Software consulting next door to Fort Liberty — SDVOSB, cleared-capable, ITAR-aware.
Veteran-owned engineers building and modernizing software for XVIII Airborne, USASOC, JSOC-adjacent programs, and the primes who support them. Direct delivery or sub to your prime.
Software near Fort Liberty fails in predictable ways.
The pattern repeats. A unit at Fort Liberty has a real workflow problem — tracking readiness, fusing intel feeds, managing a training pipeline — and what they get is a SharePoint site bolted to an Excel macro, or a six-figure SaaS license for a tool that does 30% of what they need. Meanwhile, a prime wins the software CLIN and staffs it with rotating juniors who have never deployed, never touched a SIPR workflow, and treat ITAR like a checkbox. The capability lands 18 months late, the operators route around it, and the next program office starts the same cycle.
- SharePoint and Access "systems" that the original builder PCS'd away from three years ago
- Primes staffing software work with juniors who have never shipped to a tactical user
- ITAR and CUI handled as a paperwork exercise instead of an architecture constraint
- AI pilots that demo well in a conference room and collapse the first time a real operator uses them
How we deliver software next to Fort Liberty
- STEP-01
Mission framing on the ground
We sit down with the operator, program manager, or PM-shop lead in Fayetteville — not on a Teams call from another time zone. We map the actual workflow, the data sensitivity, and which networks (NIPR, SIPR, commercial) the system has to live on.
- STEP-02
Architecture for the real environment
We design for intermittent connectivity, austere endpoints, and ATO realities. That usually means a hardened FastAPI or .NET backend, Postgres, container builds that pass a STIG scan, and a clear path to IL4/IL5 if the customer needs it.
- STEP-03
Cleared delivery, small teams
Two to four senior engineers, at least one with an active clearance when the work requires it. ITAR-aware repo hygiene, US persons only, no offshore subs. We ship in 2-week increments with demos the end user can actually break.
- STEP-04
Rapid fielding, then hand-off
We field a working capability in 60-120 days, run it through user feedback with SOF or conventional units, and then either sustain it or transition the codebase, runbooks, and CI/CD to your internal team or prime.
# .github/workflows/itar-aware-build.yml
# Pipeline pattern we use for ITAR-controlled deliveries
name: build-and-scan
on:
push:
branches: [main, release/*]
jobs:
build:
runs-on: [self-hosted, us-only, linux] # no GitHub-hosted runners
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- name: Verify US-person runner
run: ./scripts/assert_runner_region.sh us-east
- name: Build container
run: docker build -t app:${{ github.sha }} .
- name: STIG / CIS scan
run: |
trivy image --severity HIGH,CRITICAL app:${{ github.sha }}
oscap-docker image app:${{ github.sha }} \
xccdf eval --profile stig
- name: SBOM (CycloneDX)
run: syft app:${{ github.sha }} -o cyclonedx-json > sbom.json
- name: Push to IL4-eligible registry
run: ./scripts/push_to_govcloud.sh app:${{ github.sha }}
- name: Tag for ATO evidence bundle
run: ./scripts/attach_evidence.sh ${{ github.sha }} sbom.jsonA trimmed version of the CI pipeline we use for ITAR-controlled and IL4-bound deliveries. Self-hosted US-only runners, STIG scan, SBOM, and an evidence trail the ATO package can consume.
Field FAQ.
→ Are you actually local to Fayetteville, or just claiming a service area?
We have engineers who work directly with units and primes around Fort Liberty and can be on-site in Fayetteville, Spring Lake, or Southern Pines on short notice. For sensitive discovery sessions we strongly prefer in-person — whiteboards in a SCIF beat Zoom calls every time. For sustained delivery, the team is distributed across the US but coordinated from one program lead.
→ Do you hold a facility clearance, and can your engineers work on classified programs?
VooStack is SDVOSB-certified and structured to support cleared work. We staff cleared engineers (Secret and TS/SCI) through vetted teaming arrangements when a contract requires it, and we are transparent about which billets we cover directly versus through a cleared partner. For unclassified-but-sensitive work, including CUI and ITAR-controlled technical data, we deliver directly.
→ Can you sub to a prime, or do you only chase direct awards?
Both. A meaningful share of our Fort Liberty-adjacent work is as a subcontractor to larger primes who need senior software engineers who understand SOF tempo. We are comfortable on FFP, T&M, and labor-hour CLINs, and we can plug into a prime's existing ATO, repo structure, and reporting cadence rather than forcing ours.
→ What does SDVOSB mean for a contracting officer evaluating us?
Service-Disabled Veteran-Owned Small Business status makes VooStack eligible for SDVOSB set-asides and sole-source awards up to the applicable thresholds under FAR 19.14 and the VA's VOSB program. For a PM or KO trying to hit small-business and SDVOSB goals on a software requirement, that simplifies the acquisition path considerably and shortens time-to-award.
→ How do you handle ITAR and CUI on a software project?
We treat ITAR-controlled technical data as a first-class architectural concern, not a compliance afterthought. That means US-persons-only access to repos, self-hosted CI runners in US regions, encrypted artifact storage, documented export jurisdiction reviews, and clear data-flow diagrams. For CUI we align to NIST 800-171 controls and produce the artifacts a prime or government customer needs for their SSP.
→ How fast can you actually field something usable?
For a scoped capability — say, a workflow tool replacing a tangle of SharePoint lists and Excel macros for an XVIII Airborne staff section — we typically deliver a working pilot in 60 to 90 days. SOF-adjacent prototypes under rapid-fielding authorities can move faster. Production-grade systems with full ATO take longer; we are honest about that timeline up front.
→ Do you do AI work, or is that a sales pitch?
We integrate Claude, GPT, and open-weight models into real workflows — RAG over doctrine and SOPs, summarization of intel or after-action reporting, structured extraction from PDFs. We are skeptical of AI demos that fall apart in production. Every AI feature we ship has evals, a human-in-the-loop path, and a clear answer for what happens when the model is wrong.
→ What kinds of systems have you modernized?
Common patterns near Fort Liberty: a .NET Framework app from 2011 that nobody wants to touch, an Access database running a logistics process, a Java monolith on an EOL JDK, or a SharePoint workflow that has outgrown SharePoint. We move these to containerized services on GovCloud or on-prem Kubernetes, with a real test suite and a CI/CD pipeline the government team can actually run.
→ Can you augment our existing team instead of replacing it?
Yes — staff augmentation is a large part of what we do for primes and government program offices. We embed senior engineers into your existing Git workflow, standups, and ticketing system. No junior bench, no rotating faces. If the engineer you started with leaves, that's our problem to solve, not yours, and we will not silently swap in someone two grades junior.
Continue recon.
Services overview
Custom builds, AI integration, modernization, and staff augmentation we deliver.
REL-02Case studies
Representative work across DoD-adjacent, federal, and commercial software programs.
REL-03Engagement packages
Fixed-scope discovery, pilot, and rapid-fielding packages with clear deliverables.
REL-04Talk to us
Reach a senior engineer directly — no SDR layer, no discovery-call theater.
Have a capability gap at Fort Liberty? Let's scope it.
Talk to a VooStack operator. We respond within one business day.