Technology for Applications, Logistics, Operations, and Networks (TALON)

Show Notes

In this episode, we break down the TALON (Technology for Applications, Logistics, Operations, and Networks) opportunity from DHS–TSA. This single-award BPA, expected to be issued through the GSA Federal Supply Schedule, could be a major win for firms specializing in systems design, enterprise IT, and mission-critical network solutions. We discuss what the presolicitation signals, why the Draft SOO matters, and how contractors can prepare ahead of the anticipated.

Listen to the podcast to understand the opportunity early and position your team for a competitive advantage.

Contact ProposalHelper at sales@proposalhelper.com to find similar opportunities and help you build a realistic and winning pipeline.

Chapters

• 0:00: TALON And The Stakes
• 1:56: Builder-Only Scope And Handoffs
• 3:16: Threats, Strategy, And AI Goals
• 5:04: CIO Priorities And OT Integration
• 6:50: Hybrid And Multi-Cloud Engineering
• 8:20: Security By Design And POAM
• 10:05: Migration, Comms, And Collaboration
• 12:05: Pragmatic AI Use Cases And MLOps

Transcript

TALON And The Stakes

SPEAKER_01 0:00

We have landed today in a document stack that is, well, it's essentially the future blueprint for digital transformation at the Transportation Security Administration.

SPEAKER_00 0:09

Aaron Powell It really is.

SPEAKER_01 0:10

This isn't just about scanning bags faster. I mean, this is about redesigning the entire nervous system of a critical federal agency.

SPEAKER_00 0:17

Aaron Powell It's a huge undertaking. What we're looking at here is a foundational modernization of the TSA's entire operational world. And uh the documents make it clear the stakes could not be higher.

SPEAKER_01 0:28

Aaron Powell Absolutely. So today our deep dive is into the TSA's massive IT initiative, which is called TALEN. That's T-A-L-O-N.

SPEAKER_00 0:37

Technology for Applications, Logistics, Operations, and Networks.

SPEAKER_01 0:40

Exactly. And we've pulled together the draft statement of objectives for the Talon blanket purchase agreement, and maybe even more importantly, the special notice that governs how vendors can even get access to the sensitive information.

SPEAKER_00 0:52

Aaron Powell And that sensitivity is what just immediately jumps out. I mean the main document, the SOO, it's marked acquisition-sensitive information on like every other page. This isn't your typical federal contract. It's a signal that the strategic and technical details are, you know, vital to national security. They have to be guarded fiercely, even before anyone wins the bid.

SPEAKER_01 1:12

Aaron Powell So our mission today is to give you the shortcut to understanding all this. We want to unpack the strategic goals, identify the specific cutting-edge technologies they're demanding. We're talking everything from cloud to AI, and then reveal just how intense the security requirements are.

SPEAKER_00 1:29

And to set the stage, you just have to appreciate the scale here. The TSA operates this hugely complex, mission-critical environment. It's not just IT, it's operational technology or OT as well.

SPEAKER_01 1:41

Aaron Powell What does that actually mean, OT?

Builder-Only Scope And Handoffs

SPEAKER_00 1:43

Think about all the screening machines, the sensors, the physical infrastructure at an airport. That's OT. So they're serving around 80,000 internal users, plus all the systems that support aviation, maritime, surface transportation. Wow. So Talon isn't just a small upgrade. It's about architecting systems that are resilient, scalable, and have to work perfectly, 24-7 across the entire country. Aaron Powell Okay.

SPEAKER_01 2:06

So let's start with the structure of the contract itself, the why behind Talon. It's defined as a blanket purchase agreement, a BPA, which is for acquiring uh robust engineering and technical services.

SPEAKER_00 2:19

Aaron Powell And here's the crucial detail, the thing that really defines the whole program. Talon is specifically for the engineering, integration, testing, implementation, and transition services.

SPEAKER_01 2:31

Aaron Powell So it's the build part.

SPEAKER_00 2:32

Aaron Powell It's the build part, exactly.

SPEAKER_01 2:33

Trevor Burrus So if Talon builds the system, who who runs it?

