Questions

Moral Dillemma: Bad IT Manager is Everybody's Hero, Where Do I FIt In?

+
1 Votes
Locked

Moral Dillemma: Bad IT Manager is Everybody's Hero, Where Do I FIt In?

Arctic.Moet
There's a question in all of this, sorry for the long, long post but the details need to be hammered out, the picture painted.

He was the hero of the organization,. Not only did he manage the IT Department, he was the IT Department. Although it is a nonprofit organization, it is contracted by the government for environmental regulation and in its golden years it had an impressive budget for IT for which this man was 100% in control of. He made all the decisions, he oversaw all the systems, he did all the purchasing, installation, maintenance, and support. He built an impressive database in SharePoint 2003 when it was shiny and new, and took a collection of small offices that had nothing in the way of technology beyond a fax machine and turned them into productive technology-rich environments using some of the latest business software with no expense spared. (SharePoint, SQL Server, Windows Server, ArcGIS, all brand new, not even including the hardware!).

He came to work in suits, he put insane hours, he was brilliant and motivated and everyone depended on him for everything IT. He'd go to your house and fix your computer for you if you buy him a beer,. He was also an all-star athlete, avid outdoors man, good-looking and his mid-thirties when I joined the organization. At that point he was on his fifth year there. King of IT.

Well, the King's empire grew over time and he was overloaded, so I was hired to ease some of his burden. My background on paper wasn't impressive; I was a secretary basically, a data entry clerk. That was all he wanted. I was given the menial tasks he detested, like data entry, tidying up cords and cables, making coffee, answering emails. I was 28 years old, pretty, single, just growing out of the party girl stages and there was a mutual attraction/flirtation. For about ten seconds. Until I made a huge mistake one day and let him know I wasn't an idiot. In a conversation about programming I started babbling about the company I worked for under my dad, where I programmed and operated industrial robots, and I showed him the programming language of the robots, thinking he'd find it interesting as it compared to DOS. No sooner had the word "DOS" left my lips, he was regarding me with cool suspicion.

Shortly after he went to the powers that be and said he felt I didn't have the skill necessary to help him, and I'd be more useful as a filing clerk, and so I was banished to the filing room for the next couple of years, baffled as to what I had done wrong. Also, I was treated like an infectious program, completely quarantined, not allowed to so much as glance at a PC in the company. It was miserable, but I needed the job so I took it. Did I mention he was also best friends with the HR Manager, and my new Manager, and that they were drinking buddies?

Time moved on, and the King fell. Gone were the suits. Ripped jeans and flannels were the norm, as was coming in late, hung over, often sneaking into the server room to sleep for hours at a time. The systems he implemented new were now dangerously outdated, his backup practices were nonexistent. Since his bosses were his friends, he was allowed to make his own hours, and to have complete control of the network. By this time I was filing in billing, and noticed that we were way over our bandwidth usage on our bills by several hundred dollars' worth every month consistently.

In a staff meeting he was asked about this by the Executive Director. He was asked "Can we tell where this usage is coming from? Who is using it?" to which he replied "No", spinning some jargon to the ED, who, like most everyone at the company, was not tech-savvy. I blinked, shocked. He had straight-up lied to his friends' face. Of course he could find out where the usage was, he was the goddamned system administrator! I could have, if they gave me five minutes at the server or ****, any computer in the network! Fuming, I bit my tongue. Good, I was glad he was a lair; they deserved each other.

Long story longer, the King and the ED had a falling out over a girl, so the good times were over forever. The King finally quit, leaving without training anyone to take over for him, no hand-off of passwords or accounts, no tutorials just... gone. Panicked, the organization turned to the only person who even knew what a server was - me. Suddenly, overnight, the file clerk was now the system admin, much to the amusement and mirth of King, who wrote several emails detailing how insulted he was that they believed an idiot like me could possibly fill his shoes (and copied me, just to make sure I was aware his opinion regarding my abilties, which was pointless because, how did he expect me to read all those big words?)

I was a quick study. I untangled his webs, dusted the cobwebs and dust off his old machines and I made everything function. I learned his system, improved it, then replaced it. I hunted down his rogue Admin accounts and terminated his access to the company (he was still logging in long after he quit).

So, here's the dilemma and the question now. I discovered the bandwidth usage problem(s). Several torrents running on all four servers, in his secret little niches, uploading and downloading astronomical amounts of media files (TV series, music, movies, porn, you name it), more than one person could possibly watch in a lifetime. He was positively addicted, and a hypocrite. Torrents and P2P software was strictly prohibited. Not only did he contribute to the overages, but was solely responsible for them, to the tune of roughly $200,000.00 that I can clearly document.

What do I do with this knowledge? I am alone in this discovery of a long trail of paper outlining several years worth of lies and misuse of everything ranging from company funds to users' personal information. I mean, this goes beyond misuse, this is plain theft and fraud in my book, and criminal on many levels. Problem is he's still a hero to most everyone here, still a personal and social friend. There is a good chance he may come back to consult now that he has his own company, or work with partners of ours. I may have to work with him again, so I have to be careful where I step and to whom I turn.

I am at a loss. What should I do? What can I do that won't cost me my new career?
  • +
    0 Votes
    OH Smeg

    Obviously kill the crap and then do nothing.

    If however you are asked provide full documentation of everything and say nothing.

    As for the rest you do exactly what you are told to do and Document everything. This after all is what a System Admin does so do your job to the best of your ability and do not draw attention unnecessarily to yourself. IT is a Service and as a Service Provider you need to provide that service and not get involved in Office Politics.

    Col

    +
    0 Votes
    gechurch

    I definitely agree that you should document everything. Document what you found, when, the dates the files were put there, a list of all the people that had permission to save files there, and a list of the owner of the files.

    As for what to do next - it depends how you think the powers will react. Management at some companies is great. They want to help, they want to make sure everyone is doing the right thing by the company and they want to see the company prosper. At other places management are self-interested, are happy to screw over the company if there's something in it for them, and don't want to hear about problems; they shoot the messenger.

    What is the management like at your company? I'm guessing it's neither of these extremes which is why you are asking the question here. If it were me, I'd have a quiet word with someone in management I trust. I wouldn't say "the previous d***head was dodgy and cost us $200k". I'd instead say "Since I've taken over I've found some concerning [or 'legal' if you prefer] issues regarding the previous IT manager's bahaviour and I'm not sure what to do about it". The person will likely either say "He's gone now - I don't care" or will ask you to explain. If it's the latter do so, but don't overstate anything or draw any conclusions; leave that to the manager. You'll likely be asked to present a full report to the whole management team, so take your documentation and deliver it factually (again, avoid drawing conclusions and avoid emotion).

    A good dialog with management would be:
    You: "When I took over I found several torrents downloading 24 hours per day. At the current rate, these downloads will be contributing around 200GB per month to our Internet usage. The downloading is happening under the administrator account, and looking at the file dates seemed to have started around February 2009."
    Management: "Who had access to the Administrator account?"
    You: "The previous IT Manager was the only person who knew that password."
    Management: "What sort of files was he downloading?"
    You: "Most of the content are commercial movies, music and pornography"
    Management: "Isn't that illegal? Doesn't our acceptable use policy prohibit this?"
    You: "Yes it is illegal, and our acceptable use policy explicitely prohibits use of BitTorrent, and also explicitely prohibits the download of copyrighted material"
    Management: "When did we start going over our Internet usage?"
    You: "February 2009"
    ...

    Perhaps I'm wrong, but in my experience if you mention the potential for inproper dealings, but let the other person 'discover' it for themselves then they will accept it, whereas if you go and say "look, look, I've uncovered all this illegal stuff the previous IT guy was doing and he has cost the company $200k in Internet usage" some people may be less accepting (thinking that you are exaggerating, and trying to smear his name for personal reasons).

    I must disagree with OH Smeg's suggestion of deleting it and doing nothing. You have uncovered a breach of company policy and common law. If you knowingly cover it up, you are now an accessory to that behaviour (I wouldn't be surprised if your acceptable use policy dictates that you must inform someone of breaches). If you are really concerned that management will shoot the messenger, then an alternate approach would be to email a report to the management team regarding the transition from the old guy to you. Include things like passwords and documentation that are missing, list hardware that needs replacing or soon will etc and "hide" in that report what you have found regarding the torrents ("eg. I have found several gigabytes of movies, music and other content that appears unused and should not be on company servers. I intend to delete this content to free up space in one week."). That reads like generic house-keeping that management will likely skip over.

    Personally, I really don't like the second approach. I think open, honest and clear communication is the only way to go here. If you do that, then expect people to have a newfound respect for you as being someone they can trust.

    +
    0 Votes
    OH Smeg

    Hum I didn't say anythign about deleting it I said kill it meaning stop the File Transfers but Document Everything.

    As there was no mention of any Disc Space Issues I didn't even suggest deleting it but I did suggest to not go out of your way to inform people as with the way that things are described it will sound like sour grapes and make the OP here sound as if they are attempting to cast blame on the previous person while not being in a position to prove that they did anything wrong.

    It's always possible that the previous IT Guy was instructed to do this by some senior management type or maybe even was in a position where they knowingly allowed someone else higher up the food chain to perform things that are downright criminal under direct instruction.

    If that is the case the OP here will not be doing themselves any favours talking to anyone and make them look like they are Self Serving at the expense of the company/business or whatever.

    Never a good position to be in. The simple fact that the downloads have stopped and the excess usage has also stopped will cause questions to be asked and then is the correct time to tell those who ask what has been happening but under no circumstances accuse anyone of doing anything wrong unless you can Prove in a Court of Law that what oyu are saying is right. Deformation Cases can be launched against the ones making claims that can result in effectively ruling yourself unemployable and broke forever so it's always best not to become involved.

    You just say things like as this is outside our Acceptable Use Policy so I stopped it. It's always possible in a small organisation that you will be approached by someone very high up the Food Chain wanting to know what's happened and why did their Pet Project suddenly stop working.

    If you accuse anyone without Proof Positive you are making allegations that you are unable to prove and things like that will never make you look good in the long run and to make matters worse the OP here already has a History of them being accused of not being capable of doing the job that they are required to so making any noises to the wrong people will not be in their best interests.

    Doesn't matter what's right or wrong under those circumstances just telling the wrong person can cause a world of hurt that you never fully recover from. The worst thing you could do under these circumstances is make a noise you need to stop the wrong things from happening plug any holes that you find and answer questions that you are asked.

    Doing anything more will be seen by at the very least one person as you playing Politics and the reality is that most likely many will accuse you of that and also of planting evidence to make yourself look better than you actually are and build yourself up at the expense of the person you replaced. Not good for anyone

    +
    0 Votes
    tbmay

    Unfortunately I agree wit Col. I can't say I like the approach. It's just a simple matter of needing to pay the bills, Sometime you absolutely can't avoid office politics. But as long as a clinical approach is there for you, you'd probably be best just sticking to it. Definitely try to put any animosity you have for the guy personally aside. BUT....make sure you keep your documentation.

    +
    0 Votes
    gechurch

    @OH Smeg

    I wasn't trying to have a go... just mentioning that doing nothing is an approach that may get the OP in trouble. The approach I suggested will not make the OP look self-serving, it is not being a whistle-blower, it is not accusing anyone without Proof Positive, and it is not going to the police and causing adverse publicity. I was very careful to write a response that would avoid all of those negative things. By approaching someone in management she trusts and mentioning the issue vaguely and non-accusitory it then places the onus on the manager to decide what to do. The OP then just becomes a pawn folliowing what management tells her to do. And most importantly, it ensures she meets her moral and possibly legal obligations (the acceptable use policies that I've seen generally do have clauses requiring you come forward if you are aware of any breaches).

    Imagine if the OP does nothing, only to have the breaches discovered down the track. That would be a hard position to be in. The guy presumably broke the companies acceptable use policy, and definitely broke the law, and in doing so cost the ompany $200,000 in excess Internet usage. I sure as **** wouldn't want to explain to my boss why I decided to keep this information to myself. "I didn't want to make waves", "I didn't want to be seen as playing politics" or "I was afraid management was involved and I'd get in trouble if I asked questions" will look like some pathetic excuses if it gets to this stage.

    +
    0 Votes
    OH Smeg

    Maybe it's the way that I'm read the OP's story here.

    They have worked at this place for quite some time and have been relegated to the Nothing jobs and everyone is told that they are incapable of doing the limited job that they where employed to do and now that have been thrust into the position of replacing the person that they where employed to help and according to that person was incapable of helping.

    Also as the previous guy was so well liked and has now setup shop for them self I read things as the OP is expected to fail and then can be got rid of and replaced with the previous guy who is now a Freelance Consultant at higher pay than what they previously got when they worked there. The OP also lacks any support from their Immediate Manager and everyone is sitting back watching waiting for them to mess up.

    Personally I think it's a No Win Situation and if it was me I would have walked a long time ago and left this place to it's own devices. However the trouble here is that they stayed put and now want a way out of the situation which is at best a mess.

    From my reading of the above I feel that the situation has been engineered to make them fail and almost anything that they attempt is going to be meet with problems so they have to step very carefully. Sure if the OP is getting the necessary support from their Manager approach them with what they have discovered but also make very sure that all of the Back Doors have been shut and Bolted.

    If she was to approach the Manager and then the File Transfers restarted it will be claimed that it's she who is responsible and it's end of story there is the door and don't let it hit your Arr$e on the way out.

    If that the case she has very little in the way of options and I would guess very little in the way of directions either. If that's the case just going to the wrong person is writing your own demise with a reference to suit which effectively means no more work in that sector ever again as you have a Reputation which you most certainly don't want or need.

    It reminds me of Terry Child's who as far as I'm concerned didn't do too much wrong and while there where things like intercepting others E Mails which I would personally have avoided he pretty well did what he had been instructed to do. I know from personal experience that when approached by those higher up the food chain and told to do things that they do not have the authority to insist on happening you are immediately between a Rock and a Hard Place. Personally if I where Child's I wouldn't have handed over the passwords either but I would have immediately sent Documentation to the Person who is Responsible and passed along the required information and at the same time resigned. It may not have prevented me being jailed but at the very least I would know I had done the correct thing and could have done no more.

    However here as I read things she has no direction and no real supervision and those who are in control have no idea of what is actually involved. Attempting to teach those in-charge while at the same time plugging the holes and stopping the breaches from my Experience is not possible.

    But then again I may be reading things completely wrong.

    Col

    +
    0 Votes
    Madsmaddad

    You may need to show it as proof..

    +
    0 Votes
    Charles Bundy

    Negative. If she backs it up she has to store terabytes of MPAA and/or content questionable materials. Neither she nor the company need to be looking for the law at their door if her predecessor decides to report a copyright violation for fun and profit.

    If she is wanting to be cya do a SHA1 on the files and put that along with the file name in an excel spreadsheet. Flush the files.

    +
    0 Votes
    fuji_man

    This is more of a common issue than you think. I own my own consulting firm and other companies. I am a very advance computer person (programmer + system admin), however I do have hired network and system admin in some of my companies. I usually don't tell anyone how much knowledge I have and have seen plenty of system admin try to take advance.

    Since in your case, the one in charge have no clue what is going on in the IT department, it is a different story. He / She will require some information to help make their decision and if you really wanted to be seen as great asset to the company, you should really assist the person in charge to know what is going on.

    Now this is not saying you go in like a gunhole and shot him up with bad news. However since they have some in differences to lead to their separation, there are of course some crack to move in.

    If I were you, I will have a talk with the person in charge, and tell them, you don't wanted to rat him out, but as a system administrator it is really your responsibility to let them know. However, before you continue, you should then ask, if they really wanted to know how the guy have taken advantage of the company (and maybe drop a $ amount).

    It is then really up to them to ask for more info or just let it go.. If they let it go, then let it go.. no one in your company except for the one in charge will know anything have happened and you won't be seen as a bad person or a rat. If he wanted to know, you are now just doing your job.

    +
    3 Votes
    Charles Bundy

    Discovered the reason for excess Internet charges. However anything else is conjecture. Report to management that you discovered the corporate network was compromised around 2009. Let them draw their own conclusions as to who was responsible or inept so long as you make clear that it didn't happen on your watch. Not reporting is not an option because your predecessor would hold that over your head in an instant and label you as a waste of space. It may be item one to fix wrt his consultancy. And guess who gets the short end if you don't at least follow a CERT like response?

