digg

Facebook Connect Join Digg About

Security Geek Fired By Suits: For Doing His Job?

blogs.ittoolbox.com — A security geek is fired by executive management after the company is broken into by thieves and lose nearly $100k in equipment. The security geek had previously recommended safety measures that would have presented this, but they were shot down by those same executives! Who should have been fired in this story?

Who dugg this? Made popular Jul 21, 2006

Add a friend

submitted by

securitymonkey Jul 21, 2006

1476 diggs
digg

What is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

Top in Odd Stuff

Sexual Positions for the Lonely and Loveless [SFW]thumb

2980

"If you want to be Popular"!thumb

2365

Mouse Logo FAIL (PIC)

2475

Walmart Goes Crazy On Couple Suspected Of Shopliftingthumb

1839

If You Can't Find The Book You Want [Pic]

2072

People Who Dugg This Also Dugg

On hottest day recorded, schoolgirl is sent home for not wearing jacket

498

Digg Adds Digg Sports and "Minor Changes"

2124

By 98-0 vote, Senate approves 25-year extension of Voting Rights Act

405

A Secret the Media Kept

650

RIAA kicked out of court over fileshare suit

1240

92 Comments

SpiritCrisis, on 10/12/2007, -3/+90This is to be expected simply because companies always need to have someone to throw the blame at to make them not look stupid.
LiterateWolf, on 10/12/2007, -0/+57So much for personal responsibility.
vypergts, on 10/12/2007, -5/+49Yup I completely agree and saying 'I told you so' never got anybody a pat on the back. I'm not exactly sure why he's complaining. Yea getting fired sucks but why would you want to continue working at a company that doesn't listen to it's employees? Sometimes you just gotta do the best you can with what you're given.
underburn, on 10/12/2007, -1/+29I hope he was able to pull an office space before he left.
Kbennett, on 10/12/2007, -3/+29"This story was fabricated, probably by the owner of the blog. I'll explain why below.

...the proper action would have been to find the top 3 investors (or financiers) or the board of directors immediately after being fired and giving them copies of your email. They will promptly call for the CEO to step down, and if he doesn't, he will be unable to sell stock for his quarterly benefits, and will leave of his own will." -Yorn

It was stated in the story that the company was private (i.e. no stock options). Additionally, not everyone is well versed in the legalities surrounding such a situation. Who knows, it is possible that a challenge to the termination of employment is pending or a wrongful termination suit is filed. Your example is hardly proof of a fabricated story.
mrgreen4242, on 10/12/2007, -1/+24"Can't get the money from the boss? DIY!

Security cameras... He could have installed half a dozen IP cameras for under $500, stream the video to a locked up server, total cost? Under $1,000 if not less.

et cetc"

Uh, BAD idea. You ask for funding to get something critical, it gets shot down, so you do it on a tiny budget of DIY stuff. Then that stuff breaks, and it's YOUR fault - you built it. If they say, 'no you can't have the funds for this', it's their fault.

Wouldn't have helped this guy either way, but in general a bad idea.
Yorn, on 10/12/2007, -18/+37This story was fabricated, probably by the owner of the blog. I'll explain why below.

"The investors apparently went crazy when they saw how much money we lost in business while we were offline for two weeks. They busted the CEO up one side of his head and down the other. Apparently the CEO needed a scapegoat, and that scapegoat was me."

If this was the case, the proper action would have been to find the top 3 investors (or financiers) or the board of directors immediately after being fired and giving them copies of your email. They will promptly call for the CEO to step down, and if he doesn't, he will be unable to sell stock for his quarterly benefits, and will leave of his own will.
maino82, on 10/12/2007, -1/+18I would think so. They essentially fired him for incompetence at his job, but if he really did send out an email to everyone (including the company lawyer... good move on his part) then I would think that he has grounds to sue them. If he did indeed stress the importance of these security measures to them as many times as he said he did, then he should have every reason to take them to court.
farr, on 10/12/2007, -3/+19What a nightmare... any way this guy can file some kind of legal action?
bbatsell, on 10/12/2007, -1/+16@Kbennett:

Privately-held companies still use shares and some offer stock options, they just aren't publicly traded on an exchange.