SPEAKER_00 2:36

Aaron Ross Powell Not them. The document is crystal clear that the operation and maintenance of the IT domains is not within the scope of this contract.

SPEAKER_01 2:43

Aaron Powell Ah, okay. So Talon is the builder and the installer, and then they have to hand off the keys to a completely separate operations and maintenance contractor.

SPEAKER_00 2:51

Aaron Powell And that's where the strategic risk is. You know? It tells you a lot about how they manage big projects. They're deliberately separating the innovation, the modernization work, from the day-to-day grind.

SPEAKER_01 3:02

Trevor Burrus, Jr. That must require insane levels of communication and documentation to make sure nothing breaks during that handoff.

SPEAKER_00 3:08

Meticulous. Or systems could fail right in that transition phase.

Threats, Strategy, And AI Goals

SPEAKER_01 3:12

Aaron Powell So why this massive modernization right now? What's the driver?

SPEAKER_00 3:16

Aaron Powell At the end of the day, it's all about the threats. The SOO says it's the constantly evolving sophistication and complexity of threats to our transportation security.

SPEAKER_01 3:26

Aaron Powell So just reacting isn't enough anymore?

SPEAKER_00 3:28

No. They need technology, they need data, and they're specifically calling for the responsible use of AI to anticipate and get ahead of those threats.

SPEAKER_01 3:37

Aaron Powell They call this their long view, right? The five big IT strategic mission goals.

SPEAKER_00 3:42

Aaron Powell Yeah. And they're ambitious. They range from supporting risk-based security to, and this one is interesting, transforming to a customer-centric business model.

SPEAKER_01 3:51

Aaron Powell For a security agency, that's a huge cultural shift.

SPEAKER_00 3:54

Aaron Powell It is. Then you have empowering decision making with tech, embedding cybersecurity, and uh evolving the workforce. Those are the big picture goals.

SPEAKER_01 4:03

Aaron Powell But the immediate focus, the stuff vendors will actually be building, that's in the eight CIO priorities.

SPEAKER_00 4:08

That list is a clear roadmap. You've got digital transformation, which is all about cloud scalability. Yeah. You have Microsoft 365 and mobile device management for the modern workplace.

SPEAKER_01 4:17

Standard stuff so far.

SPEAKER_00 4:18

Aaron Powell Right. Cybersecurity, of course. But two things really stand out. First, data operations, which is a total modernization of their data strategy. And second, the dedicated push for operational technology, that OT integration. Trevor Burrus, Jr.

SPEAKER_01 4:31

Connecting all those old sensors and screening machines to a new cloud backbone, that sounds like a nightmare.

SPEAKER_00 4:38

It is. And they're also prioritizing connectivity using things like satellite and cellular and mobility, so the workforce isn't tied to a desk. And of course, the big one, artificial intelligence integration.

SPEAKER_01 4:50

Aaron Powell Okay, let's get into the nuts and bolts then, the technological scope. When you look at the functional areas of work they're asking for, it's it's not one contract. It feels like a whole portfolio.

CIO Priorities And OT Integration

SPEAKER_00 5:00

Aaron Powell It's exhaustive. They need core infrastructure engineering across everything servers, apps, networks, hosting platforms. They need contractors who can do it all seamlessly.

SPEAKER_01 5:09

Aaron Powell And the requirement for architectural diversity just adds this huge layer of complexity. It specifically calls for engineering on-prem, hybrid, and multi-cloud.

SPEAKER_00 5:18

And that's the reality of modernization today, isn't it? It's easy to say go to the cloud, but critical government data often has to stay on-premise.

SPEAKER_01 5:26

Aaron Powell So you need a vendor who can make a system where, say, Amazon, Azure, and a government data center all work together flawlessly.

SPEAKER_00 5:35

Aaron Ross Powell Exactly. The engineering challenge to make them all communicate securely is just immense.

SPEAKER_01 5:41

Aaron Powell And security, of course, is baked in from day one. They call for strict security engineering.

SPEAKER_00 5:46

Aaron Powell Yeah. Which means building security in from the design phase, not bolting it on later. We see requirements for incorporating DHS policies and critically performing POAN remediation.