    +
    2 Votes
    whatzup

    In my mind you need to say something, but like I said be careful. I also agree with the person that said sitting down with the person in charge who knows nothing about IT and having a talk with that person is probably the best way to go. Be honest to that person and inform that person that the stuff you found has cost the company a substantial amount of money. The trick with the whole thing is to come off as someone that wants what is best for the company, not someone that has a score to settle. Like I said be honest, do your best everything will work out.

    We have all been on the downside of office politics, and I know it has cost me several promotions, but you need to do what is right even if it hurts you. At least you will feel better about it, knowing you did the right thing.

    +
    1 Votes
    info

    ...and they're considering bringing him in as a consultant, even after being at odds with the Executive Director, I'd say your odds of coming out of this on top are pretty much shot. To top it off, you're a woman, and it sounds like the 'good ol' boys club' is alive and well in this organization. It's not fair, and plain out SUCKS, but start making plans to pack your bags and leave. Get us much training/certs out of them as you can.

    In situations like this, friendships and social connections trump skill, knowledge and deliverables EVERY time. I've seen it first hand, they could well look at the total money this person has cost them, and the risk he's exposed them to, and say, "Oh well. Water under the bridge now." With the evidence of that person's Email SHOWING his contempt for you, you KNOW that as soon as he has his foot back in the door, he's going to torpedo you, and the management WILL let it happen. Even when all the evidence is in your favour.

    So, like I said, start planning your exit strategy now. To make one final kick at the can, pick the Executive Director and one other manager 'in power' that's somewhat related with you and appreciates the work you've done. (Normally, it would just be the Executive Director, but that wouldn't look good, since you're a woman...) Invite them out to a business lunch. At this lunch, follow some of the advice the others have given above and explain to them that you're planning to leave. Explain exactly WHY. Work in some of the things you've found, the previous Admin's behaviour towards the company (especially the risk of what could happen with that downloaded material... all company computers seized and impounded?) and particularly, in light of their considering bringing him back as a consultant, towards YOU. Explain that you feel in light of this, you perceive your chance of advancement at this company as slim to none, especially if he's brought back in. Tell them you GREATLY appreciate the opportunity they've given you, but if you haven't won their faith with all that you've done since you've been in charge of things, then you never will.

    If you wanted to play hardball, you could always hint that you could take legal action based on harassment and poor workplace treatment based on your sex, but I'd advise against it in this case. Feel them out, and see how receptive they are. They'll either see the light, or you have no choice but to leave. Sometimes a step back in a career will clear the way for several steps forward.

  • +
    0 Votes
    OH Smeg

    Obviously kill the crap and then do nothing.

    If however you are asked provide full documentation of everything and say nothing.

    As for the rest you do exactly what you are told to do and Document everything. This after all is what a System Admin does so do your job to the best of your ability and do not draw attention unnecessarily to yourself. IT is a Service and as a Service Provider you need to provide that service and not get involved in Office Politics.

    Col

    +
    0 Votes
    gechurch

    I definitely agree that you should document everything. Document what you found, when, the dates the files were put there, a list of all the people that had permission to save files there, and a list of the owner of the files.

    As for what to do next - it depends how you think the powers will react. Management at some companies is great. They want to help, they want to make sure everyone is doing the right thing by the company and they want to see the company prosper. At other places management are self-interested, are happy to screw over the company if there's something in it for them, and don't want to hear about problems; they shoot the messenger.

    What is the management like at your company? I'm guessing it's neither of these extremes which is why you are asking the question here. If it were me, I'd have a quiet word with someone in management I trust. I wouldn't say "the previous d***head was dodgy and cost us $200k". I'd instead say "Since I've taken over I've found some concerning [or 'legal' if you prefer] issues regarding the previous IT manager's bahaviour and I'm not sure what to do about it". The person will likely either say "He's gone now - I don't care" or will ask you to explain. If it's the latter do so, but don't overstate anything or draw any conclusions; leave that to the manager. You'll likely be asked to present a full report to the whole management team, so take your documentation and deliver it factually (again, avoid drawing conclusions and avoid emotion).

