Marcie Frost’s Reign of Error: Second Star CalPERS Employee Fired in a Month; Ouster Backfires as We Publicize Complaint

Two CalPERS insiders informed us that Justin Harwell, then the manager heading CalPERS’ Information Security Office, was terminated last Friday, or as one put it, “was walked out Friday afternoon.”

Consistent with his bio on LinkedIn, Harwell, who joined CalPERS in late 2017, was seen as having a strong background in information security and came from the private sector. Like star hire Elisabeth Bourqui, who was brought in as CalPERS Chief Operating Investment Officer, Harwell was unceremoniously defenestrated. The fact that CalPERS is terminating highly qualified staffers, apparently for political reasons, will only increase the institution’s already considerable dysfunction and incompetence.

CalPERS has apparently scheduled 9:00 AM meeting on Tuesday to tell relevant staffers about Harwell’s sudden departure. We sincerely doubt they were to be told anything approaching the truth.

Harwell had complained about being required to hire a staff member in a manner at odds with proper procedures. When that employee posed additional problems, Harwell escalated the matter, including to Doug Hoffner, the deputy executive officer of Operations & Technology and Matt Jacobs, the general counsel. As one source put it, “They told Harwell to suck it up.”

Harwell took out his frustration by posting an anonymous review on the jobs site Glassdoor:

As you can see, Harwell did not cover his tracks.

Because CalPERS invests more time in managing PR than managing its operations, CalPERS took notice of the review what looks like close to immediately. You’ll see the screenshot shows it as having been up only three days. One has to wonder, given the huge volume of reviews up at Glassdoor, if anyone outside CalPERS saw it.1

Harwell was called in and asked if he was the author of the Glassdoor review. He admitted he was. He was instructed to remove it and he did. One source says he was fired within two hours of that meeting.

By being so vindictive, CalPERS has now made the review and the culture of cronyism and cover-ups vastly more visible than it would have been. A more mature leader would have gotten Harwell to trash the review, let things cool a little bit, and then told him that his future at CalPERS wasn’t very bright and he’d be wise to look for a new job.

But we’ve been told by people who worked with Frost for the better part of a decade in Washington that she was petty and vengeful, and she looks to be showing her true colors at CalPERS. She will find out that CalPERS is too important an institution to run like a junior high school clique. No one with better options will work for someone who isn’t terribly competent and is abusive on top of it. If Frost’s growing file folder of bad press clips don’t do her in, CalPERS’ faltering performance eventually will.


1 Of course, in the World According to Marcie Frost, even if no one outside CalPERS saw the negative review, the mere fact that CaLPERS employees saw it would be deemed harmful because it would undermine the actively-cultivated myth that everyone at CalPERS loves working for Marcie, and more important, that she really is doing a good job.

Print Friendly, PDF & Email


  1. Clive

    Of all the CalPERS misdemeanours we’ve had covered here in the past, well, years, this is by far and away the most concerning I’ve read. And I’ve read a lot of things that would bother anyone.

    Even my inept, lumpen TBTF pays close attention to what the security guys say. If they tell me not to do something that way, I don’t do it. There’s never the slightest question of trying to fudge it. the same goes for everyone I know. I can think of a couple of examples where some miscreants tried to save a buck or two or reduce the time to market by ignoring explicit advice from the SMEs. When the c-suite got wind of it, they were denied bonus and had their cards marked with a clear expectation (this is how things are done in large organisations) that it was time for them to move on and if they didn’t, they’d have more direct encouragement to help them on their way.

    And this isn’t only done in the name of covering one’s backside. Security engineering and consultancy skills are incredibly hard to come by. Every one is trying to get hold of experienced people. Talent is scarce. Even doing the H1-B lark won’t help because it’s not merely technical acumen that is needed, you have to have the interpersonal and language skills par excellence to communicate esoteric and sometimes mind-bending concepts to decision makers in a way which they can understand. Putting any old bum on a seat isn’t going to cut it.

    One way to immediately send security architects scurrying away to (possibly better remunerated, to boot) pastures new is to ignore what they are trying to tell you. Adding demoralisation, borne of overt attempts at Compliance In Name Only to accepted best practice or even just meeting minimum standards, pretty much guarantees a brain drain.

    Harwell will be difficult to replace, for these reasons. I was going to say something along the lines of “as CalPERS will learn to their regret” or “as CalPERS will come to appreciate”. But why bother? CalPERS leadership team don’t give diddly-squat about keeping the organisation functional. Getting in to and then keeping in Marcie’s Good Books is the name of the game. It’s the only game in CalPERS’ town.

    Promoting organisational competence ? Capability ? Fat chance.

    1. Yves Smith Post author

      Aha, that may be why Harwelll was pretty open about who he was on Glassdoor. He assumed that raising external alarms about how security was being handled would push CalPERS to relent and figured as scarce “talent” he had the leverage to push back.

      Now having burned two very well qualified private sector hires, no one decent will join CalPERS. Frost has assured that CalPERS will go downhill at a rapid clip.

      She’s acting out Lucifer’s line in Paradise Lost: “Better to reign in Hell than serve in Heaven.” But her making CalPERS an employment hell (at least for anyone who thinks their job description isn’t toadying to Frost) is going to cost CalPERS beneficiaries and California taxpayers big time.

      1. fajensen

        He assumed that raising external alarms about how security was being handled would push CalPERS to relent and figured as scarce “talent” he had the leverage to push back.

        The “Galileo Gambit” is never going to work out any different from the first time it was tried :p

        The only ones posessing leverage and scarcity are the CEO’s, that is why they “deserve” 340 times normal wages. That eternal truth will be brutally reinforced all the way, right to the last member of staff if necessary, organisational performance be damned.

        The reason “why” is that it’s a Class thing, the defending of Class Interests: Uppity experts and Whistleblowers will be black-balled all the way into the next country by all CEO’s, even those that hate each others guts will not break ranks.

        It’s either startups or a new, diminished, career somewhere in government / academia for the poor unfortunate soul getting above his/her station.

        I have seen too much.

        1. Synoia

          He assumed that raising external alarms about how security was being handled would push CalPERS to relent and figured as scarce “talent” he had the leverage to push back.

          Or he was documenting in Public his reason for leaving.

          1. Harry

            Documenting in public is often considered an extreme sin, and a potentially fatal character defect. Maybe this is less serious in the public sector, but in the private sector, demonstrations of disloyalty are generally frowned upon. Which boss can be sure you wouldn’t do the same thing to him.

            Maybe I just dont understand the business space. But in Trading, you don’t care how specialized the skill is if its a political liability. Who wants to be reported to the SEC, Fed, Finra, etc?

            The wages of whistleblowing are mean reverting.

        2. EoH

          The C-suite’s favorite and harshest epithet: “Disgruntled former employee.”

          It’s a status that cures all executive ills, because it confines the talented whistleblower to unemployment Hell.

          Except that Ms. Frost is doing this, too, so badly that she is creating an inverse version that will one day confine her to that same place. No one will mourn. They will be too busy picking up the broken crockery she will leave behind.

      2. Other JL

        I figured he had made up his mind to leave regardless, probably has some financial benefit from an involuntary dismissal, and figured that after Borqui left it wouldn’t be hurting his future prospects much to burn that bridge. Which is quite likely true.

          1. ChrisPacific

            If the review is accurate then he was almost certainly on his way out in some form or other. CISO is not one of those roles where you can put up with the CEO blocking you and just muddle along in mediocrity for years on end. Sooner or later there will be a Major Incident, the first question asked will be “who is in charge of security?” and you will be under lights. You can’t just wave your hands, blame it on the CEO not letting you do your job, and get away with it, any more than the CFO could if they uncovered financial irregularities or fraud and didn’t tell anyone.

            1. Yves Smith Post author


              You don’t understand the low esteem in which government employers are held by the private sector. If anything, they’ll view Harwell as naive for wanting to believe that CalPERS was either OK or potentially fixable.

              1. ChrisPacific

                I’m not sure how this relates to my point. I’m just trying to say that if he was halfway competent at his job, and considered that he was being prevented from doing it, then the consequences of staying could very easily have been worse than the consequences of leaving in the long run.

                “I left as soon as I saw it was an accident waiting to happen and I wasn’t going to be permitted to fix it” might not reflect well on him for having taken the job in the first place, but it’s a heck of a lot better than staying and ending up as the fall guy for a massive security incident. And I do view this as an attempt on his part to force their hand, since he did everything but sign his name to that review.

              2. EoH

                I suspect the private sector would consider Harwell especially naive for thinking that an institution was fixable from the bottom or middle up. That would usually be regarded as insubordination, which the private sector deems as dangerous to good order and morale as the military.

