/kevinbehr/home

This morning I was running 45 minutes behind my usual schedule.  I tried to reassure myself that I was still in over an hour before any of my staff, except for Rob my Deputy CIO.

As I walked towards my office I saw someone chatting with Mariah at her desk in front of my office.

I walked directly to my door and stepped inside my office to divest of my coat and briefcase.  I emerged an headed straight for the coffee cache in the back of Mariah’s cubicle.

Mariah was trying to schedule a meeting with the gentlemen from what I could overhear.   

“Well the first available slot is tomorrow at 11am.  Phil only has a half-hour available.  Otherwise I can get you one hour next week.  What will it be?” Mariah queried the young IT staffer.

“sheesh.  Well this is extremely important and confidential.  It is an information security issue that must be addressed and I need Mr. Chairs to be up to speed before anything is done.”

I decided that I had heard enough.  I walked around the front of the desk and set my coffee down on the return.

I turned to address the staffer with a warm look and extended my hand.

“Hi there, I am Phil chairs.  I don’t think we have met?”

“No sir, we haven’t.  I am Tom Lispon. I work in information security here.  Good to meet you.”

We shook hands and I picked my precious cup of liquid genius up from the desk.

“Tom, why don’t you come in to my office for a minute and tell me what is so important?”

“But Phil, you have almost no prep time before your meeting with our CEO at 9.” Mariah insisted.

“I know, Mariah but something tells me I need to hear what Mr. Lispon has to say.”

We both headed in to my office and Tom shut the door behind him as I sat behind my desk.

“So what’s the deal Tom? What is important for me to know?”

“Well sir one of my friends on the network team found some suspicious undocumented hardware in our first datacenter.  He tipped me thinking it was a top-secret infosec project but he was wrong.  The hardware was from the company we bought in the reverse merger several years back.  When my team dug in to what it was doing and why, let’s just say that we found several hacked servers.”

My stomach was not giving me a pleasant sensation at this point.  My mouth was dry.  I willed myself with my inner voice “Drink some coffee Phil”. I listened to myself and drank deeply from the cup.

“How long have they been compromised and who knows about this?” I asked.

“Well that’s the bad news..from the file dates and error logs it looks like these boxes have been owned for years. At this point exactly 5 people know of this the only two outside of infosec are you and my friend in the network group.”

“hmm.  I assume we need to preserve evidence and a chain of custody? I mean do you have any idea who may have done this and why?”

“Right now we have nothing.  It is a pretty cold trail.  I would like your permission to take the servers off-line.”

“You mean you haven’t done that yet?  If they are old and unaccounted for why are they even on in the first place?  Of course you can turn them off.”

I was sure that I was getting a bit flushed as all the sudden I felt quite warm in the face.

“Well that’s the other thing. See the servers are still in use.  The executive management team still uses the Exchange accounts on those servers.  If we shut them down we take out their email.”

Oh my goodness.  The boxes were compromised AND the mail accounts of my peers was as well.  

“Well I guess the agenda of my meeting with our CEO just changed” I pondered out loud.

Just then the phone rang. It was Mariah. I picked it up.

“Yes, Mariah.”

“It is time for your meeting with the CEO.”

“Great, thanks Mariah”

I turned back to Tom.

” I need a full update on what you recommend we do and how we can be sure there are no other machines that have been compromised.  Oh yeah, I need it in one hour. Ok?”

Tom nodded his head.

“You have whatever permission you need to take that gear down in an orderly fashion. Also announce it as an emergency maintenance procedure. DO NOT tell anyone else that this has happened ok?”

Tom nodded again

“I want you to gather everyone that knows about this here in my office this afternoon for a briefing ok?”

“Ok Mr. Chairs.”

“See you then”

To say I dreaded my next meeting was the understatement of my career.  I knew this would not reflect well on our organization and may launch the rest of my shark-peers in to blood-in-the-water-mode.