    A good dialog with management would be:
    You: "When I took over I found several torrents downloading 24 hours per day. At the current rate, these downloads will be contributing around 200GB per month to our Internet usage. The downloading is happening under the administrator account, and looking at the file dates seemed to have started around February 2009."
    Management: "Who had access to the Administrator account?"
    You: "The previous IT Manager was the only person who knew that password."
    Management: "What sort of files was he downloading?"
    You: "Most of the content are commercial movies, music and pornography"
    Management: "Isn't that illegal? Doesn't our acceptable use policy prohibit this?"
    You: "Yes it is illegal, and our acceptable use policy explicitely prohibits use of BitTorrent, and also explicitely prohibits the download of copyrighted material"
    Management: "When did we start going over our Internet usage?"
    You: "February 2009"
    ...

    Perhaps I'm wrong, but in my experience if you mention the potential for inproper dealings, but let the other person 'discover' it for themselves then they will accept it, whereas if you go and say "look, look, I've uncovered all this illegal stuff the previous IT guy was doing and he has cost the company $200k in Internet usage" some people may be less accepting (thinking that you are exaggerating, and trying to smear his name for personal reasons).

    I must disagree with OH Smeg's suggestion of deleting it and doing nothing. You have uncovered a breach of company policy and common law. If you knowingly cover it up, you are now an accessory to that behaviour (I wouldn't be surprised if your acceptable use policy dictates that you must inform someone of breaches). If you are really concerned that management will shoot the messenger, then an alternate approach would be to email a report to the management team regarding the transition from the old guy to you. Include things like passwords and documentation that are missing, list hardware that needs replacing or soon will etc and "hide" in that report what you have found regarding the torrents ("eg. I have found several gigabytes of movies, music and other content that appears unused and should not be on company servers. I intend to delete this content to free up space in one week."). That reads like generic house-keeping that management will likely skip over.

    Personally, I really don't like the second approach. I think open, honest and clear communication is the only way to go here. If you do that, then expect people to have a newfound respect for you as being someone they can trust.

    +
    0 Votes
    OH Smeg

    Hum I didn't say anythign about deleting it I said kill it meaning stop the File Transfers but Document Everything.

    As there was no mention of any Disc Space Issues I didn't even suggest deleting it but I did suggest to not go out of your way to inform people as with the way that things are described it will sound like sour grapes and make the OP here sound as if they are attempting to cast blame on the previous person while not being in a position to prove that they did anything wrong.

    It's always possible that the previous IT Guy was instructed to do this by some senior management type or maybe even was in a position where they knowingly allowed someone else higher up the food chain to perform things that are downright criminal under direct instruction.

    If that is the case the OP here will not be doing themselves any favours talking to anyone and make them look like they are Self Serving at the expense of the company/business or whatever.

    Never a good position to be in. The simple fact that the downloads have stopped and the excess usage has also stopped will cause questions to be asked and then is the correct time to tell those who ask what has been happening but under no circumstances accuse anyone of doing anything wrong unless you can Prove in a Court of Law that what oyu are saying is right. Deformation Cases can be launched against the ones making claims that can result in effectively ruling yourself unemployable and broke forever so it's always best not to become involved.

    You just say things like as this is outside our Acceptable Use Policy so I stopped it. It's always possible in a small organisation that you will be approached by someone very high up the Food Chain wanting to know what's happened and why did their Pet Project suddenly stop working.

    If you accuse anyone without Proof Positive you are making allegations that you are unable to prove and things like that will never make you look good in the long run and to make matters worse the OP here already has a History of them being accused of not being capable of doing the job that they are required to so making any noises to the wrong people will not be in their best interests.

    Doesn't matter what's right or wrong under those circumstances just telling the wrong person can cause a world of hurt that you never fully recover from. The worst thing you could do under these circumstances is make a noise you need to stop the wrong things from happening plug any holes that you find and answer questions that you are asked.

    Doing anything more will be seen by at the very least one person as you playing Politics and the reality is that most likely many will accuse you of that and also of planting evidence to make yourself look better than you actually are and build yourself up at the expense of the person you replaced. Not good for anyone

    +
    0 Votes
    tbmay

    Unfortunately I agree wit Col. I can't say I like the approach. It's just a simple matter of needing to pay the bills, Sometime you absolutely can't avoid office politics. But as long as a clinical approach is there for you, you'd probably be best just sticking to it. Definitely try to put any animosity you have for the guy personally aside. BUT....make sure you keep your documentation.

