Uncategorized – Page 170

Bredemarket and proposals, part four: other services

So I’ve been going through my list of red bullets from this graphic.

Excerpt from https://bredemarket.com/wp-content/uploads/2022/02/bmtprop-20220221a.pdf

I decided to write posts on some of the red bullets to explain the types of services that Bredemarket offers.

The first post described Bredemarket’s RFx response services.
The second described Bredemarket’s sole source response services.
The third described Bredemarket’s proposal template services.

Which brought me to the fourth bullet, which was a fairly interesting project.

The technical leave behind project

This particular project was an unusual one, for two reasons.

First, there were four companies involved:

Bredemarket.
The company that contracted Bredemarket.
The company that contracted the company that contracted Bredemarket.
The final customer.

Despite all of the layers on this particular project, the people from all four companies worked well together and got the job done.

The second unusual thing about this particular project was that although it was not a proposal project per se, it required proposal expertise.

While I can’t go into details, I can briefly say that the goal of the project was to provide “technical leave behinds” for the final customer. The customer was a consulting firm with significant technical expertise in a particular vendor’s product family. When the customer visited one of its clients, it wanted to leave its client with one or more of these technical leave behinds, each of which was devoted to one of the many products in the product family.

So while these technical leave behinds were not proposals themselves, and on first glance appear to be more along the lines of Bredemarket’s content marketing work, they fulfilled a proposal-like purpose by providing information that the client could subsequently use to request information or a proposal from the consulting firm.

Because of this, the technical leave behinds had to be customer centric and respond to specific needs that customers may have. Maybe not to the specific level of detail that would satisfy 100% of any one customer’s specific needs, but the leave behinds at least had to address some major needs in template form.

So what?

Those of you who have read my writing on benefits knew that this question was coming.

“So Bredemarket can author technical leave behinds. So what?”

The benefit to you is that Bredemarket can work with you to create text to meet any of your needs, even if it doesn’t fit into some nice neat category such as a sole source proposal or an RFP response or a case study or a white paper or a blog post. For example, over the years I’ve not only created technical leave behinds, but I’ve also created and/or maintained trade show demonstration scripts, brief company analyses, customer and competitor installation lists, internal information services, external information services (including dedicated LinkedIn and Facebook pages devoted to particular topics), website and social media analyses, and a myriad of other pieces of written content.

If you need any type of written content that can help your company connect with other companies, let me know and I’ll work with you to create that content.

Send me an email at john.bredehoft@bredemarket.com.
Or go to calendly.com/bredemarket to book a meeting with me.
Or go to bredemarket.com/contact/ to use my contact form.

OK, now I’m done with expanding on the red bullets. There’s no point in expanding on the fifth bullet, “Additional proposal work for Bredemarket itself,” because that service is of no benefit to you. It only benefits me. Similarly, my MorphoTrak and Printrak proposal work won’t benefit you, unless you work for IDEMIA and are making money off of my prior work.

Again, if you missed any posts in the series, be sure to visit parts one, two, and three. And let me know if I can help you.

Bredemarket and proposals, part three: proposal templates

This is the third installment in my post series about the proposal services that Bredemarket provides to its clients. If you missed them, be sure to read part one about Bredemarket’s RFx response services, and part two about Bredemarket’s sole source response services.

We’re moving through the red bullets in my projects list. Let’s continue.

The need for proposal template services

Often when a company first writes a proposal, the entire thing is written from scratch by a bunch of proposal writers, subject matter experts (SMEs), and executives, and after some extraordinary effort, the proposal goes out the door.

Then the time comes to write a second proposal. “Let’s start with the text from the first one,” everybody says, and the second proposal goes out the door (hopefully with less effort).

This borrowing from other proposals continues, except when it doesn’t. At some point, someone is going to say, “All of these previous proposals are terrible, so I’m going to write my own.”

After a few years, the company has a collection of proposals…and quite possibly a host of problems. Here are a few things that could happen:

The proposals include inconsistent information. Some say that the company’s solution is supported on Windows 11, others say it’s supported on Windows 10 and 11, and there’s an old proposal that says the company’s solution is supported on Windows 7. Unfortuately, that latter proposal may be the one that someone borrows to write a new proposal, with disastrous results.
The proposals include even more inconsistent information. Maybe some proposals say the product name is GreenWidget. Others say it’s Green Widget. Others say it’s WidgetCo’s GreenWidget. Others say it’s GreenWidget by WidgetCo, Inc. And heaven help you if WidgetCo was acquired by BigMegaCorp.
The proposals include downright incorrect information. Maybe half of the proposals that you’ve issued over the years talk about how GreenWidget operates on both 110 volts and 220 volts. An engineer, reading the proposal that you submitted to the customer yesterday, says to you, “Oh, we discontinued 220 volt support last year.” Oops.

So how do you not only prevent these inconsistencies and mistakes from happening, but ensure that everyone is conveying the same message?

First, you create a proposal template, proposal library, proposal boilerplate, or whatever you want to call it that includes a standard set of text to use in every future proposal (RFx response or sole source letter). This text is reviewed by subject matter experts, executives, and others to ensure that it is correct.

Second, you review this text on a regular basis to make sure that it is up to date, and references to old operating systems and sunsetted features are removed so that they don’t slip into future proposals.

My experience with proposal templates

My personal experience with templates dates back over twenty years, from multiple perspectives.

After several years of working for Printrak, we decided that we needed to establish a standard set of proposal text for both RFP responses and sole source letters. So a coworker (Dorothy) and I flew to San Francisco for some training in the use of a particular package.

However, before I could actively participate in implementing the package, I changed jobs and became a product manager.

In other words, I was now one of the subject matter experts that not only needed to ensure the proposal text was accurate, but in some cases actually provide the proposal text that described the new features of my product.

So Dorothy and her coworker Peter had to contact me to provide my inputs to them.

Sometimes more than once.

In fact, one time they were so surprised that I finally DID provide input that Dorothy created an origami of a flying pig. I have a picture of that flying pig somewhere, but rather than hunt it up I’ll display this picture instead. You get the idea.

By Torreteo at Italian Wikipedia, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=37823185

Dorothy and Peter had the last laugh, however, because I eventually rejoined Proposals when Dorothy moved to Marketing, and therefore I was responsible for bugging the SMEs about reviewing and updating proposal text.

Dorothy and Peter left the company before I did. After one final switcheroo in which I went to Marketing and Dorothy to Proposals, Dorothy ended up leaving the company. Peter eventually left himself to get married, and move to…

(Major intrusion of reality follows.)

…Kyiv, Ukraine, in his new wife’s home country. Obviously with everyone that’s been going on over the past few days, I’ve been monitoring Peter’s social media posts closely. At the time I am writing this post (noon Pacific Time on Monday February 28), I believe Peter and his wife are still safe.

Let’s move on.

Bredemarket’s solution for proposal template services

I’ve helped clients with various types of proposal templates.

In some cases, I’ve helped clients who have purchased prepackaged proposal template solutions. As of today, I offer specific experience in Upland Qvidian and Privia products, and I’ve been told that other solutions such as RFPIO and RocketDocs are similar.

In some cases, I’ve helped clients who didn’t want to spend money to acquire those prepackaged solutions. In those cases, I’ve created Microsoft Word files, either letters which can be customized to meet the needs of a particular customer, or files from which people can extract vetted responses and incorporate them into letters or RFx responses.

In either case, my clients benefit from responses that have been reviewed by subject matter experts for accuracy, are easy to use, and can generate business for my clients very quickly.

One of my clients was extremely happy with my solution.

“I just wanted to truly say thank you for putting these templates together. I worked on this…last week and it was extremely simple to use and I thought really provided a professional advantage and tool to give the customer….TRULY THANK YOU!”

Do you need Bredemarket’s proposal template services?

Whether you need a library of responses, or one or more template letters, I can help you.

Send me an email at john.bredehoft@bredemarket.com.
Or go to calendly.com/bredemarket to book a meeting with me.
Or go to bredemarket.com/contact/ to use my contact form.

I hope that you’ve enjoyed this series on the proposal services that Bredemarket can provide, and I hope that you’ve seen how all of these services can work together.

Oh, but there’s one more thing…

Bredemarket and proposals, part two: sole source responses

This is the second post in a series that discusses the proposal services that Bredemarket can provide. A previous post described Bredemarket’s RFx response services. This post describes Bredemarket’s sole source response services.

The need for sole source response services

The nice thing about sole source responses is that you’re (usually) not competing against anyone else, and therefore have the customer’s full attention. In some cases, the customer has specifically asked you to prepare a proposal. In other cases, you provide an unsolicited proposal to the customer.

Of course, a sole source proposal needs to respond to the customer’s requirements. Obviously the customer hasn’t provided you with a written Request for Proposal, but perhaps the customer has provided some written or verbal list of what is required. And if the customer hasn’t provided you with this information, ask. There’s no point in proposing a 1,000 record fingerprint system when the customer really wants a 10,000 record face system.

In addition, a sole source proposal has to be customer centric, just like a formal RFP response. Far too many sole source proposals spend an inordinate amount of time talking about how great the proposer is, and little or no time talking about what the customer needs.

Bredemarket’s solution for sole source response services

Once I understand what the end customer needs, and what my client can offer to meet the end customer’s needs, I can help the client come up with a story that resonates with the end customer. In some cases, the client already has a proposal library that describes its standard products and services that can be used as a starting point. Remember, however, that standard text often has to be massaged to meet the needs of a specific client. Even when I’ve created a proposal template for a client (foreshadowing a future post in this series!), I’ve often found that the template text needs to be modified a bit when it’s placed in a final letter to a client.

In all cases, my sole source proposal services are similar to my content marketing services in one respect; they are collaborative. Both my input and my client’s input is essential to ensure that the final product makes the case to the customer.

Do you need Bredemarket’s sole source response services?

If I can help you with sole source responses:

Send me an email at john.bredehoft@bredemarket.com.
Or go to calendly.com/bredemarket to book a meeting with me.
Or go to bredemarket.com/contact/ to use my contact form.

And now those who paid attention to my foreshadowing know what I’m going to talk about next…

Bredemarket and proposals, part one: RFx responses

If you saw my “two truths and no lies” post, you probably saw that I recently updated my Bredemarket and Proposal Services page and the accompanying collateral.

It occurred to me that some of the acronyms in the red bullets above may be gobbledygook to some people, so I thought I’d delve into some of the bullets, beginning with the first one.

(Warning: post series ahead.)

The need for RFx response services

“RFx” is shorthand for a number of “request for” items, including requests for proposals, requests for information, and requests for comment. These RFx documents ask entities to submit a formal response in the format dictated by the RFx document. The response may be one page long, five pages long, or one thousand pages long. The response may include a simple narrative, or the entity may need to submit specific forms with specially formatted answers to dozens or hundreds or thousands of questions.

In the ideal world, the entity knows that the RFx document is coming, and has been working for years on its response. (How can you know how to respond when the RFX hasn’t even been issued? Know your customer.)
In the non-ideal world, an account manager goes to the proposal team and says, “Hey, our customer issued an RFP last week. I had no idea it was coming. But the customer really likes us, as long as we get our price down.”

In any case, an entity that wants to respond to an RFx needs to read the document and develop a response that puts the customer first (see Truth Number One here), complies with all requirements, scores high on the RFx’s evaluation criteria, is easy for an evaluator to evaluate (see Truth Number Two here), and wins the business.

Bredemarket’s solution for RFx response services

As you can see from my collateral, Bredemarket has assisted its clients with nine (so far) RFx responses, all of which were either responses to Requests for Information (RFIs), or responses to Requests for Proposal (RFPs).

There are differences between the two.

In the Request for Information stage, you still have an opportunity to shape the final procurement (if a final procurement takes place). For example, if you offer a green widget and your competitors do not, your RFI response will make an important point about how the customer will benefit from a green widget, and a solution without a green widget is substandard.

(One important point here. I didn’t say that the RFI response should say that XYZ Company offers a green widget that is a technological marvel. I said that the RFI response should say that the customer will benefit from a green widget.)

In the Request for Proposal stage, the time to shape the final procurement has already passed. (This is why you engage with a customer years before the customer issues an RFP.) At this stage you have to go all out and win the business, telling the customer how they will benefit from your solution.

The mechanics of writing an RFx response have varied between my clients. In some cases, I have worked with one or two people to come up with the response, and the client then sent it out. In other cases, I have worked as part of a team of dozens of people in multiple companies to come up with the response, and followed multiple processes to ensure that the proposal is not only sound, but is approved at the corporate level of the client. Some processes are dictated by the client, but some clients have no processes which means that I need to implement a simple one to get the job done.

Do you need Bredemarket’s RFx response services?

If you need help responding to an RFP, RFI, or related document:

Send me an email at john.bredehoft@bredemarket.com.
Or go to calendly.com/bredemarket to book a meeting with me.
Or go to bredemarket.com/contact/ to use my contact form.

Oh, and by the way, Bredemarket offers more than RFx response services. Stay tuned for the next installment on sole source responses.

Why am I using the word “casetimonial”?

We often get bent out of shape trying to come up with precise definitions of things. While sometimes this precision is warranted, there are times when it is overkill.

Take the answer to this question:

What is the difference between a case study and a testimonial?

Not that type of case. By Thomas Quine – Lead type case, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=51684202

Not that type of testimonial. By Ron Kroon / Anefo – http://proxy.handle.net/10648/ad8f32c4-d0b4-102d-bcf8-003048976d84, CC0, https://commons.wikimedia.org/w/index.php?curid=66733380

Some people have taken some time answering the question about the difference between a case study and a testimonial. For example, here’s what Juliet Platt says:

The difference between Case Studies and Testimonials is really length and depth.
From https://casestudywriter.co.uk/whats-the-difference-between-a-case-study-and-a-testimonial/

Platt then gives examples of the longer, in-depth nature of case studies vs. the shorter nature of testimonials.

Another person who has addressed the question is Donna St. Jean Conti:

“Show me ROI, or it’s not a case study.” An editor told me this some 15 years ago, and he was so right.
From https://www.agilitypr.com/pr-news/public-relations/whats-the-difference-between-a-case-study-and-a-testimonial/

This gets into the difference between quantitative information and qualitative information. By this definition, a case study always has to address return on investment, or it’s not a case study.

I have a different view

While I respect the views of these two people (and others), I have a different view. My answer to the question “What is the difference between a case study and a testimonial” is as follows:

Who cares?
From https://bredemarket.com/bredemarket-and-case-studies/

Let me explain.

Regardless of what you call the document, a case study or a testimonial allows a firm to attract new customers by showcasing the successes of existing customers.
From https://bredemarket.com/bredemarket-and-case-studies/

And as far as I’m concerned, the length of the piece and the choice to use quantitative or qualitative data (or both) is secondary to the primary purpose, which is to present an example that resonates with a potential customer.

Not that I don’t have ANY rules. Whether you’re writing a case study or testimonial, I like to structure it with the following format:

The problem.
The solution.
The results (from using the solution to solve the problem).

This format allows a customer-centric presentation with which the reader can identify. “Hey, Joe’s Garage used this widget to solve their problem. Maybe I can use this widget to solve a similar problem.”

Now perhaps others use a different outline for their case studies or testimonials. And that’s…OK.

For those of you old enough to remember Stuart Smalley. By http://www.tvacres.com/words_stuart.htm, Fair use, https://en.wikipedia.org/w/index.php?curid=31855280

My own term

So for ease of communication, I’ve decided to adopt a different term. It’s not original with me, but it doesn’t look like anyone else is currently using the term on a regular basis.

Instead of using awkward references to “case studies and/or testimonials,” I’m just going to refer to casetimonials.

I used the casetimonial term a lot on this page (recently revised) on the Bredemarket website, which not only includes a shorter form of the discussion above about the difference between a case study and a testimonial, but also discusses how a casetimonial can be used, how it can be repurposed, the types of firms that can benefit from casetimonials, and how Bredemarket can help you create your own casetimonials.

If you can use Bredemarket’s assistance with communicating past customer successes to future clients:

Send me an email at john.bredehoft@bredemarket.com.
Or go to calendly.com/bredemarket to book a meeting with me.
Or go to bredemarket.com/contact/ to use my contact form.

Who is THE #1 NIST facial recognition vendor?

(Part of the biometric product marketing expert series)

(When I wrote this in 2022 I used the then-current FRVT terminology. I’ve updated to FRTE as warranted.)

