San Francisco City Attorney Dennis Herrera filed a lawsuit last month alleging that two former municipal information technology employees steered a $1.2 million cybersecurity contract for the city’s Department of Public Health to a firm that employed the ex-husband of one of the city workers.
In the Nov. 27 suit filed in San Francisco Superior Court, Herrera alleged that Heather Zalatimo, a former IT systems engineer for the health department, pushed her agency to award the 2016 contract to Fidelis Cybersecurity, for which her husband, Maarek Zalatimo, was a regional sales manager. Herrera also accused Zalatimo’s supervisor at the time, Jeff Jorgenson, the department’s IT chief operating officer, for helping Heather Zalatimo push the contract toward Fidelis, despite knowing the company employed her husband.
Fidelis, which is based in Bethesda, Maryland, is also named as a co-defendant.
Herrera’s complaint charges that the contract violated California conflict-of-interest laws that prohibit public employees from awarding contracts that could benefit them personally.
“Heather Zalatimo had a financial interest in the city’s $1.245 million purchase of Fidelis products and services, because she was married to Mark Zalatimo, an employee of Fidelis, and had a financial interest in her spouse’s salary and commission,” the suit reads.
According to court documents, Maarek Zalatimo and other Fidelis employees reached out to Heather Zalatimo to pitch the company’s security products in December 2015. After several weeks of communications between the department and the company, Fidelis offered DPH a proof-of-concept test for its software. On March 17, 2016, the complaint reads, Fidelis sent Heather Zalatimo a document titled “Fidelis Network/Endpoint PoC Technical Project Plan for the San Francisco Department of Health,” which listed “Mark Zalatimo” as Fidelis’ territory manager for Northern California.
Fidelis’ Network product is designed to help users detect breaches and prevent data losses, while the Endpoint product monitors and analyzes a network’s user activity to detect and respond to threats, according to the company’s website.
The suit goes on to say that on April 29 of that year, Heather Zalatimo sent Jorgenson and other DPH employees a document recommending the agency buy Fidelis products to address its cybersecurity needs. That July, Heather Zalatimo received a quote for Fidelis’ software from MoreDirect, Inc., a reseller of enterprise IT products; Jorgenson approved the $1.2 million purchase a month later, the complaint says. According to Herrera, Maarek Zalatimo’s commission on the purchase could’ve been $65,000.
“The vast majority of people who work on behalf of San Franciscans are honest, hard-working and dedicated to the community,” Herrera said in a press release. “My office takes that obligation very seriously. The facts here are clear. You simply cannot steer a public contract to a company when you stand to benefit financially from that. You’re lining your own pocket with taxpayer money. We will not tolerate it.”
Heather Zalatimo, who later became DPH’s chief information security officer, left the department in June, while Jorgenson departed a month later, according to their LinkedIn pages. They have not yet replied to Herrera’s suit, nor have Maarek Zalatimo or Fidelis.
“Fidelis Cybersecurity does not comment on pending litigation,” the company said in a statement provided to StateScoop. “However, Fidelis takes all public integrity issues, including conflict of interest rules, very seriously. The individuals involved in the alleged wrongdoing are no longer with Fidelis. We look forward to working with the City Attorney’s Office to quickly resolve this matter.”