um, your sock analysts that has raised issues about a USB device blocking program to your supervisor multiple times
supervisors knowledgeable and has been with the company for 15 years. Company has recently suffered a breach Where an employee attache USB device to a workstation and stop installed malware on one of its main frames.
The malware connected to an outside server and sent hundreds of employees information out.
that's not good. During the investigation, you realized it was the same program issue that you raised concerns about multiple times
during a meeting with the cyst. So she asked if anyone had been aware of the issue with the USB device blocking program
tell the so truthfully there. Keep quiet in fear of your supervisor looking bad. Right? So this is the, you know, boss versus, you know, executive relationship.
Um, you, you know, the most likely course of action, but this is so eyes to fire to supervisor. Right. Um
So how would you manage this?
We're also looking at both sides of it, right? Number one that I would start thinking through. The first question I have is how long have I worked there? Right in my brand new, and this is a brand new manager and
fast in case there is not necessarily the same level of Lloyd Lee. If I've been there 15 years in the sock
working, really like we started out together and they just moved into management
a bit of a different scenario there on what I may actually do for the investigation. Part of it, I think, from the company angle. I see that there's there's a breach essentially right there. Same malware on the mainframe, I believe. And so from the company side of things,
I have a responsibility as a security person, too.
Keep the company of secures posture. The other thing I have to think through is what is the actual loyalty to this individual? How long have I worked with them? Is this a one time thing? Maybe I didn't present it to best when I said, Hey, there was an issue with this thing ready. I brought a couple of times casually and they didn't understand the seriousness of it.
Maybe I did. Maybe I didn't present it, apparently, and they just ignored. It s so there's a lot of different things to sort of think through. There was some of the ownership on me at all. Was it all on this person for just ignore me completely because they didn't like me or something on the other side of that is from the company angle of it.
I want the company to be more secure in the future. Should this person still be here When let's say that they were was totally responsible, ignored everything I said.
Should they still be here? Because we're really not.
Even though this is one incident, Are there other instances in the past that they've ignored? And then something else has happened? Maybe not on a big scale, but something else has happened because of that. So these are all different little things I would have to think through to figure out the answer. Yeah. No, totally. I mean, I think you hit the nail on the head like,
um, you know, you know, I'm I'm a supervisor of our team, right? Like and, um, I probably have, uh,
a few 100 to 1000 decisions to make a day. Great lake. And so, like, there's a lot of things that I'm constantly trying to re prioritize and prioritize things. So,
let's say this USB device, like you've raised an issue about it. But how? How high up the list is that issue like versus all the other issues on your on your manager's plate and you know it becomes a bigger issue when something bad happens,
right? Of course, Like a You know, I used to work in internal fraud for Capital One,
and it was funny. I would raise, like all these different ways that employees we commit fraud on the company.
And I mentioned during the course, like, you know, I was able to get it prioritized. Well, the reason is because a person went through one of the ways that I said right and actually did it, and I said, Oh, by the way, there's these other ways that this could happen to write, And so sometimes you know, you kind of need they
Unfortunately, that use case right where someone actually
to get to get these bubble to the top, right?
so I think those air those are all the things that you should be considering when making this call right, because the other thing is, is like if you if your supervisor gets fired,
Right, Right. Like so. Like, it probably is not good for you either, right? Especially if you have a closer relationship with Supervisor.
Um and you were able to raise the concern, but maybe you weren't able to bring it up high enough. They weren't able to explain the business case for it on dso. Like, you know, I think you mentioned that point really well. So there's a couple things there where you need to
really think through what your decision would be under those circumstances, right? Like
because it could. It could not only affect your supervisor, but it's likely to affect you as well
on your family, right? And so you know, you have to you see nothing through it.
Uhm and who knows? Like maybe he supervisor also brought that up with This is so
right and it was ignored and it was ignored, right? And so then, Mrs So might be looking to
blame somebody on Just be like you never brought it up with May, right? Right. And so, like,
you know, then like, is that ethical on your end?
Right? Because you don't know that information, right? So
for all these things to consider, ultimately do you need to make a decision? So you do need to decide whether you do want to tell. This is so or not. But you need to consider all these things before you do, and then
be ready for the repercussions. Yeah, exactly. To you and your team. Like things were the stakeholders on your team is Well, we're making this call.