As I’ve noted before, there are a number of facial recognition companies that claim to be the #1 NIST facial recognition vendor. I’m here to help you cut through the clutter so you know who the #1 NIST facial recognition vendor truly is.

You can confirm this information yourself by visiting the NIST FRTE 1:1 Verification and FRTE 1:N Identification pages. The old FRVT, by the way, stood for “Face Recognition Vendor Test”—and has subsequently been replaced by FRTE, “Face Recognition Technology Evaluation.”

From https://www.nist.gov/programs-projects/face-recognition-vendor-test-frvt

From https://www.nist.gov/programs-projects/face-technology-evaluations-frtefate.

So I can announce to you that as of February 23, 2022, the #1 NIST facial recognition vendor is Cloudwalk.

And Sensetime.

And Beihang University ERCACAT.

And Cubox.

And Adera.

And Chosun University.

And iSAP Solution Corporation.

And Bitmain.

And Visage Techologies.

And Expasoft LLC.

And Paravision.

And NEC.

And Ptakuratsatu.

And Ayonix.

And Rank One.

And Dermalog.

And Innovatrics.

Now how can ALL dozen-plus of these entities be number 1?

Easy.

The NIST 1:1 and 1:N tests include many different accuracy and performance measurements, and each of the entities listed above placed #1 in at least one of these measurements. And all of the databases, database sizes, and use cases measure very different things.

Transportation Security Administration Checkpoint at John Glenn Columbus International Airport. By Michael Ball – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=77279000

For example:

Visage Technologies was #1 in the 1:1 performance measurements for template generation time, in milliseconds, for 480×720 and 960×1440 data.
Meanwhile, NEC was #1 in the 1:N Identification (T>0) accuracy measurements for gallery border, probe border with a delta T greater than or equal to 10 years, N = 1.6 million.
Not to be confused with the 1:N Identification (T>0) accuracy measurements for gallery visa, probe border, N = 1.6 million, where the #1 algorithm was not from NEC.
And not to be confused with the 1:N Investigation (R = 1, T = 0) accuracy measurements for gallery border, probe border with a delta T greater than or equal to 10 years, N = 1.6 million, where the #1 algorithm was not from NEC.

And can I add a few more caveats?

First caveat: Since all of these tests are ongoing tests, you can probably find a slightly different set of #1 algorithms if you look at the January data, and you will probably find a slightly different set of #1 algorithms when the March data is available.

Second caveat: These are the results for the unqualified #1 NIST categories. You can add qualifiers, such as “#1 non-Chinese vendor” or “#1 western vendor” or “#1 U.S. vendor” to vault a particular algorithm to the top of the list.

Third caveat: You can add even more qualifiers, such as “within the top five NIST vendors” and (one I admit to having used before) “a top tier NIST vendor in multiple categories.” This can mean whatever you want it to mean. (As can “dramatically improved” algorithm, which may mean that you vaulted from position #300 to position #200 in one of the categories.)

Fourth caveat: Even if a particular NIST test applies to your specific use case, #1 performance on a NIST test does not guarantee that a facial recognition system supplied by that entity will yield #1 performance with your database in your environment. The algorithm sent to NIST may or may not make it into a production system. And even if it does, performance against a particular NIST test database may not yield the same results as performance against a Rhode Island criminal database, a French driver’s license database, or a Nigerian passport database. For more information on this, see Mike French’s LinkedIn article “Why agencies should conduct their own AFIS benchmarks rather than relying on others.”

So now that you know who the #1 NIST facial recognition vendor is, do you feel more knowledgeable?

Although I’ll grant that a NIST accuracy or performance claim is better than some other claims, such as self-test results.

When you DON’T want to cut the cord

No pretty picture in this post, for reasons that will become apparent.

My home office is (drumroll) at home, which means that my laptop accesses the world via the wi-fi on my home Internet service.

Well, not at the moment, since one of the outside wires that runs to my modem was accidentally cut, and can’t be repaired until tomorrow.

While I can conduct a limited amount of business using my phone’s 4G connection, I can’t do anything substantive. If an emergency pops up I can go to a Starbucks (if not closed due to COVID) or another wi-fi source, but for the most part I am limited in what I can do.