      3. flora

        Posting the notice on Glassdoor that CalPERS staff to fails to follow best security practices, and knowing that CalPERS staff read the notice, means that when CalPERS gets hacked (and they will be) they can’t hide behind “we followed best IT security practices”. Openly not following best practice fails the ‘reasonable man’ test in liability issues around getting hacked. Lawsuit futures.

        1. flora

          adding: CalPERS will undoubtedly try to paint him as a mere ‘disgruntled employee’. I hope that before posting this notice he copied to his private account or paper file every communication and presentation he made to staff, and their response – or lack of – that show a pattern of staff failure to incorporate the IT best practices which they were presented.

          I suppose now CalPERS will try to scrub all such electronic records from their servers.

      4. Fish Rots From the Top

        Someone must be protecting her, or many; if she’s able to run like this. That’s the interesting question.

        1. Yves Smith Post author

          No, with all respect, you really do not get it. CalPERS, like pretty much every public pension fund in the US, is not supervised save by an unskilled, captured, cronyistic board. All Frost has to do to be left to her own devices is keep the board in the dark and have it believe everything is OK. With a board that treats CalPERS as as sinecure that get them paid-for international junkets with business class seats, it ain’t hard. They don’t read the business press. Board member Bill Slaton has literally recommended against the board getting outside information, insisting that the staff is the only trustworthy source.

          What is happening at CalPERS is happening all over the US. CalPERS is actually, believe it or not, one of the better run public pension funds. Just have a look at what has been going on at the Kentucky Retirement System to put CalPERS in perspective.

    2. Jeremy Grimm

      I’m not a security expert, but I have worked a little on a security-testing red-team. From what I know of some famous exploits from the past, even ‘best practices’ for security make exploits more difficult to execute but there are still ways to get in — you just need a more robust kit of tools and a higher level of skills. ‘Best practices’ avoid attacks by shifting attackers attentions toward easier targets. Why waste a zero-day exploit on a hard target if there’s an easier target where you might get in and out without immediate detection? That gives your zero-day a longer useful life. This latest CalPERS incident may receive notice on the ‘dark-side’ giving CalPERS special attention as one fat juicy target.

    3. notabanker

      1. +1 on the TBTF comments. InfoSec is not to be toyed with. They are not all infallible wonderpeople, but explicitly ignoring their advice, or weaseling around it, is at your own peril, and it will come.
      2. “don’t give diddly squat” is exactly right. It’s other people’s money and “fiduciary interests” are buzz words to be used for political ends. Ignore it in practice and whip it out as an excuse when you aren’t getting your way.

  2. vlade

    More mature leader would not have had such a review in the first place. Or, a new start more mature leader, would try to figure out what was wrong, if such a senior person is so frustrated as to do this pretty openly (and, as a SIO, I find it hard to believe Harwell didn’t know he’d be found out, unless he was seeing red at the time, which is no good either).

    1. notabanker

      He knew what was coming. At least he didn’t drive a tractor through the front door. People are getting increasingly fed up.

  3. The Rev Kev

    To misquote the great Oscar Wilde — ‘To lose one employee may be regarded as a misfortune; to lose two looks like carelessness.’ I would be nervous being an executive that works at CalPERS right now, They seem to be dropping faster than second-lieutenants in a combat zone. And that was just not any employee. That was the Chief Information Security Officer that. Something tells me that if you could get him to open up over a few glasses of beer, that he would have tales to tell of security vulnerabilities in CalPERS and that Glassdoor review hinted at that at the end. Don’t be surprised if one day you hear of a massive hacking job done on CalPERS because they haven’t done something simple like updated their computers from Windows 95 or forgotten the past two years patches or something.

    Still, he may thank his lucky starts that he is getting out as look at all the things that he will miss out on by not working for CalPERS. The nepotism, the wearing of burgundy even if it clashes with your wardrobe, high-school leadership, the endless meetings where your brain fights for every bit of oxygen that it can get. Actually, I intend myself to apply for a job at CaLPERS next week. After all, I finished high school just like Frost did so that is a plus. Anyway, its not like that you are going to have competent, qualified people beating a path to CalPERS’s door anymore, are you? Not after the past few months. You are more likely to have Harvey Weinstein elected head of the Young Women’s Christian Association. Anyway, when I get fired for following the rules, I will sue for wrongful dismissal. Ka-ching! Sound like a plan?

  4. John Wright

    As a CA taxpayer, I’d like to know what is the source of Marcie Frost’s power.

    If Marcie Frost can be “petty and vengeful” for years in Washington state and continue the same in CA, she must have some unusual ability to survive as she would have burned a number of people in the process.

    We all know she embellished her educational background, which makes her a risky-to-keep employee ( in 2006 Radio Shack dismissed (he “resigned”) their CEO for a similar offense)


    “When our company’s credibility becomes based on a single individual, it is time for a change,” he told a news conference. “One of the most important things we have as a corporation is integrity and trust. We have to restore that back to the company.”

    Radio Shack still went bankrupt, twice, in the succeeding years (2015, 2017)

    In my years working for a number of corporations, I’ve watched out of favor managers exit to “pursue other opportunities” or “retire early”.

    But Marcie Frost survives….

    Is Marcie Frost like The Shadow, with the power to cloud men’s minds?

    1. Yves Smith Post author

      Unfortunately, it’s not nefarious, or more specifically, not personal to Frost.

      We’ve been writing for years that CalPERS is a governance train wreck waiting to happen. It’s now happening.

      CalPERS is ~$340 billion of money accountable to no one. It does not have its spending approved by the legislature. It can do as it damned well sees fit. That’s why, for instance, it’s general counsel Matt Jacobs routinely make readings of statute that are visibly contrary to their plain language. His attitude is “So sue me,”and he know he has deeper pockets than you do.

      The only oversight comes from a weak board where virtually all members view their position as a sinecure that lets them travel internationally on the taxpayer dime. The unions, who are the powers behind the scene, reject any criticism of CalPERS as anti-pension. They reflexively defend staff no matter what dangerous nonsense they are up to. They were all on board with covering up rather than cleaning up after the pay to play scandal that led to the conviction of former CEO Fred Buenrostro.

      The parties that could and should intervene, the Governor and the legislature, don’t have an incentive to get involved unless and until bad headlines make it too costly for them to sit pat.

      See our New York Magazine article for more detail:

    2. bob

      “As a CA taxpayer, I’d like to know what is the source of Marcie Frost’s power.”

      Agreed. There has to be some pull, somewhere. Just looking at the behavior of the organization from the outside, everyone inside must know what that power is, and fear it.

  5. Mark Gisleson

    Not at this level, but while writing resumes (1988-2003) I encountered this kind of firing VERY frequently. The number one negative characteristic I associate with post-Reagan middle and upper middle managment who were not promoted through the ranks is insecurity coupled with narcissism.

    I have no clue now just how many narcissist-fired people I worked with, but after the first couple thousand clients you get a feel for who really knows how to do their job. The common element when narcissists fire someone is that they usually fire the most competent person in their employ. Competency, especially on the tech side, rarely comes with the suckup skills necessary to survive under an egotistic boss who is in over their head.

    Frankly, it thrills me to see this play out on an elevated stage like CalPERS. At some point the meritocracy is going to have to step back and realize that the people they’re working for are literally not smart enough to understand how important their key underlings are.

    The lower ranks who’ve been treated this way for decades can now sit back with some popcorn to enjoy the show.

    1. TroyMcClure

      Glad to see the specter of narcissism brought up more on NC. Yves also mentioned it in regards to Kamala Harris and her latest email announcing her candidacy.

      Christopher Lasch was indeed a prophet.

  6. Pete Piltdownman

    The Retired Public Employees Association of California’s (RPEA) website has nothing about Frost and the internal politics at CalPERS other than a transcript of a 15 minute boilerplate interview of her from last April. Search “Naked Capitalism” at the site, and it gives you “0 Matches”.
    One would think that a $60 yearly membership at RPEA would provide more aggressive coverage of the management stew at CalPERS on behalf of us beneficiaries, many of which, I doubt, are regular readers of NC.
    My view of RPEA is that it is a cog in the PR machine.

  7. diptherio

    And interesting, is it not, that the precipitating incident was Harwell being forced to hire an unqualified person? Seems like, I dunno, a pattern or something….

      1. TheCatSaid

        I’ve always sensed there is more going on with CalPERS than “just” incompetence and “malfeasance”.

        George Webb has mentioned a couple times that CalPERS is/was being used to facilitate money laundering. A link he has made is to Bijan Kian (currently under indictment in DC) who has held high-level positions in the CA State government with financial implications:

        Kian also served as an official in the California state government, including as an Economic Development Commissioner and Commissioner of Housing Finance. He also worked as California’s Director of Foreign Investment.

