The City of Aurora IT Committee on Oct. 13 voted to award a managed security service provider (MSSP) contract to New Harbor Security Inc. for an initial three-year term with two additional option years.

Mark Taggap, the city's chief information security officer, told the committee the city received 21 responses to its solicitation, narrowed the pool through staged interviews to a final three, and unanimously selected New Harbor. He said the vendor will provide 24/7 monitoring, threat detection, incident response and other managed security operations tailored to public-sector needs.

Taggap and other staff said the first contract year will include an architecture review and both internal and external penetration testing; that initial work explains a portion of the year-1 cost variance cited in the procurement documents. Taggap said subsequent years will include recurring managed services and that the city expects to continue annual penetration testing but plans to hire a separate vendor for pen tests in years 2 and 3. The committee also discussed separating the training and password-vault purchases: staff plan to contract directly with KnowBe4 (security awareness) and Keeper (password manager) rather than obtaining those through the MSSP.

Committee members asked about transition risk from the incumbent (Data Defenders). Staff said the migration would be largely seamless for end users, with the main work involving platform integration and staff familiarity; the longest portion of the transition is internal learning, not technical integration.

The resolution (25-0770) authorizing award to New Harbor Security was approved on a 5-0 voice vote. Vice Chair Ted Maciakos moved the motion; Alderman Bate seconded it. Staff said the three-year core pricing was 'slightly north of $1 million' and the potential five-year value with options is approximately $1,460,000.