Literal Thinking

Real stories of workplace follies

A case of deliberately breaching security

Posted by A Friend on 14 January 2009

Even the best of intentions cannot be used as justification for an intentional breach of security. An ex-consultant found this out the hard way, and he also quickly became an ex-employee.

One bad thing about working in consulting is one is expected to work ridiculous hours and fly to ridiculously unreachable places on the, well, fly. Some consultants grow tired of this very quickly and yearn to “retire” into a nine-to-five job in an end client environment that recognizes their consulting background and blindly pays them top dollar.

There are, however, consultants who enjoy what they do, who get a rush out of the various challenges presented to them from various situations, who love the fast pace of unreasonably scoped project environments. These types of consultants will find end client environments too slow and too boring.

Such was the case of this particular ex-consultant. He had been in consulting for most of his recent professional life, but he fell victim to the post-Y2K consulting downturn and was laid off. He found himself some contract opportunities in the first few instances, but even those died down as well. Eventually, he reluctantly accepted a permanent position as a business analyst in an end client environment, in another state.

The company that he joined was in a very mature, heavily regulated industry. These types of organizations are by their nature very conservative; and planning, budget, and investment returns orientated. Most project proposals in this company are heavily scrutinized, and anything that might look remotely expensive have to go through at least three levels of budget reviews, the last of which is at an offshore head office.

This way of getting things done was greatly frustrating to our ex-consultant: he believed it actually meant not getting anything productive done. As a business analyst, he thought he was hired to look at the company’s systems and processes, and find and propose ways to improve these. He did just that, but his project proposals just could not seem to get any traction with management.

One particular area that greatly distressed our ex-consultant was how the company could have, in his opinion, such an antiquated project systems (PS) process, when PS is such a critical module for the company’s operations. In this regard, our ex-consultant proposed at least reorganizing disparate and cluttered PS data and making these more meaningful to the business people. He believed this alone was going to introduce significant efficiency improvements around the PS processes.

Still, our ex-consultant was not getting the quick response that he hoped for, and probably expected, having come from a consulting background. People who were meant to help him were just busy doing other things, and there was no sense of urgency from anyone to address his requirements.

It was at this point that our ex-consultant took matters into his own hands. Because no one in the organization could help him with his needs, he went out of his way to contact an ex-consulting colleague, detailed his requirements, and gave the ex-colleague access to various systems, using his own account. The ex-colleague completed the requirements in one weekend.

The next Monday, the ex-consultant walked in and reported his accomplishments to his manager. Of course, since he did not have the skill and competency sets to perform the tasks completed during the weekend, the ex-consultant had to fess up about seeking external help without prior company clearance. The manager, a well-mannered and easy-going guy, was shocked, and told the ex-consultant that he was left with no choice but to report the incident to senior management.

Swift action was taken after the incident was escalated. The ex-consultant’s teammates were gathered by their manager and briefed about the serious security breach. Everything the ex-consultant arranged to be done during the weekend was deleted without further question, even if it might have meant rework of some outstanding items that may be inadvertently included in the wipeout. And by 3pm, the ex-consultant was escorted out of the building, terminated on the spot.

When new to an organization, we often find that companies have different ways of doing things and getting things done. The ideal scenario, of course, is for the organization’s ways to be the same as ours; but that may not always be the case. Our ex-consultant’s biggest mistake was adamantly sticking to the way he believes things need to be done. He did not take organizational culture, “the way we do things here”, into consideration at all.

Here is a short article on the importance of understanding organizational culture that you might find useful. One paragraph in particular stood out to us: “Understanding the organizational culture can help you to understand why change does not take place, or why a project fails. It will also help you to determine where to strive to make changes to the culture.” We suspect our ex-consultant, now ex-employee, would have found this point useful.

Advertisements

3 Responses to “A case of deliberately breaching security”

  1. Under the heading of the ends justifies the means, many overlook the importance of understanding an organization’s culture or DNA as I think of it. Go against the grain and you will get much less done than you will when you work within the confines of what is acceptable to those you work with.

    In this example the consultant did more than just go against the grain; he broke rules and regardless of how well intentioned, the outcome of that was predictable from the start.

    I am a consultant and when I start a new assignment in a company I’ve not worked in before, the first consulting I do is with myself to determine how I must act to integrate with my client’s culture. Anything less and whatever value I may be able to bring to my client will be lost.

  2. A Friend said

    Bill – Thanks, and we certainly agree. Some experienced new hires, and we notice especially ex-consultants joining end-client environments, sometimes just feel the compulsion to prove themselves too quickly. As with the case presented, this can be counterproductive.

  3. It is not wrong to want yourself to do great at any job but breaking the rules of your employment is never the answer. By letting someone from the outside in, this consultant could have given away information that could have hurt this company in the long run.

    In this case good intentions cost this man more than he imagined. He may now have a problem being trusted in any field of business. Once you loss trust, it is very hard to gain it back.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: