Tag Archives: proposal

Do You Address Business Audiences, or Technical Audiences? Yes.

As I’ve said before, there may be many different stakeholders for a particular purchase opportunity.

For the purpose of this post I’m going to dramatically simplify the process by saying there are only two stakeholders for any RFP and any proposal responding to said RFP: “business” people, and “technical” people.

Google Gemini.
  • The business people are concerned about the why of the purchase. What pressing need is prompting the business (or government agency) to purchase the product or service? Do the alternatives meet the business need?
  • The technical people are concerned about the how of the purchase. Knowing the need, can the alternatives actually do what they say they can do?

Returning to my oft-repeated example of an automated biometric identification system purchase by the city of Ontario, California, let’s look at what the business and technical people want:

By FBI – http://www.fbi.gov/news/photos, Public Domain, https://commons.wikimedia.org/w/index.php?curid=18500900.
  • The business people want compliance with purchasing regulations, and superior performance that keeps citizens off the mayor’s back. (As of January 2026, still Paul Leon.)
  • The technical people want accurate processing of biometric evidence, proper interfaces to other ABIS systems, implementation of privacy protections, FBI certifications, iBeta or other conformance statements, and all sorts of other…um…minutiae.

So both parties are reading your proposal or other document, looking for these points.

So who is your “target audience” for your proposal?

Both of them.

Whether you’re writing a proposal or a data sheet, make sure that your document addresses the needs of both parties, and that both parties can easily find the information they’re seeking.

If I may take the liberty of stereotyping business and technical users, and if the document in question is a single sheet with printing on front and back, one suggestion is to put the business benefits on the front of the document with pretty pictures that resonate with the readers, and the technical benefits on the back of the document where engineers are accustomed to read the fine print specs.

Google Gemini. It took multiple tries to get generative AI to spell “innovate” correctly.

Or something.

But if both business and technical subject matter experts are involved in the purchase decision, cater to both. You wouldn’t want to write a document solely for the techies when the true decision maker is a person who doesn’t know NFIQ from OFIQ.

System Award Management, [EXPLETIVE DELETED]

I unintentionally reveal my age when I use terms such as EXPLETIVE DELETED which date back to the Nixon Administration.

Or when the first “Sam” that comes to mind is Sam Winston, known for selling tires.

And you get Sam.

Sadly, Sam Winston passed away in 1995…in an automobile accident, no less.

But today I’m using SAM as an acronym for System Award Management.

The SAM.gov website is a centralized location to inform businesses of U.S. federal government procurements, saving businesses the trouble of visiting every single agency to find bidding opportunities.

When I started in government proposal management my employer focused on state and local opportunities, but today Bredemarket concentrates on federal ones. As a result I scan SAM.gov regularly. Not for me, but for my clients.

And for the record, there is one famous Sam (other than Altman) who is known to 21st century audiences: Samuel L. Jackson. Although I don’t know if Sam has the temperament to manage proposals.

Grok.

Who or What Requires Authorization?

There are many definitions of authorization, but the one in RFC 4949 has the benefit of brevity.

“An approval that is granted to a system entity to access a system resource.”

Non-person Entities Require Authorization

Note that it uses the word “entity.” It does NOT use the word “person.” Because the entity requiring authorization may be a non-person entity.

I made this point in a previous post about attribute-based access control (ABAC), when I quoted from the 2014 version of NIST Special Publication 800-162. Incidentally, if you wonder why I use the acronym NPE (non-person entity) rather than the acronym NHI (non-human identity), this is why.

“A subject is a human user or NPE, such as a device that issues access requests to perform operations on objects. Subjects are assigned one or more attributes.”

If you have a process to authorize people, but don’t have a process to authorize bots, you have a problem. Matthew Romero, formerly of Veza, has written about the lack of authorization for non-human identities.

“Unlike human users, NHIs operate without direct oversight or interactive authentication. Some run continuously, using static credentials without safeguards like multi-factor authentication (MFA). Because most NHIs are assigned elevated permissions automatically, they’re often more vulnerable than human accounts—and more attractive targets for attackers. 

“When organizations fail to monitor or decommission them, however, these identities can linger unnoticed, creating easy entry points for cyber threats.”

Veza recommends that people use a product that monitors authorizations for both human and non-human identities. And by the most amazing coincidence, Veza offers such a product.

People Require Authorization

And of course people require authorization also. They need authorization:

It’s not enough to identify or authenticate a person or NPE. Once that is done, you need to confirm that this particular person has the authorization to…launch a nuclear bomb. Or whatever.

Your Customers Require Information on Your Authorization Solution

If your company offers an authorization solution, and you need Bredemarket’s content, proposal, or analysis consulting help, talk to me.

CIBS: Keeping Secrets From NGI

An interesting item popped up in SAM.gov. According to a Request for Information (RFI) due February 20, the FBI may have interest in a system for secret biometric searches.

“The FBI intends to identify available software solutions to store and search subjects at the classified level.  This solution is not intended to replace the Next Generation Identification System Functionality, which was developed and implemented in collaboration with the FBI’s federal, state, local, tribal, and territorial partners. The solution shall reside at the Secret and/or Top-Secret/SCI level with the ability to support data feeds from external systems.  The solution must allow the ability to enroll and search face, fingerprint, palmprint, iris, and latent fingerprints, and associated biographic information with a given set of biometrics.”

Now remember that the Next Generation Identification (NGI) system is protected from public access by requiring all users to adhere to the CJIS Security Requirements. But the CJIS Security Requirements aren’t Secret or Top Secret. These biometric searches, whatever they are, must REALLY be kept from prying eyes.

The RFI itself is 8 pages long, and is mysteriously numbered as RFI 01302025. I would have expected an RFI number 01152026. I believe this was an editing error, since FBI RFI 01302025 was issued in 2025 for a completely different purpose.

Whatever the real number is, the RFI is labeled “Classified Identity-Based Biometric System.” No acronym was specified, so I’m self-acronyming it as CIBS. Perhaps the system has a real acronym…but it’s secret.

If your company can support such a system from a business, technical, and security perspective, the due date is February 20 and questions are due by February 2. See SAM.gov for details.

Oh Yeah, That Biometric Stuff

Bredemarket works with a number of technologies, but it’s no secret that my primary focus is biometrics. After all, I call myself the “biometric product marketing expert,” having worked with friction ridge (fingerprint, palm print), face, iris, voice, and rapid DNA.

The biometric product marketing expert in the desert.

If I can help your biometric firm with your content, proposal, or analysis needs, schedule a free meeting with me to discuss how I can help.

Regular Content Review Cycles

I probably spend at least 30 minutes a day playing smartphone games, which means that I probably spend at least 15 minutes a day watching ads.

I’m convinced that “games” are in reality ad delivery vehicles whose sole purpose is to lure you to download other ad delivery vehicles.

But back to the topic. I’ve seen some ads countless times, which means I’ve seen this misspelling countless times over the last few months.

Source not revealed.

And apparently no one at the company (a U.S. based firm) has noticed yet.

They would…if they reviewed their existing content on a set schedule with regular content review cycles.

This is a trick I picked up in the proposal world, one I try to implement when possible.

But not always. Apparently some people are still downloading my old SIX content questions from somewhere on the Bredemarket website. Gotta track that down and fix it.

So review your content.

Or pay me to do it.

Bredemarket 404 Web/Social Media Checkup
Bredemarket 404 Web/Social Media Checkup.