How to Securely Fire Your Security Guy

Today, I had the dubious pleasure of attending a client site to tidy up, change passwords and deny access for a guy who has just been fired. They had clearly decided a few weeks ago that he was going to be fired if he didn't improve. I've worked alongside him before and I can see why he got the boot. He meant well, but the spark wasn't there. They knew he'd be angry and obviously thought that he would become the fabled 'disgruntled employee' of many a security white-paper. To make it more interesting, he was their network and security guy so his access was potentially more damaging than most of their other staff. The way that this client of mine decided to do the deed was pretty clever and I can recommend it.

Last week, I attended site to recover some lost admin passwords (guess who forgot them?) and at the request of his boss, I added myself a superuser account to all their security systems. The boss asked me to create these accounts as quietly as possible with no fuss. I had no remote access and the password I chose was my usual high strength, but I wondered at the time what she was up to. Now I know.

I was called yesterday to attend this morning at nine sharp. Unusually, the contact was the boss and she gave me her mobile number which was to be called on my arrival. I duly did so and it was answered by one of the IT team. The girl met me at the reception and steered me into a meeting room, returning with a welcome cuppa.

About ten minutes later, I saw the boss walk past with my usual contact. He was wearing his coat. Within about two minutes I was seated at his workstation logging into the firewalls, routers and so on changing passwords and disabling accounts. His VPN accounts were disabled first and then I set about the rest of the equipment. My own superuser account was very handy; he must have had wind of the move on him because all the equipment had non-standard passwords that didn't match those recorded in their database.

A shrewd boss and my lightning fingers (!!!) saved the day because there were a few denied access attempts from odd IP addresses throughout the day. If you're going to fire someone in a key IT position, have the know how of a trusted consultant on tap - and on site - to plug the holes immediately.