        Among his accomplishments, Kian was formerly director of the State of California Office of Foreign Investment, which, with worldwide offices, was the state’s leading office for attraction, retention and expansion of foreign direct investment with an $86 billion foreign investment portfolio.

        As director of the Office of Foreign Investment, Kian was the first Iranian-American to be appointed or elected to direct a statewide office in California.

        Webb stated that using an alias (Webb and contributors documented many of them, including Rafiekian) he was involved in making big bucks through PakInternational, and used these revenues to support various local CA politicians to buy his way into government positions.

        Next, Kian’s was appointed as President of the US Export-Import bank, which allowed him to funnel money to various kinds of major projects abroad (e.g., major pipeline/infrastructure/nuclear/IP stealing projects for the benefit of corrupt officials in various places), with the US government guaranteeing credit then having to pay the price when schemes went bust.

        Kian is now under indictment, facing potential term of 15 years.

        I’ll find the most recent video where Webb discussed Kian in relation to CalPERS and post that link separately. It’s January 11 2019 but I want to find the two specific time segments.

      2. TheCatSaid

        In this video, Bijan Kian and his pals are discussed in two segments, about 1 minute each, starting at these times:

        A couple months ago there were a number of twitter threads in which contributors were documenting Bijan Kian’s aliases with different organizations in which he was involved, using open source records.

        1. Yves Smith Post author

          Please don’t make allegations in comments that you can’t substantiate. This is Making Shit Up, which is a violation of our written site Policies. CalPERS runs its own portfolio and when it uses outside managers, it hired private sector managers. It makes foreign investments on its own, not though other CA agencies. They are too egotistical even to team up occasionally with their Sacramento sister, CalSTRS.

          Money laundering involves ONLY criminally tainted money. You can’t launder money unless there is a precedent crime. And under anti-money-laundering statutes, tax evasion is not a crime.

          In addition, for the taking of funds by an intermediary to rise to the level of money laundering, the intermediary has to have “actual knowledge” that he is handling criminally tainted funds. This is a high legal bar.

          CalPERS gets its funds entirely from employers. Please tell me how or why broke employers (cities and government entities) would have criminally tainted proceeds it would hand over to CalPERS, and how it would then get it back out of CalPERS,.

          If you mean to say bribery or other forms of corruption are happening, as in payments to executives or board members, as opposed to via CalPERS as an institution, that’s a credible allegation give the history of CalPERS and other public pension funds, but that’s not at all what you alleged.

          1. Lambert Strether

            > If you mean to say bribery or other forms of corruption are happening, as in payments to executives or board members, as opposed to via CalPERS as an institution, that’s a credible allegation give the history of CalPERS and other public pension funds, but that’s not at all what you alleged.

            J.J. Jelincic’s question bears repeating:

            What is the payoff and who collects?

            Asked of the on-going private equity train wreck, but can be generalized….

  8. Skip Intro

    Harwell posting that on GlassDoor was him goading them into firing him. He may have correctly anticipated the overreaction, in hopes of drawing attention to the situation, or he may have imagined that he had a while to quit before they even noticed the review. I’m inclined to believe the former. I assume the review is back up.

    1. voteforno6

      He may have reached the point when he didn’t care any more. I’m guessing that this was the last straw. Considering that he was only there for a little over a year, that shows just how dysfunctional CalPERS is.

    1. TheCatSaid

      Do you think the actions that look incompetent or nefarious to you or me, might be appreciated and highly valued by other parties?

      What’s your theory for why various regulatory agencies or officials are not taking action? Do you think that’s a coincidence?

  9. Conrad

    Wow. What a great example of the Streisand Effect.

    Can I put in a pre-order for the eventual CalPERS book that will surely come out if this incredible series?

    And is there anyway for California public employees to get their pension moneys out of this trainwreck? Or are they locked in for the ride?

  10. DavidP74

    If the State of California is this incompentent/corrupt and one uses this as a measure of the general level of incompentence/corruption for the whole of the USA then we(the people) are in deep dodo!. We the peeps are lacking in only one thing given credentialism and that is a degree in high level thievery.

  11. Tom

    “A more mature leader would have gotten Harwell to trash the review, let things cool a little bit, and then told him that his future at CalPERS wasn’t very bright and he’d be wise to look for a new job.”

    Huh? Surely a wiser ceo would take his criticism on board and take steps to improve the company.


Leave a Reply

Your email address will not be published. Required fields are marked *