CIO made a dangerous mistake and ordered his security team to implement it
(2025/08/25)
- Reference: 1756111150
- News link: https://www.theregister.co.uk/2025/08/25/who_me/
- Source link:
Who, Me? Welcome to another instalment of Who, Me? It's The Register 's reader-contributed column that shares your missives about massive mistakes, and how you managed to move on after them.
This week, meet a reader who asked to be Regomized as "FireBug," a name that makes sense because the story he sent concerns a firewall he worked on during his time as part of a small team that managed a global company's security and VPN infrastructure.
"I had just passed my CCNA and CCNE certifications when I received a request to make a major update to the firewall rulebase," FireBug told Who, Me?
[1]
As a sensible fellow, FireBug had a three-stage process for such requests.
[2]
[3]
First, he would read firewall rules to check for obvious errors. Next, he would deploy them in an isolated test environment. If that worked, he would deploy into production.
On this job, he had to insert an extra step.
[4]
"A new CIO had arrived at the company," FireBug recalled. "He was a nice guy, but more tactical than strategic, with a very hands-on approach and keen interest in everything related to security."
The new boss wanted to review the changed firewall policies himself.
FireBug had already performed his first step – reading the rules to check for errors – and found a big problem that he felt would see the firewall isolate itself from the internet, taking the business offline. The error was so dangerous that FireBug checked it with a colleague, who agreed with his findings.
[5]
But when the CIO reviewed FireBug’s work, he found no flaws and ordered the rules be implemented.
He even put it in writing, leaving FireBug no alternative but to implement the flawed policies.
[6]Teen interns brute-forced a disk install, with predictable results
[7]Pay attention, class: Today you’ll learn the wrong way to turn things off
[8]Tech bro denied dev's hard-earned bonus for bug that overcharged a little old lady
[9]Intern did exactly what he was told and turned off the wrong server
"Things went exactly as expected – the firewalls in the offices around Europe all received the update on schedule and went dark, resulting in immediate declaration of a major incident," Firebug wrote.
The company quickly implemented its disaster recovery plan and brought plenty of its infrastructure back online at decent speed.
But some of its kit was so broken that the only way to fix it was to get hands-on.
"I had a really interesting summer travelling around Europe to places I had never considered visiting," FireBug told Who, Me?
The CIO survived the incident.
"He had a badly bruised ego and upper management insisted that from now on [he] leave operations to us techies and focus on management."
Has your boss ever ordered you to break things? If so, [10]click here to send email to Who, Me? – The Register would love to share your story. ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/08/18/who_me/
[7] https://www.theregister.com/2025/08/11/who_me/
[8] https://www.theregister.com/2025/08/04/who_me/
[9] https://www.theregister.com/2025/07/28/who_me/
[10] mailto:whome@theregister.com
[11] https://whitepapers.theregister.com/
This week, meet a reader who asked to be Regomized as "FireBug," a name that makes sense because the story he sent concerns a firewall he worked on during his time as part of a small team that managed a global company's security and VPN infrastructure.
"I had just passed my CCNA and CCNE certifications when I received a request to make a major update to the firewall rulebase," FireBug told Who, Me?
[1]
As a sensible fellow, FireBug had a three-stage process for such requests.
[2]
[3]
First, he would read firewall rules to check for obvious errors. Next, he would deploy them in an isolated test environment. If that worked, he would deploy into production.
On this job, he had to insert an extra step.
[4]
"A new CIO had arrived at the company," FireBug recalled. "He was a nice guy, but more tactical than strategic, with a very hands-on approach and keen interest in everything related to security."
The new boss wanted to review the changed firewall policies himself.
FireBug had already performed his first step – reading the rules to check for errors – and found a big problem that he felt would see the firewall isolate itself from the internet, taking the business offline. The error was so dangerous that FireBug checked it with a colleague, who agreed with his findings.
[5]
But when the CIO reviewed FireBug’s work, he found no flaws and ordered the rules be implemented.
He even put it in writing, leaving FireBug no alternative but to implement the flawed policies.
[6]Teen interns brute-forced a disk install, with predictable results
[7]Pay attention, class: Today you’ll learn the wrong way to turn things off
[8]Tech bro denied dev's hard-earned bonus for bug that overcharged a little old lady
[9]Intern did exactly what he was told and turned off the wrong server
"Things went exactly as expected – the firewalls in the offices around Europe all received the update on schedule and went dark, resulting in immediate declaration of a major incident," Firebug wrote.
The company quickly implemented its disaster recovery plan and brought plenty of its infrastructure back online at decent speed.
But some of its kit was so broken that the only way to fix it was to get hands-on.
"I had a really interesting summer travelling around Europe to places I had never considered visiting," FireBug told Who, Me?
The CIO survived the incident.
"He had a badly bruised ego and upper management insisted that from now on [he] leave operations to us techies and focus on management."
Has your boss ever ordered you to break things? If so, [10]click here to send email to Who, Me? – The Register would love to share your story. ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aKw0OQjFu5hWFzbG10kwVwAAABU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/08/18/who_me/
[7] https://www.theregister.com/2025/08/11/who_me/
[8] https://www.theregister.com/2025/08/04/who_me/
[9] https://www.theregister.com/2025/07/28/who_me/
[10] mailto:whome@theregister.com
[11] https://whitepapers.theregister.com/
C.Y.A.
Mentat74
The most important acronym in the entire IT industry...
Re: C.Y.A.
b0llchit
And who do you think they'll blame? Manglement? Never.
It is always the fault of those who are lower on the food chain. Even with ample evidence to the contrary, they, manglement, will always find a direct or indirect way to blame you.
"leave operations to us techies and focus on management"
Pascal Monett
Yeah, that'll indeed bruise an ego, especially one who doesn't know he doesn't know but thinks he does. Ergo, this was obviously the nicest decision they could take.
That said, it's nice when you get a manager who knows the nuts and bolts. There's less waffling about with business-speak in meetings and when you explain why something can't be done that way, there is agreement without much discussion (that's supposing that you know what you're talking about). Plus, if you're doing things right, you get his entire support when things still go pear-shaped.
"leave operations to us techies and focus on management."
Anonymous Coward
Manglement is largely by definition doing "sweet fuck all" but unfortunately some of the more "gifted" manglers take the "fuck all" part literally and consequently screw everything royally.
Has your boss ever ordered you to break things?
Even when the order comes in a meeting full of dissenters and after I have insisted on the CYA email, they never seem to get the boot for this type of issue.
Hence I decide that the company is no longer worth getting out of bed for and go to pastures new. And in my next interview I do explain clearly why I left the last company, and it has never seemed to be held against me.