Slashdot Mirror
The Inside Story On the San Francisco Network Hijacking
snydeq writes "A source with direct knowledge of San Francisco's IT infrastructure has tipped off Paul Venezia to the real story behind Terry Childs' lockout of San Francisco's network, providing a detailed account of the city's FiberWAN, interdepartmental politics, and Terry Childs himself. Childs pleaded not guilty to charges of tampering yesterday and is being held on $5 million bail. According to the source, Childs' purview was limited to the city's FiberWAN — a network he himself built and, believing no one competent enough to touch the network but himself, guarded religiously, sharing details with no one, including routing configuration and log-in information. Childs was so concerned about the network's security that he refused even to write router and switch configurations to flash. But what may prove difficult for the prosecution in its case against Childs is that his restricted access to the network was widely known and accepted among managers and the city's other network engineers. Venezia, who has been suspicious of the official story from the start, suspects that the Childs case may be that 'of an overprotective admin who believed he was protecting the network — and by extension, the city — from other administrators whom he considered inferior, and perhaps even dangerous.' Further evidence is that fact that the network, from what Venezia understands, has been running smoothly since Childs' arrest."
So instead of letting the air out of the car's tires, a car he loved, he simply wouldn't give the keys to dangerous drivers.
"He's using a quantum encryption scheme! That'll take hours to break!"
It's hard to believe that management didn't care that a single employee was the only one who knew anything about critical infrastructure, no matter whether the employee arranged things this way because he thought no-one else was good enough or because this was his was of becoming entrenched.
IANAL, but isn't $5 million US for bail a bit excessive for this?
Honestly, I am surprised the FBI or some other government branch hasn't stepped in on the matter and taken over. If the fiber/wan deals with E911 and other critical functions of the city, I think the city government needs to allow the higher government branches to intervene.
Either use the higher government interaction or just take him out back and start breaking each finger and toe until he talks.
That's my first reaction to the news. Critical infrastructure should have redundancy everywhere, including the support staff.
To give a stupid but obvious example what if Childs was run over by a car? OK, he wouldn't care but all the rest of SF would.
So they should never have put the network online until the information was in several places (the brains of several people if formal electronic/paper records were too inflexible).
Stll, this sounds like political infighting more than ever. Given the situation why were they trying to fire a critical person like Childs? Sounds like some bureaucrat with an ego as big as Childs would be involved to cause this, rather than Childs "going rogue". And he (the bureaucrat) was more skilled in the political game. Of course this person would be covering his tracks, and not be obvious in any way. So Childs and the whole of SF lost. His firing does not make sense otherwise, given his critical position.
Ah, the fun of weaving conspiracy theories :-)
then there is sitting in a holding cell, still protecting your turf... from the guys you are supposed to be protecting it for
the guy is over the deep end, he is criminally culpable for denying access to the people he built the network for
at best, he can probably use an insanity defense, like paranoid schizophrenia, because his actions are on the extreme paranoid end if this latest revelation about his motives and actions ring true
he's certainly mentally fragile. he shouldn't have that much exclusive control over such an important government network, that's for sure
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
We still don't know all the details. Perhaps all the accusations are trumped. But, if when his performance became a question he started hiding backups, monitoring his managers' email exchanges and is now not cooperating, he's definitely a criminal.
How can you possibly argue otherwise? Sure, he's the network admin, but does that authorize him to read people's email without authorization?
Sure, he's the admin, but does that give him the right to create a situation that basically takes the city's IT infrastructure hostage?
I'm not questioning that his superiors should share the larger part of the blame here. But I can't see how he's not at all at fault.
This makes no sense. A properly secure network should be in complete control of those creating it, simply through password and other authentication. Sure, good documentation is helpful in a worst case scenario, but you really need a hit-by-a-bus contingency team.
The ______ Agenda
People who fiddle with government machines get let of and win people elections! Those that STOP people fiddling with Machines get locked up on $5 mill bail....:D:D
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
He was in their employ. Once they asked for access and/or recinded his 'permission' and he refused to cooperate he became a criminal. Let's not rationalize or glorify him just because he's a geek...shades of the apologists for Reiser come to mind now, though this crime isn't as bad as murder.
