Security Test
A bleary eyed Selben took another sip of his coffee nectar of the gods, as he looked through his queue. A substantial number of tickets had been escalated to him with questionable notes. It was obvious that either someone was trying to gain access to their network, or the security team was auditing the helpdesk’s procedures. All tickets were for regular users in the company, but more than normal were unable to answer their security questions. The helpdesk techs had put forth their best efforts to help them, but following procedure, they refused to reset the passwords without proper identification from the users. This caused the tickets to be escalated to Selben for review. He attempted to reach out to each of the users. Getting no response, he flagged several as “potential malicious intent” and sent the information up to the security team, per their defined process. If the security team had decided to launch a test, Selben knew it was better to not notify the helpdesk techs of this as it could make them respond out of the norm.
The “attack” quickly subsided. Selben headed to a meeting with Tex and a VIP. The meeting was regarding all VIP’s getting the best wireless mice on the market. It was extremely important and included one secretary and three other VIP’s on a conference call discussing the details (Tex left early, abandoning Selben to stay awake on his own). After a rigorous series of questions where he had to explain the vast mysteries of DPI (or Deepie, according to one very insistent VIP), he made it back to his cubicle just in time for lunch.
Selben procured a rather lackluster food truck lunch of much too spicy nachos and returned to utter chaos. His queue had hundreds of password requests. Sifting through, it appeared something was very off. Other than the first handful, none of the techs had bothered asking the users for security questions and instead just escalated them. Selben approached one of the less senior techs.
“Hey there. What’s going on with the password resets?”
“Oh, Tex told us to just escalate those to you,” he shrugged.
Eyebrow twitching from anticipated stress, “Define ‘those,’ please.”
Peer paused and looked uncomfortable, “Any password reset request? He said they were something from the security team and you needed to deal with it.”
Selben let out a sigh and went to go find Tex.
A short confrontation was had, and Selben headed back to his desk to re-assign out the tickets for the techs to follow-up with the customers per normal.
* * *
After the fiasco, the security team was admonished by Tex, who in turn was reprimanded by his boss for telling the techs, as the test was meant for them. All the techs became extremely cautious and ineffective in handling password resets for the next several months due to the unhealthy level of fear of being chewed out by both Tex and the security team.