The Anti-Mentor

I just finished reading an interesting article that brushed up against a theory that I've had for a while. In the article, the author refers to the "Anti-Mentor," a manager or boss that provides ample learning opportunities by way of what not to do. Specifically, the author gives reference to the "polished veneer" of his Anti-Mentor. In part, this comes down to integrity, which I discussed in a previous post. Beyond that, though, we move into the area of my theory: that such pathological disingenuous behavior is a form of psychosis. When that thought first occurred to me, it was very much tongue-in-cheek. After years of working in numerous environments, however, the facetiousness of that statement has steadily decreased. Consider the definition of psychosis from the Full American Heritage Stedman's Medical Dictionary : "A severe mental disorder, with or without organic damage, characterized by derangement of personality and loss of contact with reality and causing deterioration of normal social functioning." Speaking for myself, I can't count the number of times I've had one of these Anti-Mentors change personalities right in front of my eyes, or (my personal favorite) be helpful and supportive to me and then turn right around and try to sell me out in an attempt to conceal their own incompetence. It reminds me of a good ol' Southern phrase I heard a long time ago: "What do you expect from a pig, but a grunt?" I realize that a.) I am not a medical professional and am in no way qualified to make a diagnosis such as psychosis; and b.) I am stretching the definition of psychosis to (and probably past) the breaking point. Even so, it does help to cast the situation in a different light. These Anti-Mentors are infuriating to say the very least. However, it is probably worth viewing them with understanding and a touch of pity. When confronted with an Anti-Mentor, know them for what they are and expect that they will fundamentally always be true to their Anti-Mentor nature. Knowing what they are and what to expect from them makes dealing with them a little less painful.

Integrity and the lack thereof

Recently, I ran into a situation that highlights the absolute necessity for integrity among information security professionals. Unfortunately, in this case, I got to see what could happen when someone else demonstrates a significant lack of integrity.

In many regards, security professionals are not unlike attorneys or psychiatrists in the sense that during the course of your duties, you may become privy to certain information that, under no circumstances, can be shared. Obviously there are certain ethical obligations that come into play here. If you become aware of illegal activity or something along those lines, you are duty-bound to report it. However, when the information is clearly sensitive and there is no reason to divulge such information (other than to attempt to display to others how much you are "in the know"), to reveal such information is egregiously unethical. Here's the story that brought this to light. I'll try to keep it brief. All names have been removed from the information below.

I currently work for Company A. Several months ago, Company B, a consulting firm, approached me and asked if I would be interested in looking at a few positions they had open. Let me emphasize that they came to me. I was content with my work at Company A, but in my experience, it always pays to keep your options open. So I agreed to hear about these positions. Here's where an unfortunate series of coincidences comes into play. A person currently working for Company B (whom I have never met, by the way) used to hold my position at Company A. Let's call him Bob. Further, when Bob held my position at Company A, he worked for the same manager that I currently work for. Let's call the manager Tom. So Bob is a security person. His focus in the security field is substantially different from mine, but a security person nonetheless. For reasons I don't entirely understand, Company B asks Bob to take a look at my resume. At this point, Bob, who is ethically obligated to keep company-sensitive information private, promptly gets in touch with my manager (and his former manager, Tom) and says "Hey, Kurt is looking for a new job." So a couple weeks later, Company B makes me an offer that I'd have been a fool to decline, so I took it. I then go to my manager, Tom, and put in my two week notice. Imagine my surprise when it became clear that he already knew about this position. I did a little investigation and quickly discovered the chain of events outlined above. By blind luck, there don't appear to have been any negative ramifications of this. (Or, at least none that I'm aware of at the moment.) But that doesn't excuse the fact that it happened in the first place. If I'd had a different manager (I have a pretty good professional relationship with Tom), this could have gone very bad, very quickly. I could have been fired, it could have besmirched my professional reputation, etc., etc. In this particular case, I appear to have dodged a bullet, but I'm still pretty ticked that I got shot at in the first place. I'm reminded of the line from Shakespeare's Othello: "...he who filches from me my good name, robs me of that which enriches him not and make me poor indeed."

Here's the deal. Those of us who are security people need to hold ourselves to a very high ethical standard. Let's be honest...at some point in the past, we've all probably done things (hopefully very minor things) we shouldn't have or possibly used our position to our advantage. To some degree, that's human nature. (Think of a police officer pulling strings to get out of a speeding ticket, for example.) The key words there, though, are "in the past" and "used our position to our advantage." In this case, Bob had absolutely nothing to gain by releasing this information, other than to attempt to impress his former manager, Tom, with how "wired-in" he is. Were there some sort of governing body for security professionals, I would have reported Bob in a heartbeat. There isn't, though, so Bob gets to go on his merry way, coming into contact with sensitive information and potentially divulging it to others as he sees fit. In short, Bob should be ashamed of himself. It is incumbent upon us as professionals to give careful thought to the potential ramifications of leaking information to which we become privy. The actions of Bob were disgraceful and we, as professionals, must do our best to to stamp out such behavior whenever and wherever we find it.