CIO Made A Dangerous Mistake And Ordered His Security Team To Implement It
The Register, Monday, August 25th, 2025
This week, meet a reader who asked to be Regomized as "FireBug," a name that makes sense because the story he sent concerns a firewall he worked on during his time as part of a small team that managed a global company's security and VPN infrastructure.
"I had just passed my CCNA and CCNE certifications when I received a request to make a major update to the firewall rulebase," FireBug told Who, Me?
As a sensible fellow, FireBug had a three-stage process for such requests.
First, he would read firewall rules to check for obvious errors. Next, he would deploy them in an isolated test environment. If that worked, he would deploy into production.
On this job, he had to insert an extra step.
"A new CIO had arrived at the company," FireBug recalled. "He was a nice guy, but more tactical than strategic, with a very hands-on approach and keen interest in everything related to security."
The new boss wanted to review the changed firewall policies himself.