CheeseBadger Posted May 15, 2013 Share Posted May 15, 2013 Morning all, long time lurker and all that... I've got a bit of a situation and I'm curious to get opinions on how to deal with it: I'm currently a network admin for a large enterprise network. I'm responsible for LAN/WAN, firewalls and ever more increasingly, security work. I've always had an interest in security and I've been lucky that I've been able to legitimately incorporate elements of it into my role. HOWEVER, I'm currently job hunting, looking for a skill/responsibility/salary increase... I've recently applied for a job that is pretty similar to my own, but with more responsibility, and it sounds like a greater emphasis on InfoSec work. Whilst I've been Googling the company in question to try and find out more about them, I've happened across documents that would constitute (under UK law) a breech of the Data Protection Act. I hasten to add that these documents were found with nothing more than Google and some targeted searching - an employee has been using a website that allows company documents to be uploaded, but they are not in any way protected from public viewing. I have not mentioned or passed this on to anyone else, but it includes names, addresses, phone numbers, emails and financials. The flipside of that, is that the employee responsible is easily identifiable, and could potentially wind up in a whole boatful of trouble. What would you do about it? As a non-employee, would you even bother bringing it to their attention, or just keep quiet instead? Or sit on it in the hope of being invited to interview and being able to present it as an example of why they need my skills? Or just contact the current IT manager and bring it to his attention in the hope of prompting an interview? I'm not interested in disclosing it to the world and prompting a sh*tstorm, but regardless of whether I ever even get the job, it is something that should really NOT be in the public domain. All thoughts appreciated. Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted May 15, 2013 Share Posted May 15, 2013 If you are going for a job there then public disclosure would almost guarantee that you wouldn't get hired. Personally I would just contact the IT manager or CIO (depending on size of company) and bring it to their attention. I would also make sure that in the communication you send them that you state clearly that you found them when researching the company in preparation for applying for a job. That way it spells out that you weren't trying to find secret stuff, Google just gave it to you. Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted May 15, 2013 Share Posted May 15, 2013 (edited) Whilst I've been Googling the company in question to try and find out more about them, I've happened across documents that would constitute (under UK law) a breech of the Data Protection Act. I hasten to add that these documents were found with nothing more than Google and some targeted searching - an employee has been using a website that allows company documents to be uploaded, but they are not in any way protected from public viewing. Who's to say you're the only one? I don't think it would make any difference! Its out there already in cyberspace. This would be a great door opener for just as long as you clearly explain your intentions, in my opinion. I have not mentioned or passed this on to anyone else, but it includes names, addresses, phone numbers, emails and financials. The flipside of that, is that the employee responsible is easily identifiable, and could potentially wind up in a whole boatful of trouble. He's going to get canned either way. Edited May 15, 2013 by logicalconfusion Quote Link to comment Share on other sites More sharing options...
CheeseBadger Posted May 16, 2013 Author Share Posted May 16, 2013 Just as a follow-up to this: I already had the name of the Head of IT, and I managed to locate his email address as the DNS admin contact. I sent him an email to tell him what I'd found, but without going into specifics. He replied, and I then phoned via the main office number and asked to be put through to him to discuss what I'd discovered. He seemed appreciative and thanked me for letting him know. We didn't discuss the job application any further, and I didn't want to push the issue. Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted May 16, 2013 Share Posted May 16, 2013 (edited) @CheeseBadger that's so stupid. push the issue? Send him your CV and resume! What do you think he's going to do even if they're not interested? It's not like you're ask him to pet your badger. You're just looking for cheese like the rest of us. I've been to several interviews just so I can meet IT professionals and managers, knowing they're looking for someone else. It's a great way to network! I'm not shy. Edited May 16, 2013 by logicalconfusion Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.