SafariShane needs to turn around and hack back in to the system in a week and show that the new company's security measures weren't that great.;-) This will ingratiate himself with the CEO and get the new company kicked out.
Pointed Haired Bosses don't think that way. At my last job (one of the big 3 ISP's) one of the NT admin's screwed up and opened our one internal systems to the whole world. One of our techs studing security discovered the hole and reported it our PHB. Who came to our SA team to check and confirm. They were more concerned about the tech finding the hole, than the idiot NT admin who screw up an NT securtiy setting. They were insisting on firing the tech. They said opening up our system to world was less
Now IANAL, but I think the guy posting this article may have a possible lawsuit for wrongful dismissal against his former employer. An assessment is meant to be a piece of information used to form a decision, it isnt supposed to make your decision for you.
Another point: yes, all admins are inherantly a security risk, because they have access to the system. But they are a managed risk (like they all should be), in that the company has history with this person, and there is most likely no wrong-doing in his record. What I view as a greater risk is outsourcing to a company- in this case, how can you manage the risk of a 3rd party outside your control? Answer- you cant.
So from just a risk-management viewpoint, the company has assumed MORE risk by outsourcing their security.
IAANAL, but much of this depends upon *where*. Some US states are Right to Work states, others are not. I don't see discrimination or other wrongful dismissal involved in Shane's case, and some states still allow an employer to make and act upon their own decisions such as hiring/firing.
That might seem like a bad thing, but it also is one of the few things keeping back even worse problems. It actually is often the same do-gooders who interfere with such decisions that force worse decisions. As a former
Promptness is its own reward, if one lives by the clock instead of the sword.
What's good for the goose is good for the gander.. (Score:5, Funny)
Problem solved.
Re:What's good for the goose is good for the gande (Score:5, Interesting)
LAWSUIT?? (Score:2)
Another point: yes, all admins are inherantly a security risk, because they have access to the system. But they are a managed risk (like they all should be), in that the company has history with this person, and there is most likely no wrong-doing in his record. What I view as a greater risk is outsourcing to a company- in this case, how can you manage the risk of a 3rd party outside your control? Answer- you cant.
So from just a risk-management viewpoint, the company has assumed MORE risk by outsourcing their security.
Re:LAWSUIT?? (Score:1)
That might seem like a bad thing, but it also is one of the few things keeping back even worse problems. It actually is often the same do-gooders who interfere with such decisions that force worse decisions. As a former