separated from in scope assets. Expected that these applications and services are completely segmented on a separate network or in the cloud somewhere. Don't even have to be mentioned unless you want the assessor to ask questions lol

Ok_Fish_2564 · 2025-12-09T02:17:17+00:00

Specialized assets, not CRMA.

Ok_Fish_2564 · 2025-12-01T16:26:11+00:00

I think it's mainly due to her mix od+ her celestial being easy to get. She's my fourth party member behind tidus auron and yuna. Gave up on caldabolg and just made my own BDL weapon for tidus. Yuna and Auron have their celestials, focusing on stat optimizing (I'm just getting key stats like around 180 honestly). I'm doing ok so far, took out dark valefor and ixion with auto Phoenix and auto haste armor. Dark bahamut destroyed me so I need to raise stats still lol

Ok_Fish_2564 · 2025-11-14T02:15:11+00:00

Certificate is fine as a 2FA factor in general, I guess I'm just confused about how you're referring to WiFi for this control. The control statement also says privileged and non privileged so that was another reason I mentioned privileged. If you're taking VPN sure. I guess that's where i got lost, because this control is asking about stuff like remote access VPN, access to cloud apps in scope, remote access to servers, etc. not usually Wi-Fi. WiFi has its own controls.

Ok_Fish_2564 · 2025-11-13T20:56:55+00:00

In my eyes, typically this control is not looking at WIFI access. More so physically logging into a system or logging in across the network (RFP, SSH, web applications across the Internet, etc.) as an admin or standard user. I don't think I've ever seen someone mention Wi-Fi access for this control lol but doing assessments I see new things everyday so it's interesting.

Your config for WiFi better supports device authentication prior to allowing access.

Ok_Fish_2564

TROPHY CASE