Let’s see how much I CAN do.

Two truths and no lies, the proposals edition

(Updated 4/18/2022 with additional customer focus information.)

You’re probably familiar with “two truths and a lie,” where a person makes three statements and you have to guess which of the three is a falsehood.

As part of my ongoing efforts to update the Bredemarket website, I just updated my “Bredemarket and proposal services” page. Among other things, it now contains two BOLD CAPITALIZED truths…and no lies.

I’ll be the first to admit that these truths, picked up during my time in the proposals industry, are in no way unique to me. Many other people have shared them frequently, and I’ve heard both of these truths shared in the last month alone on a recent proposal engagement.

But I suspect that some people are not aware of these truths, so I thought I’d share them.

Truth Number One

Here’s the first of the two truths from my “Bredemarket and proposal services” page.

THE CUSTOMER DOESN’T CARE ABOUT HOW WONDERFUL YOUR FIRM IS.
From https://bredemarket.com/bredemarket-and-proposal-services/

Allow me to use an example that won’t impact any of my work with my clients.

Mark owns a meat company that provides meat to restaurants and other food services. Carlos owns a taco truck and needs meat for his tacos. The meat has to meet U.S. Food and Drug Administration and California state standards, needs to meet Carlos’ own standards, and needs to be delivered every day at 7:00 am so that Carlos can get his taco truck on the road.

So when Mark approaches Carlos, this is what he says:

Guasti Meat was established on February 23, 1947 in Guasti, California by Michael Smith, a butcher who was originally born in Nowata, Oklahoma. The company was headquartered in Guasti for 17 years before moving to its current facility in Colton, California. Our main building occupies 97,526 feet of floor space and incorporates Guasti Meat’s color scheme, which was established by Morton Smith Jr., an artist and nephew of the founder who has also produced designs for Enron, Kodak, Montgomery Ward, and other well-known firms. We employ 250 personnel, all of whom are entitled to post-secondary educational benefits. We sell meat to over 1,000 customers in 17 U.S. states.

Did Mark ask Carlos about what Carlos likes to see in the meat he purchases?

Did Mark ask Carlos where the meat should be delivered?

No.

Mark’s attitude was that if he shared these important facts about Guasti Meat, Carlos would be so impressed that he would immediately start to do business with such a respectable company.

This is obviously ridiculous, but many companies act in the same fashion when writing proposals. When they write their executive summaries, the first thing that they talk about is themselves.

Who cares?

(4/18/2022: For additional information on customer focus, click here.)

The customer has their OWN problems that they need to solve. Tell the customer how you will solve them.

Truth Number Two

Here’s the second truth from the page.

PROPOSAL EVALUATORS DO NOT READ PROPOSALS.
From https://bredemarket.com/bredemarket-and-proposal-services/

Before I ever wrote a single proposal for Printrak, I actually helped write a Request for Proposal (RFP) for another company. Now frankly it was a pretty simple RFP, in which the respondents merely had to check items in a checklist to indicate whether the respondents’ software packages could do what we wanted. Even with the short responses that we as evaluators had to read, we didn’t spend much time on them.

Did the respondent check every single box? Well, obviously they didn’t read the requirements carefully, because no one does everything. Let’s not look at them.
Did the respondent ignore all of the boxes and write a separate description? Well, if they don’t have time to answer our questions, let’s not look at them either.
How many companies are left? Two? OK, we’ll talk to them.

And that was the evaluation time that was spent on simple proposal responses. How much time do you think evaluators will spend evaluating one of Bredemarket’s recent projects, in which I contributed to a 1,000-page proposal that had hundreds upon hundreds of requirements? Remember that evaluators have to read these responses for ALL of the proposals that are submitted.

The proposal team for this project wrote our responses as follows:

In the first part of every requirement response, make sure that we explicitly say that we comply. That way, even if the evaluator only spends ten seconds reading our response, the evaluator will at least know that we claim compliance.

“If the evaluator only spends ten seconds reading our response”?

Yes.

After all, the evaluators have to read ALL of the material in OUR proposal, plus ALL of the material in all the OTHER proposals. They’re not going to have the luxury to spend an inordinate amount of time, such as five minutes, reading each single response. The evaluators are going to plow through the responses as quickly as possible.

