Lumen Tech

BACKGROUND

Please describe your company and position.

I am the Director of IT of an engine manufacturer

Describe what your company does in a single sentence.

Build world class engines, also contracts with DOD, Aerospace and Medical for Manufacturing. 

OPPORTUNITY / CHALLENGE

What specific goals or objectives did you hire Lumen Tech to accomplish?

• Managed Services and Security
• Compliance Level 2 Certification
• Remain ITAR Compliant
• IT Strategy Consulting
• Compliance Consulting

SOLUTION

How did you find Lumen Tech?

Cold Call while searching for MSP's

Why did you select Lumen Tech over others?

• Pricing fit our budget
• Good value for cost
• Company values aligned
• They currently have/hadcustomers with Dept of Defense, Aerospace and Medical Contract

How many teammates from Lumen Tech were assigned to this project?

6-10 Employees

Describe the scope of work in detail. Please include a summary of key deliverables.

They were to take over managed services:

• Patches
• Minor network help
• Updating switches
• Adding storage to vm's
• Patching servers
• Building VM's
• Occasional desktop support
• Manage firewalls
• Cyber Security to the level of whats required to stay compliant in for CMMC level 2 and ITAR

They assured our team that moving forward we would be able to get us certified in CMMC level, help maintain our ISO and AS certifications(Within their control)

RESULTS & FEEDBACK

What were the measurable outcomes from the project that demonstrate progress or success?

THey have completely failed in regards to what we needed. We trusted what they brought to the table was in scope for moving our company towards being certified and maintaing our ITAR certification. The original SOW contained offshore support in which we called out in our kickoff meeting to change. That is a violation of ITAR for the manufacturing side of our business. 

We were under the impression that it was taken care of and ready to move on. We get to the onboarding and we spent 20 minutes meeting everyone and began discussing the design and approach Lumen wanted to take. 

They asked us me to create a jump server that gave access to an offshore support team. We informed the Lumen team member leading the charge that we cannot move forward until this is fixed. The next call was the same thing, the third call was also the same, at that time we discontinued onboarding to allow Lumen to fix this. 

THere was a two 1/2 week gap or so, in that time I did as much research on CMMC as I possbily could to make sure we were going down the right road. THe Cyber AB released a May town hall video which altered the landscape a bit on what type of company(s) would be allowed to support a company seeking a certification in CMMC level 2. 

This town hall clearly stated that moving forward, a company seeking certification cannot pass the Audit if the teams supporting you are not seeking a level two certification or have an audit date. Us being mindful that the audits were only being scheduled to some of the top ranked MSP and MSSP out and is not available for everyone, we could not bend the knee on allowing a team(s) that were not seeking a level 2 cmmc cert nor even have idea what ITAR or CMMC even was in our environment. 

After I informed Lumen of the changes moving foward, they still presented 2 teams that has no clue about compliance nor seeking it. I feel like their compliance team was never involved in this or we'd never made it to onboarding. I've now been asking the same questions for months now and have not gotten an answer for any of them. 

I feel they've been draggin their feet hoping we would bow out and for us into a legal battle since they cannot reach our expectations nor whats required for compliance. Being out of compliance can cost us our current contracts, and for sure stop our company from being awarded new ones. During this time I've sent numerous emails to their team with copied and pasted, pictures and links of the compliance guidelines and requirements to do business and become certified. 

The things Im doing now are part of the reason we chose Lumen in the first place was to help with compliance. Yet I find myself doing all the leg work because at this point all trust is lost from their last proposals and recent virtual meetings. 

I've composed multiple emails with time stamps of the cyber ab calls to save them time, no one ever batted an eye or even bothered to watch them. They were 3,4 and 5 minute time stamps that explained exactly why I was asking the questions I'd been asking. We then get on another call and its the same thing, no answers, no idea whats going on, just people picking 30-60mins out of their day to waste our time.  

If you're a company looking for a team to keep you compliant or tell you what you need to be compliant, remove Lumen off your list! They may be experts in other services, but compliance and what you need to stay compliant isnt one, they're not even remotely close. 

I'd surely remove this if anything changes, I could've been short and sweet but at this level I wanted to give the story instead of sounding like a bitter person. I personally needed an avenue to warn others that may be in the same boat as our company. 

Describe their project management. Did they deliver items on time? How did they respond to your needs?

Really nice group of people, but Ive been asking for the answer to the same 3 questions for almost 3 months and have gotten nothing but a bunch of emails stating "we assure you, that everything is going to be ok" mean while while this is happening we're on the hook paying our current msp an out of contract monthly bill for the last two months thats amounted to +33K total on what we were originally spending monthly. 

What was your primary form of communication with Lumen Tech?

• Virtual Meeting
• Email or Messaging App

What did you find most impressive or unique about this company?

It's unique and impressive how Lumen Tech keeps prolonging everything instead of giving us answers. I've even pitched solutions to them for MSSP's and other groups. 

Are there any areas for improvement or something Lumen Tech could have done differently?

Be honest, not all companies are "Billion dollar" profit companies. Catering to the customer on their needs and doing the research asked would be a start. Having to go to legal battles for Lumen's failures is unfair when we 're the ones that needed their expertise. If we continue with the current design, our fines would be out of this world after an audit, we'd be reported and the reputation of this part of the company would take a hit that it may be impossible to recover from.