This is an automated archive made by the Lemmit Bot.

The original was posted on /r/maliciouscompliance by /u/stranded_covidiot on 2024-04-20 01:49:19.


Soo… I work in cyber security, one point I worked for a Managed Security Services Provider, or outsourced Cyber Security.

Had a manager who was surrounded by yes men who worshipped him as awesome… which based on some stuff he showed I wasn’t impressed, but that’s irrelevant.

He wanted to start stealing malicious site detections by various vendors and resale the data as proprietary threat intelligence, culmination of data mined by actual threat researchers. Sorry, not steal, redistribute for a fee.

Anyway… I told this dude you want this data as a report, not an email alert… if you do this as an email alert you’ll generate about 4 million emails in a day for just one of our customers, who will remain nameless.

Bark bark, woof woof, reports aren’t real time enough, needs to be email alert.

Cool, so to make sure I’m understanding clearly, you are saying turn it on.

All of this conversation was via email of course.

You got it boss, and I did as I was told.

Later the same night I get added to a critical call, customer identified an email coming from their SIEM to the tune of 3 million messages and wanted to know why we enabled this. This same director asks me why it was turned on, telling the customer I’m the one responsible for building the ways we detect threats.

Absolutely team. I apologize, I had attempted to have our leadership reconsider this requirement as it would adversely impact your environment to the tune of 4 million emails. Let me forward the communication to all of us on the bridge.

Do you all want me to turn off this rule?

Yes.

Absolutely. I just forwarded the email thread. Manager… looks like you were the one who authorized and made the decision to turn it on despite the risk, and I went ahead and disabled the rule.

Dude got promoted to VP and I was no longer involved in threat monitoring, so I’m pretty sure he controlled the narrative very well, but I enjoyed my moment of listening to the customer bring legal and discuss cancellations and repercussions.

I left and am now the proud owner of a cybersecurity product for biomed and facility devices.