Some Words on Steinnon

Posted October 18th, 2007 by

OK, this post will be big today. For starters, I use Fortinet products, they’re the heart of my key infrastructure and I’m pretty happy with them.

  1. It’s GAO, OMB, and the House Committee on Government Oversight and Reform, not GSA.
  2. This blog posting is very unprofessional of you, sir. I would expect more from a Chief Marketing Officer. Will your CEO read about how you treat your customers?
  3. Obviously you do not understand your customer base and you are unable to understand their pain points. That is not being a good partner. The appropriate answer is “let’s grab a conference room and talk this over, I want to fix this for you.”
  4. You just provided that individual with his migration plan from your gear onto somebody else’s.
  5. You need to get out walking more and get some better shoes.
  6. Yes, the CIO and his CISO bear most of the responsibility, but if they fail, you fail. Until you understand that, you have much to learn about the Government.

What neither Richard nor his CIO “friend” realize is that it takes a partnership between the Government and the vendors to make it work. Yes, the agencies receive a FISMA grade, but really that failing grade represents the efforts of both the Government and industry. You need to understand that before you go hating on the agencies for low grades.

We all get frustrated dealing with each other. It’s hard for contractors and vendors to understand the Government unless they’ve worked as a GS-scale or SES. I know the contractor side, I know some of the Government side, but I don’t claim to know it all.

But to go out in public and criticize your customers is unthinkable, especially in DC, and especially from a Chief Marketing Officer. You don’t make any permanent enemies here if you can help it, you never know who will end up in charge after the next reorganization.

On the other hand, the purpose of the FISMA grades is to give people a reason to have these conversations. The Government needs to be going to its vendors and saying that they cost too much and don’t fix their problems. That’s supposed to happen, only Richard didn’t handle it well. Don’t tell me this is the first time something like this has ever happened to him.

I just expect more from a vendor and their head of marketing. Thank you for level-setting my expectations for your company, Richard.



Similar Posts:

Posted in FISMA, Rants | 6 Comments »

6 Responses

  1.  shrdlu Says:

    Oooo, SNAP!!

  2.  LonerVamp Says:

    Yeah, I say that to any police officers I see as well, “We pay you tax money and you still can’t prevent all the thefts in this city, and all other crime! I hate you!”

    Granted, you’re right on about Stiennon’s response and what should have gone down. I just wish less CIOs (and other people in general) didn’t see things in such black and white terms: hackable or not hackable.

  3.  Amrit Says:

    Stiennon’s misguided rant aside I wouldn’t hold Fortinet accountable for his lack of judgement – perhaps you could issue a CMO’s are Dead posting 😉

  4.  Stiennon Says:

    Well, if you expect me to act as a shill for my employer on my blog I guess your expectations *do* need readjustment. As someone who works for a government contractor blogging about your customers and playing nice I would expect you to understand the inherent conflicts that arise. I have spent much more of my career independent of vendors than with them.
    Ill-advised Amrit? Would you have advised me to tone it down? Am I the only one who gets frustrated by the lack of preparedness withing the US gov’s various branches? Time is running short people. Maybe I can spark something with my blog. Or, more likely, nothing will change and we can all natter about incident after incident until we retire and let the next generation deal with it.

  5.  Amrit Says:

    Ill-advised? I never said ill-advised I said misguided. It is misguided for the CMO of a network security company to represent problems in the security industry as being only attributable to the inadequate implementation of security technologies and processes while completely ignoring the problems that the vendors have created – look at anti-spyware in 2005. It is also misguided to assume that posting such an antagonistic position would somehow spark change.

  6.  rybolov Says:

    Hi everybody, I’m shutting down comments on this post. =)

    Feel free to comment on some of the other fine blog posts I’ve created over the past year. Might I recommend the following:
    http://www.guerilla-ciso.com/archives/175
    http://www.guerilla-ciso.com/archives/270
    http://www.guerilla-ciso.com/archives/261


Visitor Geolocationing Widget: