Security's Everyman

Security's Everyman

Wednesday, October 04, 2006

IT and Integrity

I started to write about the DarkReading.com IT Scruples poll the other day and never did get my thoughts fully together. Then yesterday I ran across a ComputerWorld blog about The Importance of Integrity and read about the "humorous" Toorcon joke about the Firefox flaws. Now I HAVE to write.

This kind of stuff is not funny and it IS unethical. It may have been meant as a joke, but when you do something that causes bad press for someone and causes them to lose time and money trying to find problems that don't exist then it quickly ceases to be funny. It's sad enough that so many seem to be taking such a casual stance towards integrity and honesty in their job. Especially when your job is IT security. Did the company hire you to secure the data from everyone but you? Just because you have access to it does not mean that you can or should look at it.

I don't understand why so many people think that integrity is something that you use when it's convenient for them or when it serves their best interest. Integrity matters at work, home and everywhere. If you are dishonest in one place then you will be dishonest in another.

In the world of IT Security there are pretty much 2 groups, the Black Hats and the White Hats. Just because you work in the White Hat world doesn't mean that you are a White Hat. If you cheat, lie and steal then in my book you are a Black Hat.

Now, having said all of that let me clarify a couple of things.
1. I'm not perfect. I have done unethical things in the past.
2. I'm not talking about someone who does something once or twide or makes honest mistakes.
3. I am talking about someone who thinks that they can so these things regularly because of the
position they hold and the trust that has been given to them by their company.
4. I am talking about someone who does something purposefully malicious (even once) that is
just plain stupid. Like lying about vulnerabilities or lying about their experience or talents just
to get a job. (Listen to ITT's Roll Call Segment to hear a good story about this)

One quick story and I will get off my soap box. I used to work with a guy who was a very talented network guy. He knew a lot of stuff and taught me lots of things. His problem was that he thought he was above the law when it came to honesty and integrity. It cost him his job with the company that we worked for. It didn't take him long to find a new job but he soon lost it also. He quickly found another job and then he got caught. It seems that he obviously lied about getting fired from his previous 2 jobs, but he also lied and told them that he was certified as an MCSE and a CCNP. Once these lies were discovered he was reported to both Microsoft and Cisco and supposedly has been black balled from ever holding certs with either company. I'm not sure if they do black ball but if so he does deserve it.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.