Most engineers never think seriously about the federal market, and the few who do tend to bounce off it inside an afternoon, because the on-ramp is a wall of acronyms that has nothing to do with writing software and everything to do with paperwork. We went through that wall recently and came out the other side as an SBA-certified Service-Disabled Veteran-Owned Small Business, and we want to write down what the path actually looks like from the inside, because the public information about it is either dense regulatory text or vendor sales copy and there is almost nothing honest in between. This is written for other veterans and for the small software shops who keep hearing that the government buys a lot of software and wondering whether any of that is reachable for a firm their size.
Why a software engineer would pursue the federal lane at all
The plain answer is that the federal government is the largest single buyer of software and IT services in the country, and a meaningful slice of that spending is set aside by law for small businesses, with a further slice carved out specifically for service-disabled veteran-owned firms. For a small shop that slice is not a marketing abstraction, it is a structural advantage that does not exist anywhere in the commercial market, where a two-person company competes head to head with firms a thousand times its size on every deal. In the federal lane the rules deliberately reserve room for small and veteran-owned companies, and a qualified firm that does the registration work is competing inside a much smaller pool. For a Navy veteran who already spent years building and maintaining mission systems that had to stay online under load, the federal market also feels like familiar ground, because the discipline that the work demands is the same discipline the service taught in the first place.
What the registrations actually are and how they fit together
The first thing to understand is that there is no single button labeled federal contractor. What looks from the outside like one credential is really a short stack of separate registrations issued by different agencies, and they have to be done roughly in order because each one depends on the one before it. We started by forming the company as a Florida corporation, which gives the business a legal identity, an EIN, and the clean corporate paper trail that everything downstream will ask to see. We chose to incorporate rather than run as a sole proprietor or an LLC because the federal market rewards a firm that looks like a firm, and because the ownership and control rules for veteran certification are easier to demonstrate cleanly when the entity is structured and documented from the start.
With the corporation formed, the next step was registering in SAM.gov, the System for Award Management, which is the master database of every entity eligible to do business with the federal government. Registering there produces the Unique Entity Identifier, the twelve-character UEI that replaced the old DUNS number and now serves as the firm's permanent federal fingerprint. Ours is SXG3SA9JMM47, and that string follows the company through every solicitation, every award, and every report for as long as the business exists. SAM.gov is also where a firm certifies its size, attests to the federal representations and certifications that every contractor signs, and declares the work it is set up to perform. It is free to register, and any service that asks for money to do it for you is selling you something the government gives away.
Somewhere in that process the company is assigned a CAGE code, the Commercial and Government Entity code issued by the Defense Logistics Agency, which is a five-character identifier the government uses to key a contractor inside its procurement and payment systems. Ours is 1ZSB5. The CAGE code is not something you apply for separately in the usual case, it is generated as part of the SAM.gov registration and validated by DLA, and it becomes the handle that contracting and finance offices use when they need to reference the firm in their own systems. Together the UEI and the CAGE code are the two numbers a contracting officer will look you up by, and having both active and clean is the baseline for being taken seriously as a vendor.
The next decision is choosing NAICS codes, the North American Industry Classification System codes that describe what the business actually does. These matter more than they look like they should, because the government posts opportunities under specific NAICS codes and sets the small-business size standard for each contract by the code attached to it. We carry six NAICS codes, with 541511, Custom Computer Programming Services, as our primary, because that is the truest description of the engineering work we do. The remaining codes cover the adjacent ground a software and cybersecurity firm naturally operates in, so that when a relevant opportunity is posted under one of them the company surfaces as an eligible vendor rather than being invisible to the search. Choosing them is partly about honesty regarding what you can deliver and partly about making sure the firm is discoverable by the offices that buy what it builds.
The last and most demanding step was the certification itself. Self-identifying as veteran-owned is not the same as being certified, and the meaningful credential is the SBA certification earned through VetCert, the Veteran Small Business Certification program that the Small Business Administration administers. The certification requires demonstrating that a qualifying veteran owns and controls the company, which means documenting the ownership, the control, and in the service-disabled case the service-connected disability, and submitting that to the SBA for review. We completed that process and Heinrichs Software Solutions Company is certified as an SDVOSB from June 4, 2026 through June 3, 2029. That date range matters, because the certification is a defined term that has to be maintained and renewed, not a permanent stamp, and a contracting officer can verify it directly rather than taking the firm's word for it.
