Last week, I received a grant from DARPA through the Cyber Fast Track program. I consider this a big milestone in my personal career. If you’re an independent researcher or entrepreneur, bent on making your ideas real, then this program is for you.

This blog post will give you my experience applying and getting funded by this program. I’ve chosen a question and answer format because I had a ton of questions when I applied. I hope answering these questions encourages you to take advantage of this amazing opportunity.

Before we begin, please remember: none of this is the official word of DARPA. This blog post merely reflects my understanding. Also, if you arrived here with a Google search, my last name is Mudge, but I am not the Program Manager Mudge at DARPA.

What is Cyber Fast Track?

Cyber Fast Track is a DARPA program to fund us, the hacker community. Here’s the description from the Cyber Fast Track page:

The Defense Advanced Research Projects Agency’s Cyber Fast Track program is aimed at improving Cyber Security. This program will rely on the skills of small organizations, boutiques, hacker spaces and maker labs to address cyber security issues.

According to DARPA program manager, Peiter “Mudge” Zatko, instead of engaging in traditional programs that don’t produce results for years, we envision results within months by harnessing teams or individuals on the back of short, fixed-price DARPA contracts.

If you’re an individual who is trying to advance the security community through independent research, DARPA wants to hear from you. You don’t have to work for a big defense contractor, you don’t have to work for anyone. I applied as an individual with no formal organization behind me.

What is the process?

If you want to apply, I recommend reading the research announcement at FedBizOpps. This will give you all the details on the program.

Next, go to the Cyber Fast Track resources page and get the proposal template. I started my proposal without the template. This was a mistake. The template makes writing the proposal much easier. Plus, it’s better to give DARPA what they expect.

The technical meat of your proposal is 10-15 pages. I pushed the upper end of this. It took me about four days spread out over two weeks to create a proposal I was happy with.

Submitting the proposal is easy. I created an encrypted ZIP file with the proposal. I uploaded the proposal ZIP to a website. And I emailed the password to open the ZIP file to DARPA. The details on how to do this are in the research announcement.

I submitted my proposal on Friday, 21 Oct 11. I received a phone call of acceptance on Thursday, 3 Nov 11. I had a signed contract on Friday, 4 Nov 11. This is a mind blowingly fast turn-around to fund a program.

Do I need an LLC, DBA, C Corp, S Corp, LLP, or GmbH?

Nope. You can apply as an individual. I put down Raphael Mudge as my company.

Do I need a lawyer?

The contract is one page. My contract listed the milestones I proposed, the dates I said I would deliver them by, and the price I proposed for each milestone. Since I applied as an individual, I also had to affirm that I am an independent contractor, not an employee, and that I am responsible for all taxes on what I receive.

If you’ve dealt with contracts, you may know the pain of reading a “we own your first child” clause, raising the point, and cringing as some sleaze asserts “it’s boiler-plate, all contracts have it” while breathing their lunch cocktails in your face. There is none of that here. This is the simplest contract I have signed.

Who gets the rights to my work?

You keep all commercial rights. The Cyber Fast Track FAQ has a thorough answer to this question.

What does DARPA get?

DARPA recognizes that big contributions may come from fringe thinkers doing what they love without constraints. This program allows those who are motivated to pursue their wacky vision. Your project may not change the world, but with hundreds of these, something big is bound to happen. It’s kind of like the Y Combinator model for defense contracts. Or in short–they’re spending their money to advance the state of the art.

How much do I ask for?

This depends. How long will your effort take? I recommend that you figure out what you want to do, list several milestones, and then estimate how long each milestone will take.

Now you should have some number of hours. Make sure your time estimate is realistic. Cyber Fast Track contracts are firm-fixed price. You’re on the hook to deliver what you propose in the amount of time you claim.

Your next task is to figure out an hourly bill rate. Your bill rate must fit the government accepted rate for someone at your career level. In my last position, I worked as a Senior Security Engineer.

I used Google to search for “Senior Security Engineer” hourly rate site:gsaadvantage.gov. This yielded price lists for various defense contractors. Pick one that works for you and multiply that by the number of hours you estimated. Now you know how much to ask for.

Optionally, find someone who consults for the government or owns a defense contracting company and ask them for advice. I followed both of these approaches and they each yielded the same numbers.

Do I need a security clearance, CAGE code, or a DUNS number?

No.

What should I apply with?

The research announcement has the DARPA answer on what they’re looking for. Short answer though, they’re looking for interesting security research. Apply with what you’re interested in. Don’t worry about what the government wants or what they need. Take your thread of research, explain why it’s valuable, who it’s valuable to, and explain what’s new in your approach.

I also recommend scoping your idea as tightly as possible. I used to review proposals when I worked as a researcher and I never backed a proposal that was all over the place. The proposal reviewer should understand the problem you’re solving and your plan to solve it after they read the first paragraphs of your executive summary.

Ideally, the reviewer should understand your project from the title alone. This isn’t always possible, but do your best.

Keep in mind that Cyber Fast Track does not fund improvements to existing technologies. I have a research interest in red team organization and tactics. Armitage is my current vehicle to explore this research interest. I cut a stand-alone project out of my long-term road map. I emphasized the research questions this stand-alone project would address and this became my proposal.

What are my chances of getting funded?

DARPA has seen 30 proposals and funded 8 so far. A ~25% acceptance rate. This is better than some conferences I’ve applied to. Network World has these numbers and the titles of the current efforts.

How do I stack the odds in my favor?

Make your proposal easy to read. If your proposal is poorly written, you will torture your reviewer(s). Good proposals are short and they inform the reader.

I recommend that you visit plainlanguage.gov for Plain English writing tips. I also wrote a writing style checker that may help you. If you want to read a book, try Bill Stott’s Write to the Point. It’s my favorite book on writing.

Where to go from here

Cyber Fast Track takes away all the friction for valid ideas to receive funding. This is the first time in my career I have seen something like this. If it fits you, take advantage of it!

If you’re in New York City on November 9, go to the Cyber Fast Track Town Hall at NYU Poly. Watch the Cyber Fast Track Events page for future events.

源链接

Hacking more

...