SPEAKER_01 5:58

Aaron Powell Let's pause on that jargon. POAN plan of action and milestones. What does requiring remediation actually mean in practice?

SPEAKER_00 6:05

Aaron Powell It means they're not just finding security holes and writing a report. They need a defined, measurable plan to fix every single one that their engineering work creates or exposes. It's total responsibility.

SPEAKER_01 6:16

Aaron Powell And it all has to align with their identity and access management systems.

SPEAKER_00 6:20

Aaron Ross Powell Right. Which is how they control who gets to see what.

SPEAKER_01 6:22

Okay, so beyond the foundation, the biggest lift here seems to be the modernization and migration piece.

SPEAKER_00 6:29

Aaron Powell Oh, absolutely. This is where they pay down all the technical debt. We're talking architecture redesigns, refactoring old apps, and huge cloud migrations. This is all about decommissioning the old stuff and moving to the new digital core.

SPEAKER_01 6:41

Aaron Powell And what about the communication stack? For an agency as spread out as the TSA, connectivity is everything.

Hybrid And Multi-Cloud Engineering

SPEAKER_00 6:48

It's comprehensive. They need engineering to integrate cellular, Wi-Fi, voiceover IP, video conferencing, collaboration tools like Teams and WebEx.

SPEAKER_01 6:57

And this has to work across both the normal office IT and that rugged operational technology environment.

SPEAKER_00 7:03

Instantly and securely at every single airport and transportation hub. The need for rock solid, secure integration is obvious.

SPEAKER_01 7:10

I want to zero in on the one area that feels the most forward-looking: artificial intelligence and machine learning.

SPEAKER_00 7:15

Aaron Powell They're being very pragmatic about it. The goal is to only use AI and ML where it delivers, and I'm quoting, clear, measurable mission value and efficiency games.

SPEAKER_01 7:25

So no AI for AI's sake.

SPEAKER_00 7:27

Exactly. And their initial use cases tell you where they see the value: anomaly detection, finding things that don't belong, predictive maintenance for equipment, and automating things like document processing and workflows.

SPEAKER_01 7:39

But they're also really clear about the guardrails. They require something called MLOPs, machine learning operations, for version control. Why is that so important for a security application?

SPEAKER_00 7:50

Well, think about it. If an AI model suddenly starts flagging the wrong things as threats, or worse, misses a real threat, you need to be able to instantly know which version of the model failed.

SPEAKER_01 8:02

Okay, roll it back.

SPEAKER_00 8:03

And roll it back to the last stable version and then audit what happened. It can't be a black box.

SPEAKER_01 8:08

Right.

SPEAKER_00 8:08

The solutions have to have privacy, security, and auditability built in from the very beginning.

Security By Design And POAM

SPEAKER_01 8:13

Building all this requires just intense oversight. So let's shift to the compliance and scheduling rules, starting with accessibility.

SPEAKER_00 8:20

Right. We are talking about Section 508 of the Rehabilitation Act. It's federal law. It says all technology procured by the government has to be accessible to people with disabilities.

SPEAKER_01 8:30

And the SOO is very specific on how they have to prove that, isn't it?

SPEAKER_00 8:33

Extremely. Conformance has to be validated using standards like WCAG 2.0. But the key for vendors is that the testing must be done by DHS certified trusted testers using a very specific methodology.

SPEAKER_01 8:47

So you can't just check a box. You need certified people running specific tests.

SPEAKER_00 8:51

It's a very rigorous process to make sure new dashboards or tools don't accidentally exclude some of their own employees.

SPEAKER_01 8:57

And what about keeping this massive five-year project on schedule? How do they manage that?

SPEAKER_00 9:02

Accountability is built right in. All contractors have to integrate their tasks into something called the resource-loaded integrated master schedule, or R L IMS.

SPEAKER_01 9:11

Aaron Powell, which sounds like more than just a simple project plan.

SPEAKER_00 9:14

Oh, it is. It's the TSA's way of being able to prove to Congress, or anyone really, exactly where every single dollar in every hour of labor is going at any given moment. It is the ultimate layer of control.

