When you sit down and think about it, I have a really neat user community.  Since we’re an IT services company, all of the users on my back-end infrastructure are IT architects, engineers, or operations.  That means that they are all system administrators in one way or another.  My challenge is to keep track of all these sneaky people, which is different from the usual unskilled user community, where it’s a case of “you clicked on what link and now none of your applications work?”.

We used to have this very talented network administrator working in the NOC.  Not only did he know networks, but he was CISO-savvy.  When he wanted to change something on our core switches, we played a little game that went something like this:

Me: So what VLANs are you going to change?

J: I’m going to connect switch A to switch B and trunk over VLAN 25.

Me: So what is that VLAN used for?

J: It’s a NOC server VLAN.

Me: And what else is connected to switch B?

J: Some other switches.

Me: And what is connected to those switches?

J: Stuff.

Me:  And what would “stuff” entail?

J: Some routers.

Me: And what do those routers connect?

And we would go on like this for a couple of minutes until I felt comfortable with most what was going on.  The funny thing was that most of the time he was up-front with what he was doing, because he didn’t want to do anything bad, either.  It’s when he started to get non-detailed that I knew something was up.
Now the fun part of this is that I have 200 people like this to contend with.  It sounds worse to say it than it actually is, but it’s one of the threats that I live with.

• Omigod, I’m Part of a Botnet?!?!?!
• My Favorite Conspiracy Theory
• CISO Trick: Know the Hiding Places
• A Step Inside the Guerilla CISO’s Mind
• Lions, Tigers, and VLANs Oh MY!