A bleary eyed Selben took another sip of his coffee nectar of the gods, as he looked through his queue. A substantial number of tickets had been escalated to him with questionable notes. It was obvious that either someone was trying to gain access to their network, or the security team was auditing the helpdesk’s procedures. All tickets were for regular users in the company, but more than normal were unable to answer their security questions. The helpdesk techs had put forth their best efforts to help them, but following procedure, they refused to reset the passwords without proper identification from the users. This caused the tickets to be escalated to Selben for review. He attempted to reach out to each of the users. Getting no response, he flagged several as “potential malicious intent” and sent the information up to the security team, per their defined process. If the security team had decided to launch a test, Selben knew it was better to not notify the helpdesk techs of this as it could make them respond out of the norm.