>
How can you possibly argue otherwise? Sure, he's the network admin, but does that authorize him to read people's email without authorization?
Not at all. But then charge him with that, not some pseudo-terrorist computer tampering charge.
If he really did explicitly "hold the network hostage", actually said "I'll trash it if I don't get what I want", then he commited a crime. But what it sounds like so far is "Do your job the way we want, not your way" and he said no and was fired for it, which is generally not a criminal act.
I've known half a dozen people who "knew things" that would ruin their company if they were hit by a bus. None of them would get charged with a crime if they refused to give up that information *after* being fired(although their company might get sued by the shareholders). But none of them are in IT.
As for the email, from the correspondance provided, it doesn't say if he had access to the city's mail servers, but then he isn't being charged with breaking in to them either. Seeing as he ran the network, it'd probably be easy to sniff and read the email "on the wire" without breaking into a computer, since I doubt anyone in the city government used encryption.
Ok, now I'm being a bit nitpicky, sorry:), but how often do we compare email to sending postcards? Other than cellular communications, where else is it illegal to detect something broadcast in the clear?
We're getting the same sort of wagon-circling that we saw when Hans Reiser was charged. No one seems willing to admit that some of us "geeks" are self-important prima donas who border on pathologically criminal behavior. This guy is clearly a criminal. Of course, proper management would have recognized this behavior much earlier, and wouldn't have given him the keys to the kingdom, so it's a combination of a very bad guy and some very incompetent guys. There's no worse a combination.
It's guys like this that bring our IT occupations into ill-repute, by furthering their stereotype of Coke-swilling social retards on power trips. I hope they throw the book at him, and I hope that while he's sitting in prison he has time to ponder the fact that he isn't a god, but merely an employee.
The world's burning. Moped Jesus spotted on I50. Details at 11.
If Childs really was so damned concerned about the lack of skills within his own team, he should have been going out of his way to document his work, train the other staff and lift the standards. A person of that level of ability has a responsibility to raise the bar and his management should have known better.
Its obvious that his superiors are the ones largely to blame for letting this go one as long as possible but really, a person of Childs' skills/caliber could have done so much to turn the situation around its not funny.
Stories like this are a tragedy on multiple levels. Sad fact is though, this happens all the time in IT....
Let's leave out the legal ramifications here, and let's not go to the hysteria of "he's being thrown to the wolves to protect management" or "he's an evil hacker who shut down the city government networks."
When it comes down to it, one has to ask what Childs' job was. He was supposed to manage the network for the San Francisco city government.
As a result, he was supposed to implement policy as communicated to him by his bosses... but he also had the latitude to take actions to support the spirit of those policies where the right action was unclear. And yes, this is a Pollyanna-esque (is that a word?) view of the situation, but it leaves out the concept of malice as the driving force for either side - because it didn't start out as a plan to shut down the city.
Somehow it morphed into him becoming the sole support for the network routers, be it through arrogance ("I can't believe anyone else would do this right!") or being the only one available ("There's nobody else who works here who even understands the need!"), and at that point this became an incident waiting to happen.
So, either he refused to do his job (at which point he would have deserved to be fired), or his job was such that he was prevented from doing it (at which point professional ethics would have suggested his resignation - or at least, that's what engineering associations would have recommended in similar scenarios).
Instead, he stayed on and we have the current state of affairs.
Strike while the irony is hot! -- The Freethinker
Don't make ad hominem attacks please. I called the article one-sided, and merely presented a legal analysis of his case. I did not "rationalize" or "glorify" him. Truth be told, I actually tend to dislike IT geeks. They tend to be rude and have no personality and think they are smarter than everyone (which is usually not the case) and believe they are God's gift to an organization. Such attitudes should not be tolerated, regardless of how skilled an IT guy is.
