A few years ago, Sebastian was working as a security consultant for a relatively big software security company that was working on a credential management project for "Her Majesty's Telecom" or simply, HMT.
His group was high-spirits all around counting down the days remaining in the final month of the year-long project, well, that is presumably except for Simon. Up until 48 hours prior, he was the consulting company's corporate liaison who had decided to unexpectedly exit from the project. His departure left Sebastian, a former corporate IT drop-out himself, the project's only possible option to fill his shoes two days before an all-manager status meeting.
"I need you on this one Sebastian, you're the only one I have who can get into these guys' heads!” his project manager pleaded, “Simon left his PowerPoint slides out on the network share. All you should have to do is rattle off some metrics, toss in how upgrading their card readers to the CardTronix DX200 would be a really good idea, and maybe answer a few questions. It'll be piece of cake!"
On his way to the meeting, Sebastian felt a little slimy. Kind of like a car salesman trying to sweet talk a buyer into the next model up. However, like his manager said - there really wasn’t much to worry about. He was there to state facts, not sell anything.
Confident, Sebastian held his head high as he headed to the presentation - this was going to be a piece of cake.
Just 15 Minutes
The meeting had been going like clockwork - even the upgrade pitch - but it was in the "Q & A" part of the presentation that disaster struck when the Head of Global Security, raised what appeared to be five pink sausages attached to a meaty palm asking for a turn to speak.
"I recently read an in-depth white paper about a new, ultra-secure card that holds double the amount of certificates that your company is implementing."
Sebastian nodded. "Sure, that’s something that we can absolutely explore in ‘Phase 2’ of the implementation. After this meeting, I’ll have my project manager contact..."
The manager raised his sausage wall blocking Sebastian’s side of the conversation.
"No. This will be implemented in this phase."
The room fell silent as all eyes were now on the manager.
"Last year, auditors found gaping holes in our network's security which prompted the creation of my position and the need for the project your company have been working on for the past year."
"Superior security is vitally important. Your company will either comply in 30 days or we will withhold payment."
Demo Day Cometh
Now, introducing a new smart card type isn't something you want to do at the end of the project. Heck, it's not something you want to do at the beginning of a project. The software that Sebastian and his fellow consultants had been working on implementing for the past few months didn't know the card, hadn't been tested with it, but more importantly, as it turned out, it flat out didn't work.
They spent a month working with the vendor, trying to figure out technical details, trying to get the solution to work all on what had been mentioned off the record as being “beta” versions of the cards. On average, they burned through a smart card every hour (at 12 to 14 quid a pop), but nobody really cared -- despite their stubbornness, Her Majesty's Telecom had agreed to pay for any additional expenses, so long as it worked.
When it finally worked, Sebastian (still in the role of client liaison) went to demo the new smart cards. People were very excited, because even with all the hurdles the project had known, the project was still roughly on-time and under-budget.
Once Head of Global Security showed up, a wealthy-looking, brick wall of a man, Sebastian did his presentation, and covered everything. The dual back-up in different physical locations, the redundant connectivity, the certification process, the integration with the Certificate Authorities, everything looked awesome. The last step in my performance was to show how much faster their solution was in real-world use. The new smart card unlocked the session in less than a second and Sebastian beamed with pride.
"Now, may I please borrow your smart card to illustrate the difference in performance?" Sebastian asked, turning to the Head of Global Security, whose card was dangling under his necks. "HAH!" he bellowed, jowls quivering, "I can't do that, I'm afraid." For a few seconds, the air in the room seemed to disappear.
Sebastian felt certain that he had just unknowingly overstepped his bounds. He was about to apologize and grab an old card from my stock, when the stressed-out-and-sweat-on-his-brow Head of Global Security leaned in and continued.
"I can't, I just can't," he heaved deeply, "My PIN code is written on the back."