July 26, 2014 at 11:03 am
Comments posted to this topic are about the item Frustration with Bad Design
July 28, 2014 at 1:05 am
State your objections and either support the chosen path or find another job.
I fully agree with you and that's what I did earlier ... however most of the people never go for either option. Instead they prefer argueing endlessly on the poor décisions that were taken, spoiling the mood of the department. And again you face both options: you stay or you leave. But for the time being, finding another job is not as easy as 25 years ago when I started ...
July 28, 2014 at 2:58 am
I work as a freelancer so sometimes I have access to people or more kudos than the full time staff (sometimes completely the opposite).
Regardless of the situation, I highlight any concerns through the appropriate channels, I ensure that I document the issue(s) along with my response to it/them and leave it to the appropriate people and processes to deal with it. When necessary and applicable I will remind the appropriate people of such things being outstanding (even if it is unpopular). Apart from that, I have done all that is required of me and all that is open to me.
Anything beyond that leaves myself at risk to accusations of all sorts; hacking, wasting company time, breach of contract etc.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
July 28, 2014 at 6:20 am
I'm taking option 2, Steve. Goals are set, plans are in place, nights are spent working on skills and such.
Currently there are enough shops, companies and corporations demanding our talents that we can be picky. We should professionally let our colleagues know that certain companies may not meet their expectations, either through networking or sites like Glass Door.
July 28, 2014 at 6:36 am
chrisn-585491 (7/28/2014)
I'm taking option 2, Steve. Goals are set, plans are in place, nights are spent working on skills and such.Currently there are enough shops, companies and corporations demanding our talents that we can be picky. We should professionally let our colleagues know that certain companies may not meet their expectations, either through networking or sites like Glass Door.
There is a company that I have worked for in the past that I only heard of their reputation after I accepted a position there. I performed as well as was possible within the regime there and I was determined to make up my own mind. Trouble is that I agreed with almost everything I had been told about the place.
On the plus side I am a freelancer so eventually we parted ways. I made an effort not to burn bridges although I responsibly fulfilled my professional duty internally highlighting issues that they had and/or would have to the appropriate staff. I don't think that this made me very popular so unless they have a change in management I think that I am safe from returning.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
July 28, 2014 at 6:44 am
BTW, I've refused interviews with two companies just because of negative Glass Door reviews that were followed up by personal inquires among the local community.
If more people were professionally forthcoming about their experiences, maybe so many of us wouldn't have to take a tour of duty in a "Bad Place".
July 28, 2014 at 6:58 am
From the article:
However it's usually not your company, and it's not your place to prove that there is a flaw in a system. It's especially true that it's not your place to prove things without having been given permission to do so. Proving a point on your own is something children do, not professionals.
I totally disagree as written above especially when it comes to private information such a Social Security Numbers. It [font="Arial Black"]MUST [/font]be proven if it exists and action must be taken. I consider it to be one of those unwritten laws that is the responsibility of every IT worker.
I DO, however, totally disagree with the manner in which David Helkowski did his proof. There's no way in hell that I'd prove a security violation by violating someone's privacy by posting their hacked SSN on something like Reddit. A private email to that person should have sufficed. If no action was taken to fix the security problem, then there are proper channels to certain agencies to correctly and properly report such a problem.
So, with mixed emotion, I applaud David Helkowski for all of his actions EXCEPT for posting private information on a very public website. I say "mixed emotion" because, on the other hand, he's getting what he deserved for being too freakin' lazy to do things the right way.
--Jeff Moden
Change is inevitable... Change for the better is not.
July 28, 2014 at 7:04 am
chrisn-585491 (7/28/2014)
BTW, I've refused interviews with two companies just because of negative Glass Door reviews that were followed up by personal inquires among the local community.If more people were professionally forthcoming about their experiences, maybe so many of us wouldn't have to take a tour of duty in a "Bad Place".
Don't forget that there is likely to be a legal issue in doing that. Formally posting something somewhere can leave oneself open to being sued (slander and/or libel) or getting a reputation for "slagging off" companies. There is a balance to made and I think that personal enquiries within ones own network is best.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
July 28, 2014 at 7:08 am
Jeff Moden (7/28/2014)
From the article:
However it's usually not your company, and it's not your place to prove that there is a flaw in a system. It's especially true that it's not your place to prove things without having been given permission to do so. Proving a point on your own is something children do, not professionals.I totally disagree as written above especially when it comes to private information such a Social Security Numbers. It [font="Arial Black"]MUST [/font]be proven if it exists and action must be taken. I consider it to be one of those unwritten laws that is the responsibility of every IT worker.
I DO, however, totally disagree with the manner in which David Helkowski did his proof. There's no way in hell that I'd prove a security violation by violating someone's privacy by posting their hacked SSN on something like Reddit. A private email to that person should have sufficed. If no action was taken to fix the security problem, then there are proper channels to certain agencies to correctly and properly report such a problem.
So, with mixed emotion, I applaud David Helkowski for all of his actions EXCEPT for posting private information on a very public website. I say "mixed emotion" because, on the other hand, he's getting what he deserved for being too freakin' lazy to do things the right way.
