Feeds

•  Posts RSS
•  Comments RSS
• Subscribe via Email

Phone-Readable

Recent Comments

• Darren Couch on DHS is Looking for a CISO
• MMO Tag on Training for the Zombie Pandemic
• Sam Bowne on The Rise of the Slow Denial of Service
• jg on Apache Killer Effects on Target
• Apache Killer Effects on Target | The Guerilla CISO on The Rise of the Slow Denial of Service

What’s Hot

Tags

Categories

• Army (24)
• BSOFH (15)
• Cyberwar (7)
• DDoS (7)
• Diary of a Startup (3)
• DISA (9)
• FISMA (148)
• Flyfish (20)
• Hack the Planet (28)
• IKANHAZFIZMA (79)
• ISM-Community (15)
• NIST (93)
• Odds-n-Sods (117)
• Outsourcing (32)
• Public Policy (35)
• Rants (108)
• Risk Management (75)
• Speaking (32)
• Technical (93)
• The Guerilla CISO (80)
• Uncategorized (6)
• What Doesn't Work (87)
• What Works (112)
• Zombies (44)

Blogroll

• Amrit Williams
• Ascension Blog
• BackTrack
• Backwater Angler
• Chateau Blogsville
• Chris Hoff
• Cypher Punk Reading List
• Emergent Chaos
• Gunnar Peterson
• How Is That Assurance Evidence
• InfoSecAlways
• ISM-Community
• ISM-Community Blogs
• ISM-Community Combined Feed
• Jack Whitsitt
• Layer 8
• LOLFED
• Martin McKeay
• My Linux Blog
• NoVa InfoSec Portal
• Rich Smith
• Riskanalys.is
• Rob Newby
• Security Buddha
• Securosis
• Technology Liberation Front
• The New School of Information Security
• The Ninja CISO
• This is Fly
• TSSCI Security

Archives

• October 2012
• May 2012
• December 2011
• November 2011
• September 2011
• August 2011
• April 2011
• February 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007

Blog under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License

Some Words on Steinnon

Posted October 18th, 2007 by rybolov

OK, this post will be big today. For starters, I use Fortinet products, they’re the heart of my key infrastructure and I’m pretty happy with them.

1. It’s GAO, OMB, and the House Committee on Government Oversight and Reform, not GSA.
2. This blog posting is very unprofessional of you, sir. I would expect more from a Chief Marketing Officer. Will your CEO read about how you treat your customers?
3. Obviously you do not understand your customer base and you are unable to understand their pain points. That is not being a good partner. The appropriate answer is “let’s grab a conference room and talk this over, I want to fix this for you.”
4. You just provided that individual with his migration plan from your gear onto somebody else’s.
5. You need to get out walking more and get some better shoes.
6. Yes, the CIO and his CISO bear most of the responsibility, but if they fail, you fail. Until you understand that, you have much to learn about the Government.

What neither Richard nor his CIO “friend” realize is that it takes a partnership between the Government and the vendors to make it work. Yes, the agencies receive a FISMA grade, but really that failing grade represents the efforts of both the Government and industry. You need to understand that before you go hating on the agencies for low grades.

We all get frustrated dealing with each other. It’s hard for contractors and vendors to understand the Government unless they’ve worked as a GS-scale or SES. I know the contractor side, I know some of the Government side, but I don’t claim to know it all.

But to go out in public and criticize your customers is unthinkable, especially in DC, and especially from a Chief Marketing Officer. You don’t make any permanent enemies here if you can help it, you never know who will end up in charge after the next reorganization.

On the other hand, the purpose of the FISMA grades is to give people a reason to have these conversations. The Government needs to be going to its vendors and saying that they cost too much and don’t fix their problems. That’s supposed to happen, only Richard didn’t handle it well. Don’t tell me this is the first time something like this has ever happened to him.

I just expect more from a vendor and their head of marketing. Thank you for level-setting my expectations for your company, Richard.

Similar Posts:

• The Vendors are Already Jumping on the 07-11 Bandwagon
• Once Again, I’m not a Bank!
• No, FISMA Doesn’t Require That, Silly Product Pushers
• On Why I Blog… FUD is the Reason for the Writin’
• You Didn’t Outsource Your Responsibilities

Posted in FISMA, Rants | 6 Comments »

6 Responses

1.  shrdlu Says:
   October 18th, 2007 at 9:07 am

   Oooo, SNAP!!

2.  LonerVamp Says:
   October 18th, 2007 at 4:57 pm

   Yeah, I say that to any police officers I see as well, “We pay you tax money and you still can’t prevent all the thefts in this city, and all other crime! I hate you!”

   Granted, you’re right on about Stiennon’s response and what should have gone down. I just wish less CIOs (and other people in general) didn’t see things in such black and white terms: hackable or not hackable.

3.  Amrit Says:
   October 18th, 2007 at 7:37 pm

   Stiennon’s misguided rant aside I wouldn’t hold Fortinet accountable for his lack of judgement – perhaps you could issue a CMO’s are Dead posting 😉

4.  Stiennon Says:
   October 18th, 2007 at 9:26 pm

   Well, if you expect me to act as a shill for my employer on my blog I guess your expectations *do* need readjustment. As someone who works for a government contractor blogging about your customers and playing nice I would expect you to understand the inherent conflicts that arise. I have spent much more of my career independent of vendors than with them.
   Ill-advised Amrit? Would you have advised me to tone it down? Am I the only one who gets frustrated by the lack of preparedness withing the US gov’s various branches? Time is running short people. Maybe I can spark something with my blog. Or, more likely, nothing will change and we can all natter about incident after incident until we retire and let the next generation deal with it.

5.  Amrit Says:
   October 19th, 2007 at 12:14 pm

   Ill-advised? I never said ill-advised I said misguided. It is misguided for the CMO of a network security company to represent problems in the security industry as being only attributable to the inadequate implementation of security technologies and processes while completely ignoring the problems that the vendors have created – look at anti-spyware in 2005. It is also misguided to assume that posting such an antagonistic position would somehow spark change.

6.  rybolov Says:
   October 19th, 2007 at 1:17 pm

   Hi everybody, I’m shutting down comments on this post. =)

   Feel free to comment on some of the other fine blog posts I’ve created over the past year. Might I recommend the following:
   http://www.guerilla-ciso.com/archives/175
   http://www.guerilla-ciso.com/archives/270
   http://www.guerilla-ciso.com/archives/261