What HBGary Must Do To Survive

(26 Feb 2011) Update added at the end of this post.


There's an art to recovering from a public relations disaster. President Clinton was a master of it. Children died during the Jack-In-The-Box e. Coli outbreak, and in spite of their initial poor handling of it, the executives' actions not only revolutionized the chain but the entire fast-food industry.

Greg and Penny Hoglund's strategy to recover from their sister company's public humiliation and demise bears none of the earmarks of a successful disaster recovery plan - the Triple A:

The apology has to be immediate and sincere. Jack-in-the-Box executives waited a few days, but the company's executives were clearly horrified and remorseful. Some reportedly cried during their deposition.

The apology must be accompanied by an acknowledgment of what you did wrong. Without an acknowledgement, the apology is worthless (i.e., "You want me to say I'm sorry? Fine. I'm sorry. Satisfied?") So is an apology that is accompanied with a modifier (i.e., "I'm sorry, but _____").

You must announce the steps that you are taking to ensure that what just happened doesn't happen again. Jack-in-the-Box's action plan set an entirely new standard for food service that revolutionized the fast food industry:
Within days of the outbreak, Jack in the Box called microbiologist  David Theno and begged him to give up his own business in food research to become vice president of quality assurance and product safety. He accepted and began to build the fast food industry's first Hazard Analysis Critical Control Points (HACCP) program, which attempts to ensure the safety of food at every point at which bacterial contamination can occur.
The executives of HBGary, faced with the public tar and feathering of its creation HBGary Federal, have done none of the above. Instead of the "Three A's", they've chosen to play the role of victim and deny any responsibility for what happened, the latest evidence of which was this plaque at their empty RSA 2011 booth:
Figure 1: photo taken by Paul Roberts of ThreatPost

According to this February 16, 2011 story in the L.A. Times, Jim Butterworth (VP, HBGary) said they were a victim and that HBGary Federal was a completely separate company that just shared a headquarters office in Sacramento. To date, no apology has been forthcoming from anyone at HBGary or their subsidiary HBGary Federal. Greg and Penny Hoglund could have learned a lot by emulating the actions of Palantir's CEO, Dr. Alexander Karp, whose letter of apology was timely, sincere, and included a plan of action.

Even if the Hoglunds were to come to their senses and begin the hard work of acknowledging their role in this scandal, apologize for it, and announce a plan of action that will prevent it from happening again, an awful lot of time has already gone by and their motivations for switching strategies at this late date would be suspect. However with an apology comes the remote chance that they could rebuild trust and integrity over time. Without it, there's no chance at all.

(Update 26 Feb 2011) According to Ars Technica, on 18 Feb 2011, Aaron Barr issued the following statement via his Twitter account: "My deepest personal apology to all those that were negatively effected [sic] by the release of my e-mail into the public."As I pointed out in my original post, this doesn't qualify as an apology because there's no acknowledgement that he did anything wrong. Instead, it's a passive-aggressive attempt to put the blame on someone else.