SPEAKER_01 9:25

That transparency, that control, it brings us right to the most intimidating part of this whole thing, navigating the sensitive information.

SPEAKER_00 9:33

The acquisition sensitive warnings were just the beginning. The real high barrier to entry is the process you have to go through just to access the sensitive security information, or SSI, that you need to write a good proposal.

SPEAKER_01 9:46

And that SSI is kept in a virtual reading room, a VR. What does a company have to do to even get the keys to that room?

Migration, Comms, And Collaboration

SPEAKER_00 9:53

The vetting is incredibly stringent. First, the main vendor, the prime, has to designate one single senior corporate official who has to personally recertify that they're following all the data protection rules every 60 days. Wow, every two months. Yep. And the company has to provide a detailed data protection plan before a single person gets to see anything.

SPEAKER_01 10:15

Okay, but then it gets even tighter on the people, which seems like an immediate bottleneck.

SPEAKER_00 10:18

It is the bottleneck. The entire vendor team, so that's the prime contractor, any subcontractors, any joint venture, is strictly limited to submitting a list of no more than three individuals for access.

SPEAKER_01 10:29

Wait, wait, three people. For a multi-billion dollar modernization effort, a giant company can only have three people look at the plans.

SPEAKER_00 10:36

Three people. That's it. That one rule dictates your entire bidding strategy. Trevor Burrus, Jr.

SPEAKER_01 10:41

Because those three people have to understand everything, define the entire technical approach, and manage all the security risk for their whole company.

SPEAKER_00 10:48

Aaron Powell And those three people have to pass a security threat assessment, an STA, which includes criminal history and terrorism database checks. Right. If you fail, you're out. And there's no appeal. No appeal. None. They say it's because of the time-sensitive nature of the acquisition.

SPEAKER_01 11:04

Aaron Powell The ultimate control mechanism, though, and maybe the most significant thing we found is the nondisclosure agreement.

SPEAKER_00 11:10

Aaron Powell It's absolute. Any of those three people granted access has to sign a specific DHS nondisclosure agreement that binds them indefinitely.

SPEAKER_01 11:19

Indefinitely. So forever.

SPEAKER_00 11:21

Forever. It doesn't matter if you quit the next day, change careers, go work for another agency. You are legally bound by that TSANDA for the rest of your life.

SPEAKER_01 11:29

Aaron Powell That just shows the extreme level of operational detail they're trying to protect.

SPEAKER_00 11:33

And if you fail to comply, you don't just get a fine. The source material says all SSI has to be returned and verified by the government before they even start evaluating proposals. If you don't get it all back to them, you're disqualified. You're completely ineligible for consideration. It is a very, very powerful incentive to follow the rules.

SPEAKER_01 11:51

Aaron Powell So when you pull this all together, what does it all mean? Talon is so much more than an IT contract. It's a comprehensive, multi-layered, five-year mission to digitally transform the TSA's core. Trevor Burrus, Jr.

Pragmatic AI Use Cases And MLOps

SPEAKER_00 12:04

And it embeds accountability through that master schedule. It mandates technologies like AI, it requires strict adherence to accessibility law, and it wraps the entire thing in security protocols so demanding that only a handful of indefinitely bound people per company can even see the plans.

SPEAKER_01 12:20

This deep dive really shows that modern government tech contracts are these legally complex ecosystems. You have to innovate, you have to do the cloud migration, the AI, but all of it has to happen inside this rigid framework of compliance, security, and accountability.

SPEAKER_00 12:34

The fact that just getting access to the bidding material requires an indefinite NDA and a security threat assessment. It proves that the rules of engagement are just as critical as the technology itself.

SPEAKER_01 12:46

And it leaves you with this provocative thought, doesn't it? The TSA wants AI for efficiency, for predictive maintenance, but to even start building it, they have to filter their entire partner ecosystem through these intense security checks and that three person bottleneck. So how does that necessary tension between the need for speed and the reality of deep security clearances ultimately shape which innovative solutions the government can actually deploy and how quickly they can do it? What kind of innovation thrives when trust is the most valuable commodity of all?