    +
    0 Votes
    gechurch

    @OH Smeg

    I wasn't trying to have a go... just mentioning that doing nothing is an approach that may get the OP in trouble. The approach I suggested will not make the OP look self-serving, it is not being a whistle-blower, it is not accusing anyone without Proof Positive, and it is not going to the police and causing adverse publicity. I was very careful to write a response that would avoid all of those negative things. By approaching someone in management she trusts and mentioning the issue vaguely and non-accusitory it then places the onus on the manager to decide what to do. The OP then just becomes a pawn folliowing what management tells her to do. And most importantly, it ensures she meets her moral and possibly legal obligations (the acceptable use policies that I've seen generally do have clauses requiring you come forward if you are aware of any breaches).

    Imagine if the OP does nothing, only to have the breaches discovered down the track. That would be a hard position to be in. The guy presumably broke the companies acceptable use policy, and definitely broke the law, and in doing so cost the ompany $200,000 in excess Internet usage. I sure as **** wouldn't want to explain to my boss why I decided to keep this information to myself. "I didn't want to make waves", "I didn't want to be seen as playing politics" or "I was afraid management was involved and I'd get in trouble if I asked questions" will look like some pathetic excuses if it gets to this stage.

    +
    0 Votes
    OH Smeg

    Maybe it's the way that I'm read the OP's story here.

    They have worked at this place for quite some time and have been relegated to the Nothing jobs and everyone is told that they are incapable of doing the limited job that they where employed to do and now that have been thrust into the position of replacing the person that they where employed to help and according to that person was incapable of helping.

    Also as the previous guy was so well liked and has now setup shop for them self I read things as the OP is expected to fail and then can be got rid of and replaced with the previous guy who is now a Freelance Consultant at higher pay than what they previously got when they worked there. The OP also lacks any support from their Immediate Manager and everyone is sitting back watching waiting for them to mess up.

    Personally I think it's a No Win Situation and if it was me I would have walked a long time ago and left this place to it's own devices. However the trouble here is that they stayed put and now want a way out of the situation which is at best a mess.

    From my reading of the above I feel that the situation has been engineered to make them fail and almost anything that they attempt is going to be meet with problems so they have to step very carefully. Sure if the OP is getting the necessary support from their Manager approach them with what they have discovered but also make very sure that all of the Back Doors have been shut and Bolted.

    If she was to approach the Manager and then the File Transfers restarted it will be claimed that it's she who is responsible and it's end of story there is the door and don't let it hit your Arr$e on the way out.

    If that the case she has very little in the way of options and I would guess very little in the way of directions either. If that's the case just going to the wrong person is writing your own demise with a reference to suit which effectively means no more work in that sector ever again as you have a Reputation which you most certainly don't want or need.

    It reminds me of Terry Child's who as far as I'm concerned didn't do too much wrong and while there where things like intercepting others E Mails which I would personally have avoided he pretty well did what he had been instructed to do. I know from personal experience that when approached by those higher up the food chain and told to do things that they do not have the authority to insist on happening you are immediately between a Rock and a Hard Place. Personally if I where Child's I wouldn't have handed over the passwords either but I would have immediately sent Documentation to the Person who is Responsible and passed along the required information and at the same time resigned. It may not have prevented me being jailed but at the very least I would know I had done the correct thing and could have done no more.

    However here as I read things she has no direction and no real supervision and those who are in control have no idea of what is actually involved. Attempting to teach those in-charge while at the same time plugging the holes and stopping the breaches from my Experience is not possible.

    But then again I may be reading things completely wrong.

    Col

    +
    0 Votes
    Madsmaddad

    You may need to show it as proof..

    +
    0 Votes
    Charles Bundy

    Negative. If she backs it up she has to store terabytes of MPAA and/or content questionable materials. Neither she nor the company need to be looking for the law at their door if her predecessor decides to report a copyright violation for fun and profit.

