My hacker story does not paint me in the best light, and it is not intended to. I am a firm believer in sharing one's mistakes and being open to learning from them.
My incident taught me so much, and many years later, I am still benefiting from the learning opportunities. As the wise quote goes, "We have met the enemy, and they are us" — a sentiment that perfectly sums up my experience.
Watch the full video here:
People make mistakes, sometimes the mistake is giving a young intern full admin rights — a decision akin to handing the keys to the kingdom to an overzealous child in a candy store. Other times, it is an intern who can make a seemingly small error, like misplacing a decimal point, which can lead to a catastrophic impact rivaling the sinking of the Titanic (well, perhaps a tad exaggerated, but you get the idea).
Some may refer to it as an insider threat, not the error itself, but the steps taken to cover up the error. Better controls should definitely have been in place, and by doing so, things could have been identified and addressed properly — like a well-oiled machine, rather than a chaotic circus act.
But the biggest takeaway from this for me was that if you have an environment where someone is scared to own up to a mistake or fear being disciplined, they will find ways to avoid accountability... some of which may even involve sabotaging systems. It is a slippery slope that starts with a harmless cover up and ends with a full-blown cyberheist worthy of a Hollywood blockbuster.
I recall an incident where a junior analyst, let's call him Nigel, accidentally deleted a critical database during a routine maintenance task. Instead of fessing up, poor Nigel spent the next three days frantically trying to restore the data from backups, all while concocting increasingly elaborate lies to buy himself more time. Needless to say, it did not end well — the backups were corrupted, and Nigel's web of deceit unraveled faster than a cheap sweater. If only he had felt comfortable enough to raise the issue early on, the entire debacle could have been avoided.
So, while technical controls and robust procedures are always important, it is far more important to have an empathetic culture where people do not feel vilified for errors and have supportive management. An environment where Nigel could have simply raised his hand, admitted his mistake and received guidance rather than judgment.
In the ever-evolving world of cybersecurity, fostering a culture of open communication and psychological safety is paramount. Because at the end of the day, we are all human, and humans are bound to make mistakes — it is how we learn from them that truly matters.
