| « More Zeroes...More Problems | A Burning Sensation » |
Duane was thrilled to be starting his new job. He was already five years into his development career and while he had worked in a number of different areas, he hadn't spend any "professional" time in the one area he was most passionate about: security.
This is not to say that he hadn't spent a lot of his spare time learning as much as he could about various aspects of security. But it is difficult to find a job in the security field when the only mention of 'security' on your resume is in the "Hobbies" section.
That was why he took this position with BGD (Big Government Department). When Duane starting passing his resume around, he had instructed his recruiter to focus only on jobs where security played a major factor. Yes, this increased the time it took to find positions. And he spent many of his interviews trying to convince potential employers that he really did have the security chops. So when the interview with BGD had focused extensively on defensive coding techniques, the performance of different encryption algorithms, and two-factor authentication patterns, Duane was very interested. And when he received the job offer, he was nearly beside himself with excitement.
And so here he was, on his first day, looking at the following Microsoft Access VBA macro that his boss had given him as an example of the style of coding he would be expected to produce.
After a few moments of head-scratching, gut-churning perusal, Duane walked into his boss' office.
"About this code", Duane started
"Yes?", said his boss
"Um...Can you explain the reasoning behind it?", ventured Duane. "I mean, I can tell from the title that it sets the date and time. But why do it this way?"
"Well, it's really quite simple", started his boss. "As you know, security here is one of our most important concerns. And this database is used in each of our branch offices. Management was concerned that the names of the recordsets that are used would be visible to the users. And if they knew the recordset names, they might start to look at the data."
"But doesn't the macro just grab information from the Tem...pD...ata recordset?, asked Duane.
"Why, yes...yes it does", came the reply. Without the sarcasm that Duane was hoping for.
"O...kay. What about this line here", Duane said, pointing at the first line that uses the Environ function. "Why are you worried about them knowing that the macro uses the Use...rN...ame system value?"
"Don't be silly. We know we can't keep them from knowing. It's just that we don't want to make it easy for them", countered his boss.
"Um...fine. Then why is it that you included the names of the users that are authorized to change the date and time in plain text". paried Duane.
(Author's note: the names of the users were changed as part of the submission. The redactions were done by the submittor as well. I found it ironic that scrambling some of the user names was sufficient for *most* of the values in the submission...but not all)
"Easy", said his boss with finality. "Even if they find this code, no user would be able to figure out what this method is doing."
Duane walked slowly back to his office and slumped into his chair. After a few moments of anguished decision-making, he reached into his pocket, pulled out his cell phone and placed the call he now knew was inevitable. To his recruiter.
Re: Security by Obsqwerty
2013-02-11 07:14
•
by
QJo
(unregistered)
|
Happens more often than you'd believe. I can think of at least 5 people I've worked with who have gone away and come back in short order. Me, I've never actually gone back to the previous company, but I've got on the phone to the recruiter within the first week. I was lined up with a sweet number too, that first call, offering twice the money and considerably more responsibility - then I made the mistake of explaining that I'd just started in a job I wasn't a good fit for. And equally unfortunately it turned out that the person interviewing me was a personal friend of the owner of the company I was blowing out. It in fact took me 4 months to get out of there and into the next port of call. |
Re: Security by Obsqwerty
2013-02-11 07:34
•
by
Fred
(unregistered)
|
They wouldn't let him start until 9AM? How awful. I'd be outta there pretty quick too. But seriously, I once had the opposite experience. I took a job at a place where they said during the interview that they were looking for someone to come in, get familiar with stuff, then step up into a manager role. Since I was at that point in my career, it sounded interesting. After I got there I learned that it was basically a feudal idiocracy where most everyone spent the bulk of their energy politicing, backstabbing, undermining, and yes once there was even a murder. Yeah I left. It had become apparent the "promotion to manager" was just a lure anyhow. And I had an offer for a real manager job, not in the vague distant future, but starting from day one. I'd been at my new job about 3 days before the old place called and begged me to come back. "The system crashed and nobody can get it started. And we can probably put you in that manager slot now. But we need you back today!" I informed them that basic professionalism would require me to give at least four weeks notice to my new employer, but I wasn't really interested in returning anyway. "Four weeks! Are you crazy? You only gave us two!" "But I wasn't in a management position with you. I am now." |
It's been my experience that if a new job turns out to be unacceptably different from expectations, the LAST person you call is the recruiter that got you the position. If you think about it, their incentive is to keep you there long enough to get their commission (usually 3-6 months). It is NOT in their best interests to help you quickly find another job. |
|
At my first computer related job, I had worked my way up from tending a numerically controlled typesetting machine to System Manager of a PDP-11/70 system (at the time, that was a big deal). The company decided to cut costs by laying off all the machine tenders and telling me I could do both jobs at the same salary. I had no further interest in feeding tapes into readers, swapping cards in dedicated systems and cleaning out film processors, so I elected to move on to another company as a PDP System Manager. This caused no small amount of rancor at the old company, where "traitor" was the kindest thing I was called. Two weeks later, they called begging me to come back as a consultant and get the typesetting machines running again. I replied that I would be glad to, but I would require $1000.00 per hour cash in hand upfront to work on these old machines. They told me, this was madness. I replied, Exactly so and hung up the phone.
|
| « More Zeroes...More Problems | A Burning Sensation » |
gnasher729: