How Margarita Howard and HX5 navigate regulation and growth in federal contracting
The rulebook governing federal procurement runs to thousands of pages, and it changes every year. The Federal Acquisition Regulation, the foundational text for U.S. government contracting, spans dozens of parts, each with subparts, clauses, and agency-specific supplements. The Defense Federal Acquisition Regulation Supplement adds another thick layer on top.
Most small businesses that enter this space do not last. Those that do tend to have one thing in common: they treat compliance not as a cost center but as a competitive asset.
HX5, a defense and aerospace services firm founded in 2004, has built its business model around exactly that logic. The company employs roughly 1,000 people across over 20 states at approximately 70 government sites, primarily supporting the Department of Defense and NASA.
Margarita Howard, its sole owner and CEO/president, has guided HX5 through two decades of regulatory shifts, budget cycles, and structural changes in how the federal government buys services. Her account of how that works in practice offers a detailed look at what it actually takes to grow inside one of the most regulated commercial environments in the United States.
The compliance overhead problem
For small contractors, the burden of federal compliance can be ruinous before a single contract is ever won. The government expects clean, auditable financials. It expects documented processes. It expects that a company bidding on a defense contract has already built the administrative infrastructure to survive scrutiny, not that it will build that infrastructure if the contract comes through.
Howard recognized this early. When HX5 was still a startup, she made the decision to purchase and implement a specialized accounting system designed specifically for government service contracting, one that federal auditors were already familiar with, and that could survive the billing audits that accompany virtually every government contract.
“Working for the government, you’re always going to be audited,” Howard says. “From working in the industry, we knew the importance of impeccable recordkeeping. All our records — everything we say we do — must always be supported with appropriate documentation and recorded accurately, because as a government contractor, all of our records are open to the government’s inspection and audits at any time.”
This is the structural cost of admission. Companies that treat compliance as something to manage after contracts arrive tend to find that the compliance burden becomes unmanageable precisely when they can least afford it.
The specialized adviser model
One practical tool HX5 uses to manage regulatory exposure is a dedicated advisory structure — an internal team of specialists covering legal issues, accounting practices, and the specific technical requirements attached to defense and NASA contracting.
“We have built and keep a team of advisers that specialize in the government industry,” Howard says. “They help us stay current with the policies and regulations that govern the defense sector.”
That investment is not trivial for a company of HX5’s size. Specialized government contracting attorneys and compliance consultants are expensive. But the alternative, managing regulatory exposure with generalist staff, tends to produce gaps in documentation or classification handling that can trigger audit findings, corrective action plans, or worse, suspension from contracting.
The calculus Howard describes is consistent with how well-run middle-market contractors approach the problem: treat the advisory function as a permanent line item rather than an as-needed expense.
Cybersecurity as regulatory pressure point
The next major compliance wave in federal contracting is cybersecurity. The Department of Defense’s Cybersecurity Maturity Model Certification program has been in development for years, and contractors across the defense industrial base are expected to meet its requirements as a condition of contract eligibility. The challenge, according to a 2024 study conducted by Merrill Research and commissioned by CyberSheath, is that only about 4% of defense contractors are fully prepared to satisfy even the minimum CMMC standards. The average Supplier Performance Risk System score across surveyed contractors sits at negative 12, far below the 110 required for compliance.
Howard views this as an inflection point with real competitive consequences. Contractors who have not invested in the necessary technical architecture, staff training, documentation, and third-party assessments required for higher certification tiers may find themselves excluded from competitions before they can catch up. The gap between where most of the industry sits and what the government expects is not one that closes quickly.
“There are heightened cybersecurity requirements, and contractors will not have a choice but to implement them if they want to be a government contractor,” she says.
Growth under constraint
The tension at the center of HX5’s story is a common one in federal contracting: regulatory compliance consumes resources that could otherwise fund growth, but growth without compliance is unsustainable. Howard’s answer to that tension has been to make the compliance infrastructure itself a growth mechanism.
When large prime contractors evaluate potential subcontractors or teaming partners, they assess not only technical capability but also whether the smaller company can survive the scrutiny that comes with the prime’s contract. A subcontractor whose accounting systems are not government-approved, whose security practices are inconsistent, or whose documentation is incomplete becomes a liability for the prime. Companies that can demonstrate clean, auditable operations — without the prime having to backstop them — are genuinely more valuable partners.
“Large businesses and the government have to meet small-business goals,” Howard explains. “When they find a small company that they know understands the industry, that performs well, takes care of its employees, and they know they’re not going to have to hold their hand — that makes for a very positive long-term relationship and often leads to new contracts and expanded work.”
HX5 grew its subcontracting footprint first, building past performance credentials in specific technical domains, then used those credentials to pursue prime contracts competitively. Throughout that period, the company competed for open contracts. That decision meant HX5 developed competitive bidding capability that carried forward independent of any particular program or preference mechanism.
“I knew that I didn’t want to depend on just sole-source awards,” Howard says. “We had been in the industry, we knew small businesses in our area, and that’s what many of them did. And once the program was over after nine years, they were done. They had never competed.”
What the regulatory futurelooks like
Howard anticipates that the compliance environment will become more automated and, in some respects, more demanding over the coming decade. She expects government agencies to deploy AI-driven tools to evaluate contractor performance, assess risk, and accelerate procurement decision-making. Real-time reporting requirements — where agencies have continuous visibility into performance data rather than periodic audit snapshots — are, in her assessment, a near-certainty.
“Compliance protocols will be automated,” Howard says. “Contractors will be required to integrate systems that provide continuous reporting and real-time audit capabilities.”
That trajectory creates an interesting dynamic for companies like HX5, which have already absorbed the cost of building government-grade accounting systems, cybersecurity infrastructure, and distributed management structures. Those sunk investments become less burdensome relative to competitors as baseline requirements rise across the industry. Smaller companies that have deferred those investments may encounter a higher entry cost precisely as the government begins using automated tools to screen for readiness from the outset.
The broader picture Margarita Howard describes is one where the regulatory burden in federal contracting has never been purely a constraint. For companies willing to take it seriously, it has always carried a second function: competitive differentiation. The costs are real, and so is the advantage that comes with bearing them well.
DISCLAIMER – “Views Expressed Disclaimer – The information provided in this content is intended for general informational purposes only and should not be considered financial, investment, legal, tax, or health advice, nor relied upon as a substitute for professional guidance tailored to your personal circumstances. The opinions expressed are solely those of the author and do not necessarily represent the views of any other individual, organization, agency, employer, or company, including NEO CYMED PUBLISHING LIMITED (operating under the name Cyprus-Mail).