Enemy at the water cooler

Enemy at the water cooler

Summary: I just read Brian Contos’ new book “Enemy at the water cooler”.  It is a compilation of his war stories from the field regarding security.

TOPICS: Security

waterCooler.jpgI just read Brian Contos’ new book “Enemy at the water cooler”.  It is a compilation of his war stories from the field regarding security. It is a must read for anyone who worries about the fact that they have extended almost complete trust to those that have the most power to do damage: insiders. While a lot of Brian’s experience comes from his position as CSO of Arcsight and he often uses his stories to demonstrate the power of Security Event Management and its ability to discover misbehavior and provide after the fact forensics, there is no heavy marketing message in his book.  Rather, it is an eye opener to the world of human behavior.


In our weekly IT-Harvest Threatcast I asked Brian to comment on a few of his war stories, starting with the US telecom company that was being targeted by Private Investigators who were attempting to get customer records from their teleoperators. I thought that was pretty topical considering the mess at HP.  The telco had a policy against giving out this type of information. But the activity monitoring they were doing indicated that a few operators were getting calls directly to their numbers and they were accessing multiple customer records during that call. This led to finding the insiders that were actually taking money for leaking customer information.


The first chapter of “Enemy at the water cooler” has a section titled “Cyber crime and cyber criminals 101” which struck me as the best depiction yet of what has occurred in recent months to change the security game.


Hear more of what Brian Contos has to say by clicking here for the podcast.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • well what did they expect?

    I'm an old guy so my old-fashioned values prohibit me from stealing so much as a pencil from the fella that signs my check.

    BUT ...

    The last three or four generations of workers, operating under the new "truth is relative" message from the NEA, Planned Parenthood and the other uber-liberals, and having been subjected to the modern management version of vapor-loyalty, merely assume that the "new truth" is that they are "entitled" to get as much as they can for themselves JUST LIKE THAT CEO/CSO/C** JERK AT THE TOP who is just going to fire them all to get his next bonus anyhow so who cares?!?!

    Oooohhhh ... harsh?

    Well let me tell you something. I've been in the work force over 30 years. I've seen stuff that makes you cry and curls your toes; and that is just the management antics. So. While I refuse to participate in robbing the company, I have a hard time faulting the younger people who are figuring if the C** can do it why can't they!

    And robbery is precisely the word as the pay ratio has progressed from 7:1 (back in the 70's when I started working) to 250:1 or 300:1 (current AVERAGE according to the Wall Street Journal). And don't think the younger folks haven't figured that one out; it doesn't take much more than modern math to see the finagling. So what's new is what's old: What's good for the goose is good for the gander. In other words, while the C** is stealing it from the top, the younger folks figure they can steal it from the bottom. Modern morals ... gotta love 'em. NOT.