I do agree that his example is nowhere near "proof" that the story is not true.
blackb0x, on 10/12/2007, -5/+20There's no such thing as personal responsibility in a corporate environment.
plamoni, on 10/12/2007, -1/+15Sticky: They cannot delete the emails. If they did, they could be charged with a whole slew of criminal offenses, including destruction of evidence, obstruction of justice, conspiracy to do the aforementioned...

Garcon: Lawyer-client privilege is there to protect the client, not the lawyer, even if the lawyer has a conflict of interests. The client (being this guy) is free to wave that privilege at any time.

I think he should sue their butts off... but I am not a lawyer :-)
DrGonzo, on 10/12/2007, -0/+12The guy should go to the same press that did the story on their move to the new location. Tell them what happened, show them the emails he sent to warn against the scenario. Throw in a couple lines about how he's seeking legal advice on the matter, and maybe they'll fire the execs and give this guy a lot of hush money.
DrGonzo, on 10/12/2007, -0/+12Where in the aricle did it mention that he works on Saturday? He was used as a sacraficial lamb plain and simple.
lolage, on 10/12/2007, -0/+11I mean, the article did state that he put his advice into writing and also emailed the company executives and still his security measurements were ignored; surely he can use that to some extent to prove that it wasnt his fault.
DrGonzo, on 10/12/2007, -0/+11Guess what, not all network drops are run by computer techs anymore. I work in a school and the drops were installed by some 19 year old prick hired by an electrical company that gave the lowest bid. We suffer from flaky connections, or drops that are totally misnumbered.

The term 'Monkeys' in this case refers to someone who was just told to fish the line, with no knowledge or care as to how it is supposed to be done.
drghastly, on 10/12/2007, -0/+10Uh, that's his job as part of security. He is supposed to asses risks and provide plans to reduce and/or eliminate those risks.
cliffzdude, on 10/12/2007, -11/+21Can't get the money from the boss? DIY!

Security cameras... He could have installed half a dozen IP cameras for under $500, stream the video to a locked up server, total cost? Under $1,000 if not less.

Badge access: Build your own. We did it for my company's corporate office, its not rocket science.

Server room security; DIY baby. Home Depot/Deadbolt_Lock/Install_Yourself. Better yet, integrate with your badge system. Require a key to get into the server room, *and* a badge swipe to release the door.

Notebooks; Lock 'em up. Find a way, it can be done.

Notebook and/or Workstation HDD encryption: www.google.com, enter "free hard drive encryption software". The world is your oyster, there is a LOT of very good free software for HDD encryption. That's a different Digg article though.

Yes, this guy getting canned is absolutely heinous. Total *****. But, its a corporate world out there man, you have to cover your ass. An email isn't enough, get it done by bending the rules.

From my read, this guy asked for this and that, with a price tag of $32k. CEO said "no", so he gave up.

Why not try to get it done on a shoe string budget? We're computer geeks here people, little things like budget don't stop us from doing the right thing.

How many DIGG articles are about people doing really high end cool stuff using free software and hacked together hardware?
jimmytango829, on 10/12/2007, -2/+12I'm going to pistol-whip the next guy that says "shenanigans".
rm999, on 10/12/2007, -0/+10I don't think you can file for "unfair dismissal" to anyone who has power to do anything. In most states companies have the right to fire you for basically anything (except disabilities, race, sex), especially if something went wrong.
Cymsdale, on 10/12/2007, -4/+14Sounds very urban legendy, but dugg because it's interesting.
hobo05, on 10/12/2007, -0/+9I'm speechless...a travesty. Mr. CEO was just trying to find a quick fix. He wasn't even trying to "fix" the apparent lack of security, he was trying to make himself appear as the appalled and indignant employer of an incompetent employee to the investors. What a worthless piece of *****. Hopefully the security geek documenting this incident left him with fewer regrets than he would've had (if he has any at all, other than the fact that he didn't bitch-slap the CEO).
slstsang, on 10/12/2007, -1/+9lexus and 100K furniture but can't swing ID badge, cameras...etc? Is that insurance fraud i smell?
mrdlcastle, on 10/12/2007, -0/+8I am IT guy who, until recently, was also responsible for physical security. Small businesses do tend to assign multiple duties to titles that seem to fit the most.
That being said, one should always follow up any decline of your recommendations with a memo indicating that the course of action taken is against your recommendations. What I call a CYA Memo, this way when something like this occurs, you at least have a way to prove that you did warn them. Makes it harder to fire you too.
megabytehl, on 10/12/2007, -0/+8What if he did steal all the equipment, got fired for incompetence, then still won the wrongful dismissal suit...

