When you’re not the boss at work, there is an unwritten rule that you do what you’re told.

That said, if you don’t agree with it…you’d better write it all down.

This guy worked in a cyber security job.

Soo… I work in cyber security, one point I worked for a Managed Security Services Provider, or outsourced Cyber Security.

Had a manager who was surrounded by yes men who worshipped him as awesome… which based on some stuff he showed I wasn’t impressed, but that’s irrelevant.

His boss wasn’t the most honest man alive.

He wanted to start stealing malicious site detections by various vendors and resale the data as proprietary threat intelligence, culmination of data mined by actual threat researchers.

Sorry, not steal, redistribute for a fee.

He tried to tell him his latest idea, which was unethical, could also harm their relationship with a client.

Anyway… I told this dude you want this data as a report, not an email alert… if you do this as an email alert you’ll generate about 4 million emails in a day for just one of our customers, who will remain nameless.

Bark bark, woof woof, reports aren’t real time enough, needs to be email alert.

When the boss wouldn’t listen, though, the went ahead.

Cool, so to make sure I’m understanding clearly, you are saying turn it on.

All of this conversation was via email of course.

You got it boss, and I did as I was told.

When the inevitable happened, he stayed on the team…for a bit.

Later the same night I get added to a critical call, customer identified an email coming from their SIEM to the tune of 3 million messages and wanted to know why we enabled this.

This same director asks me why it was turned on, telling the customer I’m the one responsible for building the ways we detect threats.

Absolutely team. I apologize, I had attempted to have our leadership reconsider this requirement as it would adversely impact your environment to the tune of 4 million emails.

Let me forward the communication to all of us on the bridge.

Do you all want me to turn off this rule?

Yes.

Because yes, he had the receipts.

Absolutely. I just forwarded the email thread.

Manager… looks like you were the one who authorized and made the decision to turn it on despite the risk, and I went ahead and disabled the rule.

Nothing really ever blew back on the boss, but at least it didn’t get him, either.

Dude got promoted to VP and I was no longer involved in threat monitoring, so I’m pretty sure he controlled the narrative very well.

Still, I enjoyed my moment of listening to the customer bring legal and discuss cancellations and repercussions.

I left and am now the proud owner of a cybersecurity product for biomed and facility devices.

What does Reddit think of this tale? Let’s find out!

It is a tale as old as time.

Seriously why does this happen?

It will be just as bad.

Of course he did.

Right in line.

Honestly I wish this was a little more satisfying.

That boss deserved to be taken down a peg or two.

If you liked that post, check out this story about a customer who insists that their credit card works, and finds out that isn’t the case.