Agree. His simplest mistake was his biggest, in my opinion. When he raised the issue internally he did not ensure that the person he informed took responsibility of informing the client nor did take on that responsibility himself. Had that one thing been clear then it would never has escalated for him.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
July 28, 2014 at 7:10 am
Jeff Moden (7/28/2014)
I totally disagree as written above especially when it comes to private information such a Social Security Numbers. It [font="Arial Black"]MUST [/font]be proven if it exists and action must be taken. I consider it to be one of those unwritten laws that is the responsibility of every IT worker.
I had a training 10ish years ago about money laundry. After a while I wondered why I was sitting there; I had no contact with customers nor with Financial institutes, so what? "Except that you are one of the first persons who can see strange behaviours in the data! These need to be reported immediately to your compliance officer" was the answer.
The same applies to security and you may be held for responsible if you do not report it. Now it's up to the management to decide what to do ...
July 28, 2014 at 7:13 am
rot-717018 (7/28/2014)
Jeff Moden (7/28/2014)
I totally disagree as written above especially when it comes to private information such a Social Security Numbers. It [font="Arial Black"]MUST [/font]be proven if it exists and action must be taken. I consider it to be one of those unwritten laws that is the responsibility of every IT worker.I had a training 10ish years ago about money laundry. After a while I wondered why I was sitting there; I had no contact with customers nor with Financial institutes, so what? "Except that you are one of the first persons who can see strange behaviours in the data! These need to be reported immediately to your compliance officer" was the answer.
The same applies to security and you may be held for responsible if you do not report it. Now it's up to the management to decide what to do ...
Exactly. Everyone is responsible in ensuring that is gets to the next appropriate stage. Not necessarily any more. Certainly no less.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
July 28, 2014 at 7:36 am
Steve, While I agree that the guy broke the law, the points you made in your post stopped too soon. Before I comment on that, let me be clear that I believe the points you made are correct.
IMO the guy uncovered evidence of a crime. I do not believe that can be disputed. Federal law covers writing a virus and deploying it. The first thing you need to do when you find corporate resources infected by a virus is to report it to the team that handles that. You then need to let your boss know.
Now when you then find your reports were ignored, and you fail to notify authorities, you are in fact legally accountable for failing to report the crime. This is not just my opinion, it is the opinion of an FBI agent who attended a seminar about this very topic, and gave advice on how to respond. Whether the crime was committed by your employer or not is irrevelant. The fact that federal law was broken, especially in this manner where thousands of people are affected, means you have the responsibility to act.
How you act is what matters. The guy in the post got upset, and chose the wrong path. Had he notified authorities he would have been protected. As much as the federal government frustrates me and others with their illegal acts, I can't believe the FBI would have ignored his report of this type of crime. They tend to ignore specific types of crimes, but not these.
Had he done nothing, and someone else reported this, he would have still had his home raided by the FBI. He might still have been charged. It is possible he feared this, and acted out of that fear, but more likely he just had a case of stupidity.
Dave
July 28, 2014 at 7:41 am
Jeff Moden (7/28/2014)
From the article:
However it's usually not your company, and it's not your place to prove that there is a flaw in a system. It's especially true that it's not your place to prove things without having been given permission to do so. Proving a point on your own is something children do, not professionals.I totally disagree as written above especially when it comes to private information such a Social Security Numbers. It [font="Arial Black"]MUST [/font]be proven if it exists and action must be taken. I consider it to be one of those unwritten laws that is the responsibility of every IT worker.
I DO, however, totally disagree with the manner in which David Helkowski did his proof. There's no way in hell that I'd prove a security violation by violating someone's privacy by posting their hacked SSN on something like Reddit. A private email to that person should have sufficed. If no action was taken to fix the security problem, then there are proper channels to certain agencies to correctly and properly report such a problem.
So, with mixed emotion, I applaud David Helkowski for all of his actions EXCEPT for posting private information on a very public website. I say "mixed emotion" because, on the other hand, he's getting what he deserved for being too freakin' lazy to do things the right way.
Jeff, I agree with you and Steve both. Steve focused his comments on the manner Helkowski chose, specifically tp "prove there is a flaw" in an illegal manner. You seem to be saying that he should have acted, but in a different manner. My other post was an attempt to say the same thing as you are. I deleted the part I was going to post that in some way supported Helkowski's views, and am glad I did because you said it much better.
Dave
July 28, 2014 at 7:45 am
That story about David Helkowski was pretty crazy. It reminds me of the Seinfeld episode where Jerry's mechanic goes nuts because Jerry isn't babying his car enough, so the mechanic just drives off with it. I think the fact that Helkowski stated he wouldn't do anything differently shows his current state of mind - I'm not sure how someone like that would ever expect to get hired in the IT industry again.
July 28, 2014 at 7:45 am
Raising your concerns and documenting the concerns and that you have communicated them are crucial.
If/When TSHTF, management will look for a scapegoat or someone to blame and it is easy for them to 'forget' you warned them. YOU become the convenient scapegoat because it was YOUR responsibility.
Even with documentation, you might still be the convenient scapegoat, but it becomes harder to paint you as the negligent one.
Viewing 15 posts - 1 through 15 (of 55 total)
You must be logged in to reply to this topic. Login to reply