In Depth
Ouch! Security Pros' Worst Mistakes
We've all done regrettable things on the job, but does any valuable wisdom come of it? Four security pros candidly explain their biggest blunders and what they learned in the process
By Bill Brenner, Senior Editor
4. OPEN MOUTH, INSERT BOTH FEET, WITH SHOES
- Mistake maker: Dave Bixler
- Position: CISO, Siemens IT Solutions and Services Inc.
- Location: Mason, Ohio
- The incident: Sarcasm with the CEO
"Many years ago, during one of the last great e-mail-based virus outbreaks -- it was six or seven years ago and may have been the Anna Kournikova virus -- I was wearing two hats as the information security person, and also responsible for infrastructure, including the e-mail servers. The virus outbreak had spread rapidly through all seven of our mail servers, and by the time we had a virus signature that could clean out the virus, the mail servers had ground to a screeching halt.
"We took the servers offline and were in the process of getting them cleaned up when I received a call from the CEO, asking for a status. I proceeded to explain where we were, what the impact was, and how long it would take before the servers would be back online. At the end of my explanation, he joked 'Better you than me.' Naturally, my mouth engaged well in advance of my brain and I responded with 'Well, that's what you underpay me for.'"
THE LESSON
Think before you speak.
"Fortunately, my CEO had an excellent sense of humor and I was still employed the following day." ##
Editor's note: This is the first of a two-part feature. The next installment will focus on 'mistakes' that had a positive result for the security pros involved. If there's a mistake you would happily make all over again, e-mail bbrenner@cxo.com.
Other stories by Bill Brenner
CSO
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