    If she is wanting to be cya do a SHA1 on the files and put that along with the file name in an excel spreadsheet. Flush the files.

    +
    0 Votes
    fuji_man

    This is more of a common issue than you think. I own my own consulting firm and other companies. I am a very advance computer person (programmer + system admin), however I do have hired network and system admin in some of my companies. I usually don't tell anyone how much knowledge I have and have seen plenty of system admin try to take advance.

    Since in your case, the one in charge have no clue what is going on in the IT department, it is a different story. He / She will require some information to help make their decision and if you really wanted to be seen as great asset to the company, you should really assist the person in charge to know what is going on.

    Now this is not saying you go in like a gunhole and shot him up with bad news. However since they have some in differences to lead to their separation, there are of course some crack to move in.

    If I were you, I will have a talk with the person in charge, and tell them, you don't wanted to rat him out, but as a system administrator it is really your responsibility to let them know. However, before you continue, you should then ask, if they really wanted to know how the guy have taken advantage of the company (and maybe drop a $ amount).

    It is then really up to them to ask for more info or just let it go.. If they let it go, then let it go.. no one in your company except for the one in charge will know anything have happened and you won't be seen as a bad person or a rat. If he wanted to know, you are now just doing your job.

    +
    3 Votes
    Charles Bundy

    Discovered the reason for excess Internet charges. However anything else is conjecture. Report to management that you discovered the corporate network was compromised around 2009. Let them draw their own conclusions as to who was responsible or inept so long as you make clear that it didn't happen on your watch. Not reporting is not an option because your predecessor would hold that over your head in an instant and label you as a waste of space. It may be item one to fix wrt his consultancy. And guess who gets the short end if you don't at least follow a CERT like response?

    +
    2 Votes
    whatzup

    In my mind you need to say something, but like I said be careful. I also agree with the person that said sitting down with the person in charge who knows nothing about IT and having a talk with that person is probably the best way to go. Be honest to that person and inform that person that the stuff you found has cost the company a substantial amount of money. The trick with the whole thing is to come off as someone that wants what is best for the company, not someone that has a score to settle. Like I said be honest, do your best everything will work out.

    We have all been on the downside of office politics, and I know it has cost me several promotions, but you need to do what is right even if it hurts you. At least you will feel better about it, knowing you did the right thing.

    +
    1 Votes
    info

    ...and they're considering bringing him in as a consultant, even after being at odds with the Executive Director, I'd say your odds of coming out of this on top are pretty much shot. To top it off, you're a woman, and it sounds like the 'good ol' boys club' is alive and well in this organization. It's not fair, and plain out SUCKS, but start making plans to pack your bags and leave. Get us much training/certs out of them as you can.

    In situations like this, friendships and social connections trump skill, knowledge and deliverables EVERY time. I've seen it first hand, they could well look at the total money this person has cost them, and the risk he's exposed them to, and say, "Oh well. Water under the bridge now." With the evidence of that person's Email SHOWING his contempt for you, you KNOW that as soon as he has his foot back in the door, he's going to torpedo you, and the management WILL let it happen. Even when all the evidence is in your favour.

    So, like I said, start planning your exit strategy now. To make one final kick at the can, pick the Executive Director and one other manager 'in power' that's somewhat related with you and appreciates the work you've done. (Normally, it would just be the Executive Director, but that wouldn't look good, since you're a woman...) Invite them out to a business lunch. At this lunch, follow some of the advice the others have given above and explain to them that you're planning to leave. Explain exactly WHY. Work in some of the things you've found, the previous Admin's behaviour towards the company (especially the risk of what could happen with that downloaded material... all company computers seized and impounded?) and particularly, in light of their considering bringing him back as a consultant, towards YOU. Explain that you feel in light of this, you perceive your chance of advancement at this company as slim to none, especially if he's brought back in. Tell them you GREATLY appreciate the opportunity they've given you, but if you haven't won their faith with all that you've done since you've been in charge of things, then you never will.

    If you wanted to play hardball, you could always hint that you could take legal action based on harassment and poor workplace treatment based on your sex, but I'd advise against it in this case. Feel them out, and see how receptive they are. They'll either see the light, or you have no choice but to leave. Sometimes a step back in a career will clear the way for several steps forward.