COLORADO SPRINGS, CO

Veteran-owned software consulting for the space and defense missions

SDVOSB-certified engineers building, modernizing, and integrating software for U.S. Space Force, NORAD/NORTHCOM, Schriever and Peterson SFB, and Fort Carson programs.

Veteran-Owned SDVOSB
001 / 005 Field Conditions

Mission software in the Springs gets stuck between aging C2 stacks and AI hype

Situation

Program offices on the Front Range carry the same scar tissue. A C2 system written in 2003 still runs the watch floor. A modernization effort kicked off two years ago and produced a Figma file and three reorgs. Vendors pitch generative AI demos that would never survive an ISSO review. Meanwhile operators are still copying tasking out of a SharePoint list into a Java thick client. The gap is not strategy — it's engineers who understand both the mission tempo and what it takes to get code through an ATO without breaking the schedule.

  • Legacy C2 and ISR tools wedged on Windows Server 2012 with no upgrade path and tribal knowledge owned by two retiring contractors
  • RAG and LLM pilots that ignore IL4/IL5 data handling, CUI marking, and audit requirements — killed in security review
  • Staff aug vendors who rotate junior engineers through cleared seats and bill like principal architects
  • Modernization roadmaps that assume a clean rewrite instead of strangling the system one bounded context at a time
SDVOSB
Certified and SAM.gov registered
TS/SCI
Cleared senior engineers available
6–12 wk
Typical first production slice
002 / 005 Operational Approach

How we work alongside Space Force, NORAD, and Fort Carson programs

  1. STEP-01

    Mission and authority mapping

    We start by mapping the operational mission, the ATO boundary, and the data classification. That means reading the SSP, talking to the ISSO, and identifying which IL level (IL2/IL4/IL5/IL6) the workload actually needs — not what the contract aspirationally promises.

  2. STEP-02

    Cleared engineers on the bench

    Senior engineers with Secret and TS/SCI clearances pair with your government PM. We staff for the SCIF when needed and for unclassified dev environments when it speeds delivery. No offshore handoffs, no contractor-of-contractor chains.

  3. STEP-03

    Modernize the C2 stack in slices

    Legacy command-and-control systems do not get rewritten — they get strangled. We wrap Oracle Forms, MUMPS, and aging .NET services with documented APIs, then peel functionality into containerized services on Platform One, AWS GovCloud, or Azure Government.

  4. STEP-04

    RAG and LLM integration on controlled data

    Claude and GPT do not touch CUI without guardrails. We deploy retrieval pipelines using Bedrock in GovCloud or self-hosted Llama variants, with audit logs, prompt redaction, and role-based access tied to CAC/PIV identity.

  5. STEP-05

    Handoff with runbooks, not slides

    Delivery includes Terraform, GitHub Actions pipelines, OpenAPI specs, threat models, and an on-call runbook your blue-suit operators can actually execute. We stay on retainer for the first 90 days of sustainment, then transition cleanly.

PYTHON PATTERN 
# Example: CAC-authenticated RAG query against CUI document store
# Runs in AWS GovCloud (IL4). Bedrock + OpenSearch + Cognito federated to DoD ICAM.

from voostack.gov import bedrock, opensearch, audit
from voostack.auth import require_cac, classification

@require_cac(min_assurance="PIV-Auth")
@classification.enforce(max="CUI//SP-PRVCY")
def answer(question: str, user) -> dict:
    # 1. Retrieve only docs the user is cleared and need-to-know for
    hits = opensearch.search(
        index="j3-tasking-cui",
        query=question,
        acl_filter=user.access_tags,   # e.g. {"NORTHCOM", "J3", "CUI"}
        k=6,
    )

    # 2. Redact any markings above user's ceiling before prompt assembly
    context = classification.redact(hits, ceiling=user.ceiling)

    # 3. Bedrock Claude in GovCloud — no data leaves the boundary
    response = bedrock.invoke(
        model="anthropic.claude-3-5-sonnet-gov",
        system="Cite source doc IDs. Refuse if context is empty.",
        messages=[{"role": "user", "content": f"{context}\n\nQ: {question}"}],
    )

    # 4. Immutable audit log: who asked what, which docs, which model
    audit.write(user=user.edipi, q=question, doc_ids=[h.id for h in hits],
                model=response.model, ts=response.ts)

    return {"answer": response.text, "sources": [h.id for h in hits]}

Reference pattern: CAC-gated RAG over CUI in GovCloud, with classification redaction and audit logging.

003 / 005 Common Questions

Field FAQ.

Are you actually SDVOSB-certified, and does that matter for our Colorado Springs contract?

Yes. VooStack is verified SDVOSB through the SBA's VetCert program and registered in SAM.gov with the relevant NAICS codes for custom software (541511, 541512, 541519). For program offices at Peterson, Schriever, or Fort Carson with SDVOSB set-aside or sole-source authority under FAR 19.14, that designation can compress your acquisition timeline from months to weeks. We can provide our certification letter, CAGE code, and DUNS/UEI on request.

Do your engineers hold active security clearances?

We staff cleared engagements with engineers holding active Secret and TS/SCI clearances, sponsored through our FSO and held in DISS. We do not advertise specific personnel publicly. For classified work we typically operate as a subcontractor under a prime with the appropriate facility clearance, or directly when the contract vehicle and FCL allow. We will not put uncleared staff on cleared work — full stop.

How do you approach AI integration for CUI or classified workflows?

We start by killing the assumption that you can point Claude or GPT at a SharePoint full of CUI and call it done. Real options are Bedrock or Azure OpenAI inside GovCloud at IL4/IL5, or self-hosted open-weight models (Llama, Mistral) in an accredited enclave for higher classifications. Every deployment includes prompt logging, output classification checks, role-based retrieval, and an explicit data flow diagram the ISSO can sign.

We have a C2 system from the early 2000s. Do you rewrite it?

Almost never as a single rewrite. Big-bang rewrites of command-and-control systems fail predictably — the requirements were never fully documented, operators depend on undocumented behaviors, and the new system ships two years late. We use the strangler pattern: wrap the legacy system with documented APIs, identify the highest-pain bounded context, replace that one slice in production, and repeat. Operators keep working the whole time.

Can you work on Platform One, AWS GovCloud, or Azure Government?

Yes to all three. We deploy to AWS GovCloud (US) and Azure Government regularly, including IL4 and IL5 workloads, and we have built and shipped containers through Platform One's Iron Bank hardening pipeline and deployed onto Big Bang / Party Bus. We are opinionated about which platform fits which mission — we will tell you when Platform One is the right answer and when it is adding friction without value.

Do you do staff augmentation or only fixed-scope projects?

Both. For program offices that need senior engineers embedded with a government PM and existing prime, we provide staff aug at hourly or monthly rates with clearance-appropriate personnel. For greenfield builds or modernization slices with a defined outcome, we prefer fixed-scope, fixed-fee engagements in 6 to 12 week increments so the government gets a working artifact at the end of every phase, not a status deck.

How fast can you actually start once a contract is in place?

Unclassified work typically starts within one to two weeks of award — kickoff, environment access, and first commits in that window. Cleared work depends on facility access, badging at Peterson or Schriever, and any read-ons required. We have run that process enough times to know where it stalls and we will tell you up front which dates are realistic. Anyone promising a same-week start on a cleared seat is lying.

Are you local to Colorado Springs or flying people in?

We are a U.S.-based firm and support Colorado Springs engagements with a mix of on-site and remote engineers depending on the SCI requirements and the program's preference. For programs anchored at Peterson SFB, Schriever SFB, Cheyenne Mountain, or Fort Carson, we will put engineers on the ground for SCIF work and keep the unclassified development distributed. No offshore labor. No exceptions.

What contract vehicles can you work through?

We work as a prime on SDVOSB set-asides and as a subcontractor on larger vehicles. We can support purchases through GSA MAS via teaming, SeaPort-NxG and CIO-SP3 through prime partners, OTAs through consortia like SOSSEC and Tradewinds, and direct task orders under existing IDIQs. If you have a vehicle in mind, send it over and we will tell you honestly whether we can support it directly or need a teaming arrangement.

004 / 005 Adjacent Files

Continue recon.

REL-01

Services overview

Custom development, AI integration, modernization, and cleared staff augmentation.

 REL-02

Case studies

How we have shipped modernization and AI work for federal and defense customers.

 REL-03

Engagement packages

Fixed-scope slices sized for 6 to 12 week delivery windows.

 REL-04

Start a conversation

Tell us the program, the mission, and the timeline. We respond within one business day.
Next step

Have a Space Force, NORAD, or Fort Carson program that needs engineers who have shipped before? Let's talk.

Talk to a VooStack operator. We respond within one business day.

Open a Channel Full Services