What happened in Washington DC (city) government under Yusuf Acar as CSO over the past few years? Almost everyone involved in government technology in the nation, along with a few others in the FBI, want to find out the answer to that question. What we do know is that Vivek Kundra, President's Obama's brand-new, first ever, federal CIO has taken a leave of absence. Could this very talented leader be in serious trouble? This blogger hopes not. But one lesson is already clear - Web 2.0, Government 2.0, Cloud Computing, or any other techno-savvy change must be built on a foundation of rock solid professional ethics.\u00a0 I have no desire to pile-on in this blog. There are plenty of others who have written detailed accounts of the implications of last week's very serious events. Betanews is one and Wired Magazine is another. While Wired says Kundra will be fine, the\u00a0Federal Computer Week\u00a0raises several serious questions about why the CTO wasn't aware of the activiites of his CSO. Both of those articles have plenty of related links as well. True,\u00a0everyone deserves\u00a0the presumption of innocence until proven guilty. It may yet be\u00a0true that the DC government is cleared of any wrongdoing.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Regardless of what happens next in this situation, this incident already provides some great reminders for\u00a0every security professional out there. The main message is that unethical behavior\u00a0must be\u00a0stopped and dealt with or other great achievements will be undermined. Ethical behavior must be\u00a0a top priority.\u00a0\u00a0\u00a0\u00a0No matter how good your staff is at technical tasks, are they trustworthy? I have found that some of the best and brightest are also the most tempted to violate policy. As I\u00a0describe at length in my book, we all face temptations online. There are steps we can take to protect ourselves, our governments, our businesses, our careers and our families. Most of us run background checks on staff, but that is often not enough. Note: my earliest blogs spend significant time discussing cyber ethics in the office. \u00a0\u00a0\u00a0We must trust, but verify. No one is above the law. Listen to complaints from people who claim that security staff or systems administrators flaunt their authority or access. Security professionals need to be above reproach - or all the technical controls in the world will not help. Good security involves people, process and technology.\u00a0\u00a0\u00a0\u00a0What are your thoughts?