I would cry from laughing so hard.
inactive, on 10/12/2007, -1/+9Incompetent senior executives ignore good advice and when something bad happens, fires person who gave said good advice.

I got fired when the CFO of a company told me to put old data on the only current server we had after making a backup. The restore failed because they were to cheap to pay for new tapes. I told them it was a bad idea. $75K in receivable account records were lost. When the Bad Thing happened, I got sacked by the CFO to cover the companies collective ass.

Nothing new. Nothing to see here, please move along.
zuckuf, on 10/12/2007, -1/+9That's not quite correct - includng any third party in a communication (even if your lawyer is one of the parties) destroys any claim regarding attorney-client privilege (unless we're talking marital privilege here, which is not in furtherance of a conspiracy...blah blah blah)
aleander, on 10/12/2007, -0/+8*SIGH*
He did not refer to network techs in general, but to incompetent network techs. That's some difference.
skoles, on 10/12/2007, -1/+8Sounds like insurance fraud.
demesne, on 10/12/2007, -1/+8He should be able to file for unfair dismissal in my opinion.
tavisjohn, on 10/12/2007, -0/+7They guy has grounds for a lawsuit! "You said no when I told you how to prevent this!"
david76, on 10/12/2007, -0/+7You can ALWAYS file. Whether the classic first motion for dismissal is accepted or denied is the real test. With a good lawyer his case would probably see a courtroom.
StickyDragon, on 10/12/2007, -1/+8Absolutely, especially if he can get a hold of his work emails (if the company didn't delete them all to cover their asses). There are lawyers who specilize in wrongful dismissal, and I would be sueing the hell out of this company.
inactive, on 10/12/2007, -1/+8You fail to take into account the oft included in job description phrase "And other assigned duties"
It is quite possible that he was assigned to see to the physical security of the IT equipment.
chickenselects, on 10/12/2007, -0/+6it would be better if he stole the equipment and got away with it.
TheBull, on 10/12/2007, -0/+6@makenshi

You must work for one of the few companies that do. I just left a big insurance company that their disaster recovery plan is sketchy at best and everyone in IT knew it. yea the file servers could be backed up but a lot of the web/application servers couldn't be for a variety of reasons and the databases were lucky to be backed up once a week.

And yes it can take a couple of weeks to get a whole shop up and running. Depending on the software I've seen a single server take a couple of days to get up and running, let alone a whole network.
fakesman, on 10/12/2007, -0/+6I'm inclined to believe it. I've never had an experience that dramatic, but the dark years that I spent at a big, stupid company were peppered with occasions of gross executive incompetence roughly on that level. I never had such a catastrophe pinned on me, and I was never responsible for security, but the same misplaced priorities were there--expensive conference room furniture, expensive company cars with XM radios, private executive cafeteria--while neglecting fundamental issues, like how the fob building entry system working on the car gate and not the pedestrian gate.
Elohir, on 10/12/2007, -1/+7If that isn't a black and white unfair dismissal then the country's employment laws are out and out broken.
excalibrax, on 10/12/2007, -1/+7You realize that this infact was sent out as a Company MEMO, IF the Ceo's of ENRON were able to use this defence they would have been emailing all the lawyers in the case like mad
jrizzo, on 10/12/2007, -0/+6Just threaten with a lawsuit. Hire a lawyer and pay him a retainer just to say you have him. When the company hears about this and knows you have a copy of the email, they will settle. I would NOT get my job back if I was in this situation (it would be awkward) but you can at least officially make it so you quit instead of being fired.
Kbennett, on 10/12/2007, -2/+8"Privately-held companies still use shares and some offer stock options, they just aren't publicly traded on an exchange." -bbatsell

With no mention of any employee stock ownership plan or equity sharing mentioned, especially in a story about a guy who'd been with the company for two decades, I made the assumption such a plan didn't exist in this situation. It was an assumption and we all know what that can lead to; but thanks for pointing that out nonethless.
gcnaddict, on 10/12/2007, -1/+5"Depending on the NDA that he signed when he started, its quite likely he isn't allowed to share emails and internal correspondences with the press or anyone else for that matter."

NDAs fall apart under any form of legal action.
megabozz, on 10/12/2007, -1/+5He should relate his story to the company's investors and hopefully they'd bounce a shovel off of the CEO's head and get him removed.
nicktripp, on 10/12/2007, -1/+5If a company says "no" to all of your recommendations, isn't that a huge red flag for you to find another job? What's the point in staying if they're not going to let you do your job? The potential for something like this to happen was obviously there, and he obviously knew it, so why did he stay?
makenshi, on 10/12/2007, -0/+4"How quickly can you order in new servers, get them prepped, and back functional?"

You do not need to "order in" new servers. Any company worth its salt will have a contract with a proper disaster recovery company (or have in-house arrangements). When we invoke our contract we can be up and running in one business day.
BobMysterioso, on 10/12/2007, -4/+8In Ohio, you can be fired at any time for any reason or no reason at all. Admittedly, it is shady if they say "no reason" and it was right after the theft. But the likelyhood of productive legal action I'd wager is low. Depending on the NDA that he signed when he started, its quite likely he isn't allowed to share emails and internal correspondences with the press or anyone else for that matter.

And to whoever said it sounded urban legendy - I agree.
crzdmn, on 10/12/2007, -1/+5I have seen and dealt with a situation similar to this before, granted the amount of damages to the company were far less. But the investors did "terminate" the management who disregarded their employees suggestions and statements. I quote terminate because it was mostly to do with his stock options and caused him to no longer want to "waste his time with this worthless company".

Urban legend or not, stuff like this does happen. And in the situation where an competent employee is blamed for managements incompetence threaten, sue, call lawyers etc. The company will settle, probably offer you your job back etc. to avoid the bad publicity and the cost of court.

A truly bad name for a company is an employee abuser, you can abuse you customers and they will come back. Get in the press for treating hard working people like dung so management can keep lining their pockets and people will hate the company for life.

Also, in situations like this, a NDA means nothing. Courts can override anything, they can even override doctor patient privacy. (I'm an American before i start getting responses about other countries policies.)
rekrapt, on 10/12/2007, -0/+4I live in a "right to work" state where you can basically be fired without cause. However, he was accused of incompetence... it would probably have been better for the company to just "lay him off" without cause as opposed to accusing him of incompetence. I hope he can sue if this is a true story.
remiprev, on 10/12/2007, -1/+5Actually, he was the Director of Data Security And Compliance.
ninjadave, on 10/12/2007, -0/+4He'll be better off elsewhere. Or start a security consulting firm while collecting unemployment.
Show 51 - 92 of 92 discussions
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

Site Links: Home; Take a Tour; Search Digg; Digg Mobile; RSS Feeds; Popular Archive

Help: Frequent Questions; How Digg Works; Report a Website Bug

All About Digg: About Us; Contact Us; Community Guidelines; The Digg Blog; Digg Townhalls & Meetups; Jobs at Digg; Advertise on Digg; Diggnation Podcast

Digg Store: Get hats, shirts, hoodies, stickers, and more at the Digg Store.

Digg Tools & API: All Digg Tools; DiggBar Tools; Firefox Toolbar; Twitter Feeds; Add Digg to Google; Netvibes Widget; Integrate Digg Buttons; Digg Badges; Make a Digg Widget; API for Developers

Digg Dialogg!: Digg Dialogg lets you choose the questions.

Digg Labs: Get a real-time view beneath the surface of Digg.; Digg Labs Home; Arc, Swarm, Stack, Bigspy, Pics

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.