This guy signs my cheques?
Aug. 22nd, 2007 05:54 pm![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
superbus.livejournal.com posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
techrecoveryA little background for those that haven't seen me post here before: I work for a large company that does "Security in the Clouds"; we're the largest in the industry and getting larger. My LIVELIHOOD, and that of everyone around me except the billing and HR people, is reliant around advanced, don't-fuck-around security based around the needs of banks and medical companies. And I'm good at my job, if I say so myself; a year and a half into the industry and five months here, and I'm likely about to start tier 3 support soon.
My company's CEO needed help with his printers; apparently, he can't print to any network printer. OK, no problem, and it's funny to watch everyone shit their pants about it. "You can't screw this up! He's the CEO! Don't screw this up!", yeah, OK, whatever, I've pissed bigger problems than this. I get to his laptop, and notice that he's got jobs backed up on four different printers, some dating back to June. OK, he's a busy man, whatever. I clear out the queues, and decide to reboot the laptop (which took ten minutes just to close his programmes). No biggie. This, and a reconfiguration of the IPs that the printers possess, fixed his problem with no issues.
When the computer came back up, I needed to log in, and of course, I don't have his password. So I found him and asked him if he could please log in on his computer. He - in front of our entire financial team - blurts out "Oh, my password is $PASSWORD! That's *spells it out*, all lowercase! It was... well, let's just say it was a proper noun and leave it at that.
That's right: the CEO of our security company doesn't practise the #1 rule of computer security.
Ironically - and this just takes the cake - my supervisor pulls me off my work. Since I started with the company, I hadn't taken our mandatory end user security test, and the case had been escalated (I'd blown off all emails about it for lack of time), so I had to do it at that moment. Naturally, it took two minutes, no look at any course material, and I got 100%; any less would have been shameful. They gave me a certificate to print out... signed by this same CEO. My qualification as a non-retard when it comes to end-user security was signed by someone that would have miserably failed the course.
My company's CEO needed help with his printers; apparently, he can't print to any network printer. OK, no problem, and it's funny to watch everyone shit their pants about it. "You can't screw this up! He's the CEO! Don't screw this up!", yeah, OK, whatever, I've pissed bigger problems than this. I get to his laptop, and notice that he's got jobs backed up on four different printers, some dating back to June. OK, he's a busy man, whatever. I clear out the queues, and decide to reboot the laptop (which took ten minutes just to close his programmes). No biggie. This, and a reconfiguration of the IPs that the printers possess, fixed his problem with no issues.
When the computer came back up, I needed to log in, and of course, I don't have his password. So I found him and asked him if he could please log in on his computer. He - in front of our entire financial team - blurts out "Oh, my password is $PASSWORD! That's *spells it out*, all lowercase! It was... well, let's just say it was a proper noun and leave it at that.
That's right: the CEO of our security company doesn't practise the #1 rule of computer security.
Ironically - and this just takes the cake - my supervisor pulls me off my work. Since I started with the company, I hadn't taken our mandatory end user security test, and the case had been escalated (I'd blown off all emails about it for lack of time), so I had to do it at that moment. Naturally, it took two minutes, no look at any course material, and I got 100%; any less would have been shameful. They gave me a certificate to print out... signed by this same CEO. My qualification as a non-retard when it comes to end-user security was signed by someone that would have miserably failed the course.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2007-08-22 10:26 pm (UTC)no subject
Date: 2007-08-22 10:35 pm (UTC)no subject
Date: 2007-08-22 10:52 pm (UTC)Par for the course
Date: 2007-08-22 11:34 pm (UTC)What's worse is our IT director saw no cause for alarm with that.
no subject
Date: 2007-08-23 12:34 am (UTC)Honestly, your company is probably better off with him then with somebody who actually knows security in the position.
That doesn't mean you shouldn't try to get the highest IT guy you can to go have a little chat and fix it. Play it as a "possible embaressing situation" that needs to be fixed quicly and quietly.
...or just make somebody run a security audit including the CEOs. I'm sure that would catch all sorts of fun stuff.
no subject
Date: 2007-08-23 04:42 am (UTC)no subject
Date: 2007-08-23 06:05 pm (UTC)no subject
Date: 2007-08-23 03:49 pm (UTC)Executives don't make the big bucks by creating, selling, fixing or distributing - they're delegators, they have people like us to do the rest.
no subject
Date: 2007-08-24 03:43 pm (UTC)