So one of my good friends and former/future band mates, Brian is a high level UNIX security guy for Lowe’s Home Improvement. He’s not only a great drummer, but plays guitar better than I do and apparently is so good at his job that they can’t/won’t move him up. In typical corporate fashion they also won’t listen to the recommendations of a guy who has been-there-and-done-that, instead taking direction from MBA type managers.
So a few weeks ago he gets a call from a former supervisor who had jumped ship and gone to The Home Depot in Atlanta. They offer to nearly double his salary and even better promise to give him some authority to implement his own suggestions. Almost too good to be true right?
So on September 9, 2014, Krebs on Security broke the news that Home depot may have been hacked an compromised millions of credit card numbers going back months to April or May of 2014. Not wanting to sign on to a sinking ship, or even worse, get “housecleaned” when upper management comes through and has to make some kind of changes to show that they are in control and on top of the situation. Yes, everyone knows they are neither in control nor on top of any situation and they are just smart enough to have a reasonable expectation of jumping out of bed in the morning and being able to find the floor in the morning.
Not only does Brian turn down the job, but he gets to work the next day to find that Lowe’s knows he has been in Atlanta looking.
Uh-Oh. So when the MBA types confront my buddy about interviewing with the competition, Brian lets them have it. First he gives the “you are lucky this security breach wasn’t you” speech followed up with “you all couldn’t secure a piece of candy from a baby” (I’m paraphrasing of course) and finally ended up with “there is one guy in this entire organization who can help you and that is me.”
Lowe’s and behold (yea, I went there) they listen. For the first time in recorded human history the guy that actually does the work got listened to over the MBA types who walk around with dirty bums because they can’t figure out how not to have dirty bums. Brian now reports directly to Chief Information Security Officer (CISO), has his own handpicked team to lead, a budget, and best of all bypasses all the demonstrably useless levels of management between those who point direction and those who cut the gears that make the world spin.
Sometimes, things work out perfectly.
No comments:
Post a Comment