If you’re going to San Francisco ...
... be sure to have some backup for your egomaniacal network admin.
I’ve been reading this saga with increasing amazement but not very much surprise. I never bought the argument “I’ve got to protect my network from these incompetent boobs”; it just made me more sure that what we’ve got here is another case of narcissistic personality disorder.
I’ve seen this more than once in my career, and if there’s any one personality type that you can count on more than any other to launch an insider attack, it’s the narcissist. The first clue is someone who blames everyone but himself for his problems. You can then count on him matching the DSM-IV criteria:
1. has a grandiose sense of self-importance
2. is preoccupied with fantasies of unlimited success, power, brilliance, beauty, or ideal love
3. believes that he or she is “special” and unique
4. requires excessive admiration
5. has a sense of entitlement
6. is interpersonally exploitative
7. lacks empathy
8. is often envious of others or believes others are envious of him or her
9. shows arrogant, haughty behaviors or attitudes
This all adds up to the techie who feels his genius isn’t being sufficiently appreciated, and therefore he’s entitled to take revenge on those who are conspiring against him.
To confirm this diagnosis, merely suggest to this person that he and his knowledge are SOOOO valuable that you’re really worried about what would happen to the organization if he were hit by a bus, and that therefore you should all work on enabling other people to be backups for him. If he starts to fidget, pout, or outright object, you know you’ve got to deal with this right away. Before it gets worse.
When you’re terminating an employee, especially one with privileged access, there’s often a debate about whether to cut off the access ahead of time. You may consider doing it even if the employee is voluntarily resigning. In either of these cases, if you have any suspicion that the employee is (1) leaving with a less than fond attitude towards the organization, and (2) has this “blame everyone else” attitude, you can and should make a good argument for disabling that access right away. This is one of the things they don’t teach you in CISSP skool.
UPDATE: He tried to copyright the “technical artistry” of his network design. (See July 2007 in the timeline near the bottom.) Quod erat demonstrandum.
But shrdlu, narcissistic personality disorder makes for a great Bastard Security Officer from Hell.
The only difference is that we use our elite powers for the benefit of good and for the lulz.