What the certification actually unlocks
The certification changes the firm's standing in three concrete ways. The first is that awards to a certified SDVOSB count toward the federal government's small-business and service-disabled veteran-owned contracting goals, which gives agencies a real incentive to direct work toward firms like ours, because those goals are tracked and reported and offices are measured against them. The second is set-aside eligibility, meaning an agency can restrict an entire competition to SDVOSB firms, and when it does the company is competing only against other certified veteran-owned businesses rather than the open field. The third, and the one most people do not know about, is sole-source authority, where for requirements under the simplified acquisition thresholds an agency can award directly to a single certified SDVOSB without running a full competition, provided the contracting officer can reasonably conclude the firm is capable and the price is fair. None of this guarantees a dime of work, but it changes the shape of the playing field in a way that a small firm cannot replicate anywhere in the commercial market.
The honest hard part
Here is the part the certification marketing never says out loud. A certification is not past performance. The SDVOSB credential tells a contracting officer that the firm is legitimately veteran-owned and eligible for set-asides, and it tells them nothing whatsoever about whether the company can actually deliver the system in the statement of work. We are newly certified and we have not yet won a federal contract, and we are not going to pretend otherwise, because the honest version of standing up a federal software firm is that the registrations are the easy part and earning the first award is the hard part. Every new entrant faces the same chicken-and-egg problem, where the work tends to flow to firms that have already done the work, and a company with no federal past performance has to give a contracting officer some other reason to believe in it.
Our answer to that problem is to lead with a public lab of shipped systems that anyone can inspect before there is any award on the table. Rather than asking a contracting officer to trust a capability statement on faith, we point at real software that already exists and runs, including the production payment infrastructure, the smart-contract security tooling, and the AWS infrastructure work that lives in our portfolio and is visible on our GitHub. A contracting officer who wants to know whether we can engineer a hardened, well-tested system can read the code, look at the test coverage, and see the patterns we actually ship rather than the patterns we claim to. We think this is the right way for any new firm to bridge the past-performance gap, because demonstrated engineering is the closest thing a company without contract history can offer to proof, and it is verifiable in a way that adjectives on a slide never are. It is also why we treat the public portfolio as a core part of the business rather than a side project, since for a firm in our position the work itself is the credential.
Practical advice for a veteran engineer starting the same journey
If you are a veteran with engineering skills who is weighing this path, the first thing worth saying is that the registration process is genuinely doable on your own and you do not need to pay a consultant to walk you through SAM.gov, because every step is documented on official government sites and the application portals are free. Do the registrations in order, take the time to get your ownership and control documentation clean before you start VetCert, and resist the temptation to overclaim on your NAICS codes or your capabilities, because the same honesty that keeps you out of trouble with the government also makes you a firm that contracting officers come back to. Be realistic that certification is a starting line and not a finish line, and plan from day one for how you will demonstrate capability when you have no contract history to point to, whether that is through open-source work, a public portfolio, teaming with an established prime as a subcontractor, or all three at once. Treat compliance as part of the engineering rather than an afterthought, which for us means building our infrastructure to align with frameworks like CMMC Level 2 and NIST 800-171 from the start and staying honest that aligning with a framework is not the same as holding a completed certification under it.
The larger point is that the federal market is not closed to small software shops, it is just gated behind a process that filters out the firms unwilling to do unglamorous setup work, and that filter is exactly the opportunity. A veteran engineer who can build real systems and is willing to spend a few weeks getting the registrations right ends up in a much smaller and more favorable pool than the commercial market ever offers. We are at the very beginning of that road ourselves, certified and registered and not yet under contract, and we are writing this from that honest position on purpose, because the version of this story that pretends the hard part is already behind us would not help anyone who is standing where we are standing now.
Looking for an SDVOSB software partner?
We are an SBA-certified SDVOSB software, AI, and cybersecurity firm, newly certified and building in the open. If you are a contracting officer or a prime looking to vet a capable veteran-owned shop, start a conversation and look at the work before you decide.
Start a Contract Conversation View Capability Statement