Because of this, our writing team also did the following:

Use the RFP language in your response.

I gave an example on my page:

Oh, and if the customer refers to a “product demonstration,” then your proposal had better use the exact words “product demonstration.” If you say that you will provide a “capabilities presentation,” the customer will not see the words THEY were looking for and may conclude that you refuse to provide the product demonstration that they want.
From https://bredemarket.com/bredemarket-and-proposal-services/

Let’s face it; if an evaluator is only spending ten seconds on your response, the evaluator is going to look at the RFP requirement that says “product demonstration,” and then skim your response for the words “product demonstration.”

If the evaluator immediately finds those specific words in your response, then the evaluator is happy, marks compliance, and moves on to the next requirement to see how you complied with that one.

If the evaluator doesn’t find those specific words in your response, then the evaluator has to stop, think, and read the words that you used in your response.

If you’re lucky, the evaluator will see your words “capabilities presentation,” conclude that you meant to say “product demonstration,” and grudingly give you credit while cussing you out for making the evaluation harder.
If you’re NOT lucky, the evaluator will miss your words “capabilities presentation,” conclude that you have NOT committed to a product demonstration, give you no points, regret the ten seconds of life that were lost, and then move on to the next response and wonder if you aren’t compliant with that one either.

I shouldn’t have to say this, but you want your proposal evaluator to LIKE you, not HATE you. Make the evaluator’s job easier.

The rest of the story

These two truths are only part of the new content on my Bredemarket and proposal services page. I also incorporated updated proposal statistics in the brochure at the top of the page, expressed a few other opinions about proposal work (while restraining myself from writing much, much, more). and borrowing some text from this post to beef up the examples of proposal deliverables at the bottom of the page.

So viewers of the Bredemarket and proposal services page will now have updated information about the number of projects I have completed, the services I have offered, and the truths to which I hold.

What is truth? By Nikolai Ge – http://www.picture.art-catalog.ru/picture.php?id_picture=7515, Public Domain, https://commons.wikimedia.org/w/index.php?curid=4267825

Now I just have to remember to update my project list on this and other pages on a regular basis.

Friction and emerging threats: two items to consider when implementing multifactor authentication

For my long-time readers, here’s a quiz. Read the four statements below and take a guess as to which one of these statements best reflects my views.

With recent accuracy improvements, facial identification is the only identification method that you will ever need in the future.
Possession of a driver’s license is sufficient to prove identity.
Fingerprints are the tried and true authentication method; you don’t need anything else.
Passwords are dead.

Readers, this was a trick question. I don’t agree with ANY of these statements. It is possible to subvert facial identification methods. Your twin can steal your driver’s license. Fingerprints can be subverted also. And passwords have their place.

If you’ve read my writings for any length of time, you know that I believe that any single authentication factor is not a reliable method of authenticating someone. Multifactor authentication, in which you use more than one of the five authentication factors, is a much stronger method. It’s possible to spoof any single authentication factor (a gummi fingerprint, a fake driver’s license, etc.), but it’s much harder to spoof multiple factors.

No, they don’t have ridges. By Thomas Rosenau – Own work, CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=685011

Please note that I am referring to multiple FACTORS, not multiple TYPES OF BIOMETRICS (for example, authenticating finger and face and declaring victory). All biometrics fit within the “something you are” category, and it’s much better to combine this factor with one or more of the other four: something you know, something you have, something you do, and somewhere you are. Or perhaps use two factors other than biometrics. The important thing is that you use multiple factors.

What of the vendor that only offers one type of biometric authentication? Or the vendor that only offers biometric authentication? Or the vendor that only processes secure documents? Or the one with really strong password protection schemes? Well, in my humble opinion these vendors need to partner with other vendors who support other authentication factors, to ensure delivery of a robust solution.

Julie Pattison-Gordon made many of these points in a recent GovTech article, “Cyber Refresher: Understanding Multifactor Authentication.” But she made two additional points that are worth mentioning.

Friction and authentication

The first point that Pattison-Gordon makes is the following:

Agencies may need to consider how their selection of authentication methods creates or avoids friction for employees.

Friction, in which a task becomes hard to perform, is bad.

Not sure how Jack feels now that the Lakers are, um, subpar. By May be found at the following website: http://www.impawards.com/2003/anger_management.html, Fair use, https://en.wikipedia.org/w/index.php?curid=11893883

Some authentication methods have, or can have, more friction than others. For example, some password implementations require use of characters from the Roman, Greek, and Cyrillic alphabets and require you to change your password daily. (I exaggerate only slightly.) Older iris readers required you to put your head directly against the reader, like if you were at an opthamologist’s office. Even today, most fingerprint readers require you to touch your finger against a platen. (There are exceptions.)

But why worry about friction? After all, if someone’s required to perform some type of authentication, they’re going to do it regardless of how hard it is.

Oh no they’re not:

Speaking during a panel last month, Delaware Chief Security Officer Solomon Adote said that workers who find MFA processes too cumbersome may adopt unsafe workarounds, such as storing official files on personal devices to let them skip login procedures entirely.

This is worse than an abandoned shopping cart, since it’s the abandonment of an entire security infrastructure. When security is too cumbersome, the result is little or no security at all.

I feel safe now. By IMP Awards, Fair use, https://en.wikipedia.org/w/index.php?curid=42298113

It is possible to improve all authentication methods to reduce friction. Strong yet easy passwords that you don’t have to change all the time. “On the move” capture of all sorts of biometrics, including fingerprints, faces, and irises. The ability to read information on secure documents without sliding them through a card reader (yet incorporating protections against unauthorized reading of the data).

Trust me – frictionless will make people happier and will cause them to use your security methods without objection.

Emerging threats and authentication

Pattison-Gordon makes a second point:

Organizations must also weigh the cyber threats facing each type of authentication, as malicious actors continue evolving their strategies.

No authentication method is foolproof, and every authentication method attracts one or more threats. I’ve mentioned some in passing in this post, such as “gummi fingerprints” in which someone creates a fake fingerprint with the ridge detail from a true fingerprint. Pattison-Gordon mentions another threat, SIM swapping.

There are ways to deal with these two threats. For example, if a gummi fingerprint is literally a piece of non-organic material, there are various methods of liveness detection (tempreature, heartbeat detection, skin features) that can identify the fingerprint as fake.

However, this does not solve the problem, since some day some fraudster will create a fake fingerprint that appears to have human skin, a temperature, a detectable heartbeat, and everything else that a real fingerprint will have.

Security is a constant war between the fraudsters who develop a hack, the cybersecurity folks who develop a block to the hack, and the fraudsters that develop a new hack that avoids the block to the previous hack. No authentication method is foolproof.

This is one of the benefits of multifactor authentication. When this is used, then the fraudster needs to hack something you are AND something you know AND something you have AND something you do AND somewhere you are. MFA hacking is not impossible, but it is much, much more difficult than hacking a single factor.

And you also have to keep up with the latest hacks and continue to research. Don’t quit researching an authentication method just because it seems great now.

(A couple of you may know why I said that.)

Retabulating the work that Bredemarket has done for clients (as of February 16, 2022)

My biometric/identity collateral wasn’t the only thing that I updated yesterday.

As part of my preparation for yesterday evening’s Ontario IDEA Exchange meeting, I took the time to update my “local” brochure. (Because local is important: see the first of my three goals for 2022.) This brochure includes a section that discusses the types and numbers of pieces that I have prepared for clients, including the number of case studies, the number of RFx responses, and so forth.

Those numbers hadn’t been updated since last September.

Before going to the meeting, I wanted to make sure my “local” brochure had the latest numbers.

I’ll go ahead and share them with you. This covers the projects that Bredemarket has completed for clients over the last 18 months, as of February 16, 2022:

Fourteen (14) case studies
Eight (8) articles (blog posts)
Three (3) service offering descriptions
Three (3) white papers
Nine (9) RFx responses
Four (4) sole source responses
Six (6) proposal templates
One (1) technical leave behind
Two (2) biometric analyses

Inland Empire B2B Content Services from Bredemarket.

As it turns out, I didn’t hand out my local brochure to anyone at last night’s IDEA Exchange. (It was a small crowd, most of whom I already knew.)

But at least I’ve tabulated the numbers.

Now I just have to update all of my NON local collateral…