With that said, government organizations tend to take a lowest common denominator attitude with IT departments. They don't pay shit, so the cheapest guy gets hired, often resembling a DMV employee. So I can see how a guy could get possessive about his network. He must know what the average city employee is like: Under-trained, bad attitude, and can't be fired due to unions.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
This analogy is spot on, and whoever modded it off-topic obviously is incapable of understanding the topic and shouldn't have had the keys to the mod-car in the first place.
Infuriate left and right
This is about power.
Reading the story, I get the feeling that this guy didn't want to protect "his" network. Instead he wanted to avoid getting obsolete or being replaceable. His main concern was staying in power and have the last word against his superiours he couldn't get along with.
It's that kind of guy who makes things overcomplicated and puts his hands on everything redundantly just to make others dependent on him. Remember that sentence about not writing configs to flash? That's exactly what he needed: Nothing works without him. (And I'm sure he was willingly risking that his oh-so-well-protected network could fail because he is not in place)
So this is not the type of guy I would want to administer my network. Neither is it what I would call an "expert sysadmin". It's just someone with lots of sysadmin knowledge. But he obviously isn't able to act like a professional.
If the article is right, the guy was on perpetual on call duty. Quite frankly, some of the things that are expected of certain IT people (and basically nobody else except the occasional doctor or military personnel) go beyond the realm of "merely" being an employee (and those other vocations are pitched as lifestyles rather than careers, as well). For folks in those positions, if you don't go a bit nuts about your work, you can't do it.
Yes, a lot of IT people are self-important douchebags. A rare few people really do matter that much, though. This guy seems like he might have been one of them.
I'm not defending what he did, but I do think there's a difference between someone like that and the random sysadmin who thinks he's Jesus just because you need him to reset your password. He's a bit crazy, but it seems like the position he was in might have reinforced that.
>>How can you possibly argue otherwise? Sure, he's the network admin, but does that authorize him to read people's email without authorization?
>Not at all. But then charge him with that, not some pseudo-terrorist computer tampering charge.
The Electronic Communication Privacy Act of 1986 protects administrators if "in the performance of their duty" they read email. Please note the date. If you are unfamiliar with it, you should be even if you're "just a user", no excuses.
He's an administrator. He's shielded.
Y'all should know that by now.
You should also know that if you store your email on company servers/isp servers, they get /less/ protected as time goes on, with most protection going to those "in flight" and least to those being stored for over a year.
If you have anything confidential, encrypt it and remove it from your provider's machines and store elsewhere. If you don't ever want the admin to see the email in flight, then end-to-end encryption. These days it's easier than the mid 1980's.
OB On Topic: I can see where he's coming from. A network administrator, if he's doing his job, gains a bit of paranoia. Sometimes that can become unhealthy, and it appears that he's crossed the line into "unhealthy". Criminal? I don't think so. It appears that he's been severely mismanaged by those who never understood "Mack Truck Syndrome". One guy for an entire city? I'm not sure who's crazier, the management or him.
--
BMO
He was in their employ. Once they asked for access and/or recinded his 'permission' and he refused to cooperate he became a criminal.
I'll be the first to admit that I don't know the entire story here, but since when is disagreeing with your boss a criminal offense?
What he did is inappropriate, but once they asked for access and/or rescinded his 'permission' and he refused to cooperate, he became a candidate for termination and perhaps civil liability. Whether or not he committed any criminal acts is up for debate. I think it's very dangerous to suppose that resisting your employer - even, no, especially if your employer is the government - is illegal.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Open source does not equal open data.
.sig withheld by request
In my experience, it's a rare company indeed whose managers can fathom the implications of a situation like this. In general, I'm unable to get management to even understand Rule Zero of system administration. Which is: Do everything you need to do to be drop dead certain that you always have a reasonable backup of your important systems. This doesn't sound too difficult, but in practice it's difficult to convince managers that an event that could happen with probability == 0.01 could ever happen...
"Not an actor, but he plays one on TV."
The only person on staff who understands the network is unavailable (forget why for a moment)... now the city must find someone else who also can understand the network before any changes can be made. This is a bad thing??
By making access more difficult (but NOT impossible, which is a very important point) this admin has forced the city to employ fairly knowledgeable people to maintain or change a network that, from the article at least, seems to warrant the skill of someone knowledgeable.
We don't know all the details, but we do know that #1 no outage has yet occured and #2 the equipment is still in place and can be reconfigured from scratch in the normal ways. This situation simply requires a skilled admin's touch to prevent any down time or inconvenience. Find one, and you don't have a problem.
Sure, this guy has overstepped his role and probably is not someone you'd want on your team, but he has effectively forced the city to utilize skilled people in a situation that seems to benefit greatly from using skilled people but a situation where skilled people all too often are not used.
It's not all bad, but there are hopefully better ways to accomplish the same goal. Why the hell is this guy in jail tho?
You seem willing to.
I'm waiting to hear the whole story.
.
modded +3, Informative.
but this attitude sets off alarms.
exposing a geek who despises his supervisors and is used to thinking of the server rooms as his personal playground.
how often do we compare email to sending postcards?
On the Cypherpunks mailing list, all the time. On Slashdot, I don't think I've ever seen anyone bring it up. Email is just that - a postcard. If you care about the privacy of your mail, encrypt it.
IANAL, but my impression was that, in order to be a criminal, you have to commit a crime. You're allowed to say no to your employer. And your employer is allowed to fire you for refusing to do the job they pay you for. If that's all that's going on here, well, then shame on the city for turning this into a spectacle.
Now, it's a different story if he tampered with the city's computer system to cause harm. But it's not at all clear from the stories if that's the case. My issues with the Reiser discussion were the same: we weren't getting the whole picture from the press, even though in the end there it turned out that Reiser really was a bad guy.
all networks once configured properly, run smoothly until they don't.
when they don't, there's one man who can fix it.
I can fully understand setting up a complex system and getting it working perfectly and then some other admin or consultant coming in and fucking it up.
when they fuck it up, you have to fix it. And you don't get bonus pay for that.
not only that, but network/system administrators have to worry a lot about whether management wants to can them simply because things are running so smoothly that they have nothing to do. Which is bullshit because half of the job is keeping up with current tech trends, learning new technologies, and protecting your network on a daily basis. I don't blame the man for guarding his creation jealously. When you start handing over the keys, you are no longer necessary. You get paid too much and this kid who just quit his job of six months from bimblebomble.com seems to know how to do what you do. And we can pay him a lot less and potentially cut out benefits.
They're using their grammar skills there.
The Electronic Communication Privacy Act of 1986 protects administrators if "in the performance of their duty" they read email. Please note the date. If you are unfamiliar with it, you should be even if you're "just a user", no excuses.
He's an administrator. He's shielded.
Shielded? Doubtful.
There is a big difference between "in the performance of their duty" and "because are able to do so, they felt like doing so and so they went ahead and did so."
You don't get it, do you? If you leave and management doesn't like you, any fuckups will be your fault. Doesn't matter who causes them. If I were in jail being prosecuted, I sure as hell wouldn't give my ex-boss the ability to fuck up further and then tell the prosecuter about it. At least, I'd get a lawyer to manage that interaction.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
It's guys like this that bring our IT occupations into ill-repute, by furthering their stereotype of Coke-swilling social retards on power trips.
On the other hand, the more people like this there are, the more employment I get. I may not be as technically capable as folks like Child seems to be, but I am able to work with large groups of people AND the work gets done and documented. I can turn a pretty penny because of how "Customer Service Oriented" I am and how well I document my work.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
This is total speculation on my part, but maybe they never asked him nicely for the PW. I could totally see the new security coordinator wanting to use him as an example to others, and threatening him with termination right off the bat.
(I hate slashdot playlets, but just this once, let us imagine the following exchange.)
Security Coordinator: I want all the passwords to the routing equipment.
Admin: Why do you need them?
S.C.: I'm not here to explain myself to you. Give me the PWs or you're fired!
Admin: OK
S.C.: So you're going to give them to me?
Admin: You haven't told me why you want them.
S.C.: That's it! You're fired!
Admin: OK, I'll go clear out my desk.
S.C.: Wait, aren't you going to give me the passwords now? Come back here! Don't walk away when I'm talking to you!
Admin: I'm sorry, but you're no longer my boss.
The End (?)
OK, a quick quiz! Did you spot the criminal act? Trick question! In this scenario, there wasn't one!
Or, maybe when the owner said they wanted something they own, he should have handed it over.
The city has a huge issue here.
This guy will have a hard time getting a job in the future, and a guy with his credentials commands a lot more than he is making right now.
If it turns out that the facts of this case are far from the original story, and nobody from the city is stepping in to correct it, then SF is in the same situation as the US when Ashcroft pointed the finger at the Anthrax guy (who recently won a big chunk of change for the false accusation).
Something tells me that the wheels of government turn slowly enough that even if they wanted to correct themselves at this point, they won't until well after the publicity is over.
Engineers take the work so *personally*. "No one can touch that code but me... " blah... blah.
I dunno. There's a fundamental difference between someone being naturally protective over their work and someone who volunteers to be on call 24/7 because he doesn't trust his coworkers with the passwords.
I've been in both positions. Shitty political situations where I hand over documentation and walk out the door with my head held up. And as the guy who comes in to inherit the mess when the "indispensable guru" quit.
Neither situation is really all that life-threatening. Nobody is really indispensable.
I don't believe for a second that the guy was irreplaceable except for the passwords that he intentionally withheld. The city could easily make a call and have an even bigger Cisco genius on site within a week. (After all the Bay Area is where Cisco is HQed.) A legend in his own mind.
Business. Numbers. Money. People. Computer World.
Yes, he may very well have bordered on "pathological criminal behaviour", but that is what is expected of employees. It is necessary to exhibit exactly that behaviour if you wish to successfully rise through the ranks.
I dislike that, and believe it is one incredibly unhealthy attitude - tied utterly to America's Puritan "Work Ethic". However, that is neither here nor there. The guy is a product of such attitudes. If he is a monster, then Herr Frankenstein bears the greater responsibility.
That does not make him blameless. It means that he is culpable only to some degree below 100%. Punish him for that percentage he is culpable. Fine. But it means there is also a non-zero component of responsibility elsewhere, which should not go unpunished, and that there is a non-zero element of illness the guy has developed as a result, for which he should be treated.
In any such system, blaming one person is extremely easy but utterly futile. It doesn't fix the underlying problems which made the failure possible, and the ultimate problem is invariably the mental illness prevalent in modern management methods.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
That law is there to make it possible for administrators to do their work. If you are working with emails, and you happen to see a few, you don't go to jail for it.
But monitoring his bosses' email so you can tell what they are saying specifically about him is highly unlikely to be in his job description, and thus he is not protected when he does that. Nor should he be.
http://lkml.org/lkml/2005/8/20/95
"He's still a criminal."
You might not know this but he hasn't been convicted of anything yet so at the moment he is an innocent civilian
"He was in their employ. Once they asked for access and/or recinded his 'permission' and he refused to cooperate he became a criminal."
That's not true at all unless he accessed the computers after being told he was no longer authorized to access them or tried blackmailing then or something then hes not a criminal
It's only illegal if he access something hes not authorized to, blackmails them, or something else
Say someone has a keypad on a garage door to open it but they never use it cause they have a built in car garage remote or access from the house and tell you you can program its code whatever you want and you can go into their house. Then later they tell you you cant go into their house and that their keypad can only be reprogrammed with knowing the old code so they want you to tell them the code so they can reprogram it. It would be legal to refuse to tell them the code but it would be illegal to after having your authorization revoked to either go into the house or use the keypad.
Also you must be from some strange country because in the U.S.A you don't have to even talk with anyone(except military and some legal things but you still never have to incriminate yourself) in fact he could refuse to tell them if he even knew the code and let them prove it. Also in the U.S.A its legal to not answer any question the police might ask(unless given immunity from prosecution or a few other special circumstances) the first thing to say i need a lawyer
"This guy is clearly a criminal"
It's only clear that he is a bad person and he was not only authorized to access and/or modify everything he did he was being paid to.
They people who broke the law are the cops that interrogated him telling him he has to tell them something or else he is gonna be arrested is extortion because its not legal for the police to make you incriminate yourself. This is like the police seem to think its legal if they suspect someone of a crime to tell them they had to give evidence against themselves or they would be arrested even though they don't have any evidence. Like "Police officer: we know you have a detailed confession on your computer so tell us the password or we are arresting you for murder"
He is only a criminal if he did something like he tried blackmailing them or logged in after being fired or something like that.
also the D.A seeking and the Judge agreeing to set the bail at $5,000,000 bond is atrocious and i hope the D.A gets disbarred or disciplined and the judge gets punished as well because there is absolutely no excuse to set the bail that high on a case like this its despicable because there is no evidence he ever maliciously destroyed anything on the servers but there is evidence that he is incredibly protective over the network he set up and they could just have part of his conditions for bail be that he doesn't connect to any of the cities network
and if the D.A and judge honestly think he setup something so in case he was fired it would start trashing shit then they must be stupid if they think they could stop it because he set the network up really complicated so there could be a dead mans switch program running hidden somewhere maybe even inside another program that will start wiping things from servers
It seems that both his co-workers and his management recognized his considerable expertise. So, if he thought that he was working with incompetent freeloaders, then he probably was right. This has nothing to do with primadonna status. The problem here is workload and responsibility.
I support several hundred servers and two of my backups are telecommuting from the west coast. Their Unix expertise is limited to creating user accounts, pushing power buttons, and sending me emails with stupid questions. I don't go so far as to lock them out of "my" servers, but I do my best to keep these two characters busy in their sandbox.
This has nothing to do with my (admittedly very considerable) ego, but has everything to do with me being able to enjoy weekends without being called to fix various problems. When something breaks, the ops calls me and not the two clowns in California. Any problem - big or small - they will find me, wake me up, drag me into a telecon, where I would have to fix the problem while simultaneously explaining to them how I did it and answering "are we there yet" questions from various random managers who couldn't sleep at night.
I would love to have a colleague whom I can trust to do upgrades and architectural changes, so I can spend more time fishing. The way things are right now, I am forced to keep other sysadmins at an arm's length just so I don't have to work even more hours (for which I am not being paid) to clean up their messes.
"Sure, the odds are 1000:1 against that I'll be hit by a bus, but there are a lot of ways disaster can strike, and they add up. You willing to ignore 5:1 odds? How about 10:1, or 15:1?"
This is why technical people need to strive to learn to have relationships with supervisors of a non-technical bent. From reading the article, it seems that Childs' demeanor meant that he could easily be dismissed as the brilliant-but-whacked-out-network-curmudgeon. Fair or not, that means that all of his concerns could be waved off as paranoia (for instance, him trying to get an information security policy in place). Unfortunately, the wisdom of our caution only becomes evident when a disaster occurs or is narrowly averted (e.g. "Thank God we backed that data up!").
On the other hand, non-technical managers should learn to not instantly dismiss the concerns of technical people as unlikely or unrealistic.
As a system administrator - oh I assure you, they ~can~.
Now whether they can use anything they found in there to assist police in their prosecution of someone, or whether they can even publicly or privately even admit that I did it is another story - but admins can look, and some do (I don't, out of personal conviction.)
Trust me on that. And they remember what they see.
Glonoinha the MebiByte Slayer
Yah, I agree it he probably is a huge jerk and should've given up any passwords or other info when he was canned, just out of professionalism(and maybe a little "here's the knife, cut your own wrists").
Granted this is all speculation but I could see him feeling he was in a no-win situation. If he gave them the passwords and documentation and they fucked up the network they'd come after him claiming he sabotaged it. If he didn't, they'd claim he was holding it hostage. If you were in that situation (or just felt like you were), which option would you choose?
"I know someone who worked on the cisco side with this guy .. The dude was threatening co-workers"
What was the name of this someone, who did Terry Childs threaten, what was the nature of these threats?
davecb5620@gmail.com
.I did a little digging, the story just doesn"t jive. Childs is a CCIE functioning as the netadmin. The routers were his dominion and responsibility. He was probably the highest level Cisco certified professional the city has or has ever had. Being in charge of the routers it would flow that a big part of his job was the network security. Apparently the city recently hired a woman to fill a newly created security position. She wanted Childs to open up the routers to the other admins which brings up the point that this can't be guilty of what they are accusing him of as he did not take over access from other admins they never had it. The router configs were technically complex and he simply didn't want to risk the integrity of the network by allowing access to them by personel lacking the proper certification to fully understand their configuration. How many techs out there have set up systems and configs gotten them working perfectly only to have some other tech with only enough knowledge to be dangerous louse everything up. This guy was simply doing his job of protecting the network he setup keeping it as secure as possible. It sounds like any other IT professional that a hands on tech type not a managerial paper tiger that thinks they know it all, he took great pride in his work.I haven't found the qualification of the new security official but I would lay odds that she is no CCIE. She came into the place like a bull in a china shop insulted and threatened this guys child (he designed, installed and did the setup). That after this, he did not respond well to her could be expected.Most It guys at this level are basically quiet nice people with a bit of a temper that comes from stress levels others can't understand. The type that blow-up and cool off when threatened, probably a work a holic. A dedicated net admin. Hers this newby coming in and wanting access to dominion given to a slew of people that he knew full well did not have the ability to modify the configs correctly as they did not have the training or understanding of the full scope of the setup. Her request if honored would jepardize that sanctity of the network and being on call 24-7 also jepardize any free time this working stiff had. The fault here clearly lies with the administration and the new hire. Tech heads are not always the greatest personalities they spend their time talking to and taking care of machines but I don't find any malicious intent on this guys part he was just trying to do his job, serve and protect the network. He didn't block access or change anything they never had it in the first place. This guy should of gotten a raise then been called in to meet with everyone to give his input on the new security policy prior to implementation to address any suggestions or concerns. Fire the upper management , get rid of the new security person trying to push politics into the tech-head arena, promote this guy, get him to hire a few competent CCIE or CCNA's to assist him and rest peacefully knowing the city is now safe from morons. This guy did not do anything wrong if you want to force the issue the absolute most he can be accused of is insubordination for failing to follow the directives of the incompetents above him, period. I hope he sues these guys.
Consider mentoring. The God complex management style rarely works out well in the end.
They don't pay me for tutoring my colleagues. I really wouldn't mind sharing access and explaining a few things, if I see that the person has a good understanding of the basics. At some point my employer decided that hiring competent sysadmins was a luxury they could no longer afford. I don't have a slightest desire to remedy the situation at the expense of my free time. When I eventually decide to move on, I will gladly share all the configuration details with anybody my manager designates as my replacement. And then I'll change my phone number.
You're a twit. People learn by making mistakes. As senior guy it's your job to create learning experiences (situations in which your backups can make mistakes without doing serious damage) to teach them the concepts of the care you take when doing your work.
If you're not training them and you're actively denying them the ability to make the same mistakes you did once, you're doing yourself, the company and them a disservice and an unprofessional job.
+++OK ATH
I see it the other way around. "I'm the best, and I always will be" attitude is often used by good technical, but socially-immature, admins who have no people skills.
In the long run, the company would be better with an admin who both has and is good at both technical skills and people skills, and you know it. Are you worth more to your employer if you can both admin machines and also get along with co-workers? Hell yes. You'll see this very clearly if you're ever asked to manage a large group of people.
You may choose not to be that good an employee, but all that does is hurt your team, your company, and ultimately you, sooner or later. You're smarter than that.
Plenty of examples in professional sports -- even though there are definite superstars there, supported by measurements and statistics (how many admins are truely measured?)... The teams that win work as teams, and the superstar works with his teammates, not aloof from them.
Grow up and play nicely with others in the sandbox, and lose the big head. You'll go further.
It's likely that some day in the future you'll want to advance beyond technical work, and perhaps even you'll enjoy managing a team of young fiesty whippersnappers such as yourself with over-inflated egos too, because you'll remember when you were infallible.
+++OK ATH