Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

Thycotic PAM, IT and
Cyber Security Webinars

Ongoing education, on-demand


Privileged Insiders Gone Rogue: Tales from Tesla, Trains, Pharma, a Boot Maker and Beyond

Watch the Webinar


In my coverage of privileged account management, I’ve been focusing on the outsider threat mostly but recent news from Tesla presents a timely opportunity to address the equally dire insider threat – the rogue admin. The electric car manufacturer is suing a former employee of stealing information and sabotaging systems at its “Gigafactory” in Nevada where it makes batteries. Tesla claims the employee was disgruntled because of being passed over for promotion. The accused casts himself as a whistleblower and denies sabotage. Elon Musk also hints that titans of industry and finance have a strong motivation to sabotage Tesla and steal its information.

The most common trigger for rogue admins is the mundane pecuniary.  The bonus, performance review or promotion (lack thereof) and termination.  Activism and perceived whistleblowing comes in as a strong second.  But espionage is more common than publicized and I promise we are going to see real-life examples of Harrison Ford’s Jack Stanfield being blackmailed or otherwise forced to compromise their employers network.

In this webinar I will take a look at a number of well publicized rogue admin events

  • Christopher Victor Grup went berserk on the Canadian Pacific Railway’s switches resulting in the company having to factory reset most of its switches and start over creating it’s network
  • Jason Cornish wiped out 15 servers at Shionogi, Inc including its e-mail and Blackberry servers, its order tracking system, and its financial management software
  • The IT directory of Lucchese Boot Company found himself in a race against Joe Vito Venzor; the IT directory desperately trying to save to have his company’s network while Joe tried to destroy it

These and other incidents are valuable to examine because they show

  • What really happens out there and what could happen to your company
  • Why rogue admin events occur
  • What could have prevented the chaos and financial losses that ensued

We in the IT world have been amazingly slow to mature our processes and systems to the threat of trusted insiders who go rogue.  Other industries and sectors where trusted insiders wield unimaginable power have far more sophisticated controls to prevent a single person, regardless of their motivations, from wreaking havoc on the entire organization.

Privileged account management is crucial to mitigating the risk of rogue insiders and this webinar I’m going to focus on how PAM – when it’s done right:

  • Addresses the oft-stated copout “you have to trust someone
  • Prevents rogue actors from independently wreaking havoc
  • Eliminates the risk of residual access after employees are terminated
  • Limits the damage a rogue admin can cause

No one is claiming to eliminate all risk. But in the past, we have set the bar way to low and allowed anyone lacking impulse control to cause mayhem the first time they get upset. That’s bad enough but as increasingly powerful and malicious entities take aim at our network – and people – we need to limit the damage individuals can do and make raise the bar on privileged account abuse so that we have more time to detect rogue activity before it does damage.