Although the Australian government has recently made the barrier to entry into government service provision easier for startups and small to medium-sized businesses (SMBs) by changing up its procurement guidelines, Chris Brookes, assistant secretary of ICT Security at the Department of Defence, has told the smaller players not to sell their products to the government as its first customer.
For a startup or an early stage company selling to government as its first customer, Brookes told the SINET61 conference on Wednesday that it is going to be really difficult, especially given a department like Defence is generally risk averse.
"When you're selling to government, my advice would be to not only focus on what you can sell today, but what are the services you can wrap around that will lower costs over the long-term," he explained.
"When I'm procuring something, it's not just about getting the product or service for today, but what is the ongoing cost of me procuring that service or product. We are always very conscious of what our budget's going to be tomorrow and the week after that."
Brookes said that rarely do those within government get rewarded for taking a risk and failing, which, for entrepreneurs, is generally how they succeed.
"You know you have to engage in risk -- failing in part is a possibility with what you do and you have to embrace that risk -- we're not encouraged to do that," he said.
"My first advice would be aware of that, be aware of those cultural differences, be conscious of that when dealing with government. Whether you're right or wrong I don't think you'll change the way government is in terms of being fairly risk averse when procuring from the market."
If a startup or SMB is determined to sell to government, Brookes said to make sure it's not the first customer on the books, as the risk-level from government is reduced if there is a similar customer that has implemented a particular product or service.
"Generally when I've purchased for government we're very conscious of trying to look for reference implementation -- where have you done this before in an environment like ours -- that's really a risk mitigation exercise for us," he said, adding he wants to see something that had long-term stick, not just that it was delivered yesterday.
A lot of government outsources its service provision to third parties, with Brookes explaining he has recently engaged Northrop Grumman Australia to deliver a new project in Defence.
"I have vendors coming to me selling me things that are in [Northrop Grumman Australia's] scope," he said.
"No, I'm paying somebody else to deliver that to me ... you need to be influencing them.
"I'm shocked by people being shocked by that; I'm paying them to innovate on my behalf."
Ian Irving, CEO at Northrop Grumman Australia, joined Brookes on the SINET61 panel and echoed his remarks, noting also that the department can be quite conservative in its procurement approach.
"You've got a government that really is interested in cyber as a sovereign capability that they're willing to put their money where their mouth is, and to some extend fund entrepreneurs and small to medium enterprises to develop their capabilities, and working to place companies like my own in a position where we're motivated very much to ensure those local capabilities are built in," Irving said.
"I encourage the entrepreneurs -- I think the conditions now, certainly in national security, are better than they've ever been to bring Australian solutions in."