The Best Defense Is a Firing Offense

What's a CSO to do when his tech expert says No to a request?

"Can't," he tells me. "Technology Guy changed the password on the firewall and won't give it to me, so I can't make the changes you want. He said we have to put our foot down on bad security practices."

That so, huh? I call the firewall vendor and ask how to get the password out of the firewall if the security manager won't give it up. It won't be easy, they tell me, but it can be done. I have them back up and look over everything to make sure there are no back doors or other issues. "Nope, none," they confirm, and even offer that the firewall looks as if it has been meticulously maintained.

When Technology Guy comes back from lunch, he loses it again. "I told you we could not make those changes," he shouts.

"I know," I say quietly. It's amazing how easy it is to keep your cool when you're in control. "You already said that. You also said there was no solution to the RPC problem. You said the solution wouldn't work, and it did. Then you refused to help out with alternative solutions. Why?" I ask.

"Someone has to put their foot down and keep the company from killing itself," he says. "You're not the only one who can backdoor a firewall. So if you changed the password on the firewall, I'll just change it back."

And that's when I remember the third important rule. When dealing with difficult, uncompromising, domineering, pig-headed people, sometimes you just gotta do what you gotta do.

"If that's the way you feel about it, I am truly sorry," I tell Technology Guy. "You're fired." Nothing personal.