My 10:00 Monday meeting is with our CIO and Senior Management. We review the project list (that I pretend to maintain). It usually lasts for about 30 minutes. When we're done, I get to leave and the Sr. Staff and the CIO have a staff meeting. Once in a while I'll be asked to stay because I'm working on a project they will be discussing, but that rarely happens. Today, though I really wish I'd been able to stay.
Just as we are about to get started, our Director of Information Security, Savanna Samson* walked into the meeting looking like she's one step away from her eternal afterlife (this is actually pretty normal, however today she was looking particularly funereal). Anyhow, she drags herself through the door and announces, "There's been another one."
By another one, she is referring to another Security Breach. About two weeks ago our system was "compromised" and a hacker was able to obtain sensitive information like SSNs for nearly 10,000 people (mentioned in The Inmates Are In Control, Part Uno).
Peter North*, the CIO, asks if it's bad. She replies that it is "worse than last time." and that she has been working on it all weekend.
The first thought that pops into my head is, "She's been working on it for 2-3 days and hasn't informed her CIO?"
Peter leaps to action, "Do we need to talk about it now?" Talk about bold leadership.
"No," she says, "we can talk about it in our 10:30." Meaning she won't say anything more until I am out of the room. I guess she knows I'll be informing all my hacker buddies of the countermeasures.
Super CIO says okay, and that's it. Not the slightest sign of being perturbed or upset about this.
And that is Standard Operating Procedure.
He reminds me of George W. Bush sitting in an elementary classroom reading the children's book, The Pet Goat. You can see the wheels turning, but instead of formulating a plan of response you can tell he's thinking, "must look presidential, must look presidential."