In Depth
Ouch! Security Pros' Worst Mistakes
We've all done regrettable things on the job, but does any valuable wisdom come of it? Four security pros candidly explain their biggest blunders and what they learned in the process
By Bill Brenner, Senior Editor
"It was very surreal. I was in a hotel and was tired and it was around 10 p.m. I sent an e-mail to my boss letting him know what happened. I also sent an e-mail to the guy apologizing, copying both of the managing partners of my firm. I also sent an e-mail to the managing partners offering to resign, as this deal was worth hundreds of thousands of dollars; high-level sales.
"I didn't go to sleep that night and went to work early, around 4 a.m., to work on what I was going to say. My boss called me when he got to the office around 5.30 a.m. We decided to see if we could recall the e-mail. We kept sending each other e-mails and trying to erase them and/or recall them, to no avail. So I decided to face the music. My boss did a good job in reassuring me that I still had a job.
"At 7:45 a.m. my boss called and said that the guy at the university had sent out a very reactive e-mail to everyone involved saying that he would not be flying to the manufacturer at that time nor anytime in the future. It had not popped up in my PDA yet due to the delay (there is usually a two-minute delay in e-mails reaching the PDA), so I assumed he was on campus, too, and I began to search out the IT building. I saw two guys walking together who looked like they worked there so I asked them where the IT building was, which they pointed out to me. One of the guys peeled off to go to another building, but the remaining guy said he was going to the IT building so I followed him. Upon entering, he said he could help me find the guy I was looking for as he worked in the IT building. I told him the name as we walked up the stairs -- to which he replied 'That's me.'
"I followed him down the hallway -- it felt like I was going to the principal's office -- and sat in his office. I apologized profusely. Then he started to defend his actions over the past couple weeks and I cut him off saying that he was right and that I was completely wrong. That calmed him down. I also offered to excuse myself from the deal. At the end of the conversation, he did say that it took a lot of guts to come and meet in person with someone who was so angry with me. We ended up getting the deal, which I found out about two weeks later."
CSO
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
