IndyColtsFan
Lifer
- Sep 22, 2007
- 33,655
- 688
- 126
For a job like that, the key is document, document, document! If something happens and the boss comes to you and tries to pin the blame, you can always say:
BOSS: "We were hacked! We pay you to prevent that!"
BAYDUDE: "Indeed you do. I've gone ahead and taken the liberty of printing this email I sent you last fall, which detailed the business case and three quotes for various new IDS implementations with pros/cons for each approach -- a 'best implementation,' 'next best implementation,' and 'adequate implementation' for you to choose from. You told me no to all three."
BOSS: "But...but...I didn't understand any of that email!"
BAYDUDE: "I can understand that, but I'm not sure why you declined three of my meeting invitations for me to review the proposal with you in that case."
BOSS: "But I was busy! Why were we hacked?!?!?!"
BAYDUDE: "If you'll turn to page 5, I outline what would happen if we don't invest in a new IDS system. I believe the second paragraph, subpoint A, is exactly what happened."
BOSS: "But you're the security guy!"
BAYDUDE: "Right, and like a security guard or police officer, I can't do my job without tools -- they have guns, handcuffs, cars, etc, but I need an IDS system for starters."
BOSS: "..."
At a past job, the department head had me make an anonymously accessible (read-only), externally accessible SharePoint site where documents would be stored for the internet site. I told him that was a VERY bad idea because at least part of the internet site had a password protected area and I knew the idiot employees would drop inappropriate documents there. I repeatedly told the department head that it was a dumb idea, but I was made to do it.
Well, I'm sure you can guess what happened. Some l33t haxxor wannabe thought he struck a gold mine and a few documents got out in the press. The CFO and other execs were on me like stink on shit -- the conversation went like this:
CFO and Execs: "AARRGH! WE WERE HACKED! HOW DID YOU LET THIS HAPPEN!?!?!?!?!?!?!?!?!?!?!?!?"
ICF: <smiles> We weren't hacked.
CFO and Execs: "WE WERE! SOME GUY CLAIMS HE 'HACKED' OUR SHAREPOINT SITE AND DOWNLOADED BUDGETARY DOCUMENTS!!!!" <shows ICF the leaked documents>
ICF: "Well, Ms. CFO, as you know, we're a non-profit and those financial documents are publicly released every year. Furthermore, if you'll look at this email, you can see where I was told to make an anonymously accessible site on the internet and you can see me objecting but overruled."
CFO and Execs: "But...but...HACKERS!"
ICF: "Look, I'm not saying that all the documents on that site ARE for public consumption. I told the CIO NOT to do this and that something like this would happen. All of the internal employees have write access and can upload stuff there and I have no way of monitoring and reviewing thousands of documents to see what is viable or not and even if I did, I don't know every facet of our business to even know what is and isn't allowed. I can shut the site down if you'd like, but everything you've shown me is stuff our company releases to the public EVERY YEAR so I'm not sure where the security issue is."
The sad thing was the CFO and one of the communication air-head higher-ups were there, and I had to word the press release and point out to these idiots that the particular "hacked" documents in question were released publicly. The STFUed and left me alone after I helped the moron communications person with her press release. But even with all that, I felt I was being looked down upon and blamed even though I was following orders. One dipshit vendor even read the story in the press and called me and asked if they could "Solve my SharePoint security issues." I bet that poor bastard still can't sit after the new one I ripped him.
P.S. Communications people are overpaid and REALLY dumb. This dumb broad in the story above was making $160K/yr and couldn't string a coherent, grammatically-correct paragraph together.
Last edited:
My way of letting them know how stupid their worker is.
Facebook
Twitter