Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

My new RFP template.

To make it easier on all the security vendors out there, I’m now releasing my crescent fresh  RFP Template.  Now they’ll have a much easier time responding.  And all you issuers of RFPs out there, feel free to borrow it too; it’ll save you time when you have to review the responses.

1.  Vendor information:  Brag here about how STuDLy your company is and how you’re the only and the best and you really know how to treat customers right.  List some of your most impressive customers; the list should include something military (no matter if it’s the Waxahachie Department of Defense) and at least one bank (North American Regional Chartered Union Standard Bank and Trust, Ltd.).

2.  FUD section:  Talk here about how important security is and how you take it seriously.  Throw out some wild and yet stale statistics about how many billions of dollars were lost because of some worm somewhere.

3.  Management program:  Copy and paste an entry from a Project Management 101 textbook here.  Say it’s your own proprietary model.

4.  Details of services:  Copy and paste some other vendor’s marketing literature here. 

5.  Security risk model: You must include at least one Fortress Analogy and one Onion Analogy.  Bonus points for any process graphic that is not circular.

6.  Omissions:  Leave out sections of the RFP that you didn’t feel like doing the homework for.

7.  Qualifications:  Refuse to give out any names of actual customer references or financial statements.  Instead, include the resumes of your five employees, the minority relative you sold the business to in order to get HUB credits, and the project manager who actually runs everything and keeps possession of the cell phone.

8.  Throw more verbiage at me: Include reams of photocopies of the user guides for whatever products you’re trying to rebrand as your own for your response.  Expect that this will compensate for the fact that you didn’t actually write anything technical in the earlier sections.

9.  Example service contract:  Put in a sample statement of work and forget to redact the name of your last customer from it.

(Optional: Print the whole thing on some weird-ass textured stationery paper that bleeds onto my hands.)

Posted by shrdlu on Saturday, June 09, 2007
(5) CommentsPermalink blogmarks Favicon del.icio.us Favicon Digg Favicon Fark Favicon Furl Favicon Google Bookmarks Favicon StumbleUpon Favicon Technorati Favicon TailRank Favicon

Next entry: My coming-out post.

Previous entry: Marc's Productivity Pr0n.

Comments

Dutcher United States on 06/10  at  12:43 AM:

Sweet.

Netherlands on 06/10  at  03:16 AM:

Note to self: stay on good side of shrdlu.

Alex United States on 06/10  at  09:56 AM:

You know, my favorite RFP tactic is death by paper. 

Make sure your RFP is 300 pages long because you have essentially re-worded versions about 3-5 NIST documents.

Here’s a link for you!

http://youtube.com/watch?v=dasab33h1nQ&mode=related&search;=#

Anton Chuvakin United States on 06/11  at  02:03 PM:

>And all you issuers of RFPs out there, feel free to borrow it too

They already do!!!

Lately I’ve seen RFPs that stop just a tiny bit short of asking your cat’s second cousin’s name and how often did your engineers used to fart when they were 3 years old…

shrdlu United States on 06/11  at  08:22 PM:

*taking notes*

Page 1 of 1 pages

Add a comment

Name:

Email:

Location:

URL:

Smileys

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: