There is nothing wrong with leaving a company if your principles tell you to do so. The are many acceptable reasons for leaving, not just political ones. So, I suggest finding another job before you resign. If you can find a better oppertunity take it. Good luck; the market is tight.
'ken' A Question wrote: > Greetings, > > Beg your parden for sending, but I could use your > advice. > > I have been reading this list for some time and have > benefited from it. There are some good minds on this > list, and a lot of experience, so I submit my question > to you seeking your perspective. > > Before I begin, I want to tell you that I have already > made up my mind weather to resign or not, what I am > needing is perspective as the company I work for is > the only one I have worked at as a Systems > Administrator, and the only one that I have been > responsible for securing the system. > > The security for the network and servers I administer > is NON-EXISTENT. This is not only fine with my > superiors, but I have been told to not work on > security anymore, as it is "un-important". The CEO > thinks that it is secure because my CIO lies and tells > him that it is. > > Here is some background. We have approx. 14,000 IP's > in a stub network (only one way in or out on the > router). Since those IP's are mostly used to host > virtual hosts, there is over 100,000 total paying > customers that depend on our systems being secure. > > We tell customers and the CEO that we have a firewall > - it's a lie. > > * WE HAVE NO FIREWALL ON OUR ENTIRE NETWORK. > * WE HAVE NO INTRUSION DETECTION ON OUR SYSTEM > > We use Linux and Windows. Windows is even more > pathetic as we depend on hotfixes and Service Packs as > our ONLY form of Windows security. They won't let me > put Snort on it, and they won't buy Black Ice, or > anything else. > > To top this off, the CIO refused to let me apply > Service Pack 2 to Windows for months after the > release. I brought it up every week at our management > meeting. Finally, several Windows machines were > compromised so that the cracker had admin level access > for weeks before it was even detected. This would > have been prevented if they would have only let me > apply SP2! The CIO kept saying that he could hear me > saying "I told you so". The CIO lied to the CEO and > said that it was not a Admin level intrusion, but > merely a rouge FTP account used for Warez. The > cracker could have formatted the drives with data at > any time! > > It gets even worse than this, but you get the idea. I > prevented Nimda and Code Red attacks even while > everyone else was wondering what they are. > > Do they promote me? Reward me? No. Apparently, they > are too embarrassed as my CIO and Managers that they > are incompetent in security (they setup up the systems > this way, after all), and seeking to keep me quiet, > they demoted me so that I wouldn't be responsible for > security anymore. As far as I can tell, the only > reason I was promoted to Security Manager was so that > they could have a fall-guy when things went wrong "How > did they do that? Weren't you doing your job?". But > when their scheme backfired and I actually did such a > good job that their position in front of the CEO was > threatened, they decided to keep me quiet. > > Am I being paranoid? Am I overacting? Your > perspective from your experience would be greatly > appreciated. Also, after I leave, should I send a > letter to the CEO about this? > > > Thanks > > > > __________________________________________________ > Do You Yahoo!? > Send your FREE holiday greetings online! > http://greetings.yahoo.com > >