Goodbye, Mr. CISSP

Losing a member of your security team is always tough, but good documentation can help ease the pain

9:00 AM -- A good friend and co-worker of mine here at the University of Florida, Jordan Weins, is leaving our merry little band for a great opportunity in another part of the state. We all knew it would happen sooner or later -- though we had silently hoped that it wouldn't, considering how well we all work together, and how much fun we have doing it.

Finding that chemistry -- putting together a security team of talented indviduals who can work cohesively and do their jobs well --takes considerable time.

Once that team is assembled, watching one member depart can be tough for all the other members. The manager is left with a position to fill -- usually knowing that it will be impossible to truly replace the person. If budgets are tight, sometimes there are even questions of whether the position will be filled at all.

For the short term, at least, the members of the team are left taking on the duties left behind. There is last-minute scrambling to make sure documentation is done and projects are completed or handed over. Then comes the cold, insensitive part that has to be done -- changing all of the passwords and revoking the former employee's user accounts.

As much as the individual may be trusted and valued, it's a simple fact that these things must be done. Why? People are not always who you think they are. If they were, there wouldn't be so many instances of insider attacks.

It's important to document everything that happens when an employee leaves. Access to shared passwords needs to be included in every employee's file. Every account created on every system the employee uses should be listed. I've personally seen a company force an employee to go on administrative leave, change all the passwords and revoke his accounts -- only to realize he later got in through a system they forgot.

The actions we've taken for my friend are the same ones we take for all exiting employees in our organization: Passwords, accounts, and purchasing and ID cards must be revoked, and an appropriate exit interview conducted. We have the documents that explain what needs to be done. And by the end of the day, each member of the team will have done his or her part to ensure that those procedures were followed.

On Jordan's departure, my boss wrote in an email that this was the "end of an error." We knew what she really meant was "era." But if you haven't developed the proper exit procedures, do it now -- you don't want your error to be the end of your organization's era.

Good luck, Jordan. We will miss you.

Editor's note: In addition to playing an invaluable role on the security team at the University of Florida, Jordan Weins has been an invaluable contributor to Dark Reading's sister publication, Network Computing, and indirectly, to this Website. We join John in wishing you the best, Jordan.

— John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines, or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading