I was one of the people that was there when it happened. My coworkers and I were asking one of them questions after the talk. The goons were kicking us out of the rooms because it was the last talk of the day and they wanted People to leave. We were talking in the hallway and asking him questions when we ran into the other presenter there(And people were asking him questions too). Anyway few mins later I see our old executive walk to them and tell them they have to talk. They started walking and talking but it was right in the open and you could pretty much hear them. They end up stopping and looks like they were trying to defend themselves. Few mins later the executive leaves and the end up walking back to the group that was still waiting to ask them questions (including us). They had been fired effective immediately.
The executive is Jim Alkove. He is a moron and our security org has completed revamped after he "left" to join other companies. All the recent advancements in Microsoft security/Win10 were because we no longer had a leader like him.
I worked at a lot of companies under a lot of different managers.
If I hear a manager fires them at such a moment, it already gives me an idea of what kind of manager we're talking about.
If a manager sends a text message half an hour before the talk starts to not give the talk, I definitely know what kind of manager it is.
You have 2 kinds of managers: The ones that think ahead of the time, and the ones that don't think ahead of the time. It's pretty easy to distinguish the two.
You forget the 3rd kind: the ones who think ahead of the time, but use urgency as a way of shielding their decision-making reasoning.
Let's say Employee A comes up to Manager three months before Defcon, saying he'd like to do such and such. Manager doesn't like it, but he doesn't want to upset A at that time because Reasons. He says "sure bud, you go ahead, I'll check with the lawyers just in case and let you know if there is any problem". Then he waits, and half an hour before the talk, through an indirect medium like email or text, he goes "sorry man, I only just got a message back from the lawyers that you can't talk about that. Totally gutted! Oh well, better luck next year, uh?"
30 mins before the presentation, after they've all flown to the conference, is not incompetence; it's malice.
At least in that case I wouldn't mind if a superior was honestly and truly checking with Legal Departments, and others of authority, to verify whether some action I was considering taking was going to cost me my job... Could any of us here really be upset about a Manager that does that?
I'm fairly certain the implication here is that he was not, in fact, checking with Legal or anyone, but simply holding off to make it seem as if he was and it was too late to question.
Jim is known for retaliating against his employees. That's why we got rid of him at MSFT and then Google... He is happy enjoying his millions in stock units and 100% bonus target. What did you expect? SOP.
No, I don't think so, assuming the manager also said something along the lines of "The check might run right up before your talk. Please make sure to check your phones before walking on stage so that if something happens last minute you'll know. I'll promise to text you either way."
In a large corporation I worked for a long time, if EVP fires somebody on the spot it means that EVP is next to go. I assume this will be the case for Salesforce.
On the spot, At defcon, 30k people. Anyone at Salesforce wanna talk about what's going on? Make a throwaway, use opsec. What are your opinions on this? What is your opinion of Jim as your leader?
what are this "leader"'s justifications for preventing the talks and for preventing the open sourcing of this software?
Is it liability or competitive advantage based?
Firing someone on the spot in a public setting is either a drastic overreaction (and why that's fireable is obvious), or a response to a complete blindsiding … at a level at which the job is to not get blindsided.
It's also a complete HR catastrophe. How could anyone feel comfortable in their position, knowing they could be fired at any moment, publicly and without warning? Terrorizing your employees is completely unacceptable as a manager.
Edit: I guess I don't have much experience with HR at large companies - I use the term to refer to aspects of management related to maintaining employee wellbeing, workplace culture etc.
HR doesn't care about that! Not unless it's actionable. Good way to lose your star contributors, sure, but past a certain basic point retention isn't really part of HR's role.
Really? I've always seen HR as a sort of "union for un-unionised employees". They help you get stuff out of the business, and help the business get the most out of you.
Perhaps I've only encountered the good kind of HR.
A significant aspect of HR (at least in the UK) is protecting the company from its 'resources', and ensuring that the company has a robust (i.e. legally defensible) paper trail when disputes arise. E.g a process for putting people on an 'improvement plan' in response to poor behaviours / performance, and which can ultimately lead to dismissal.
Back in the day, the term 'anti-personnel department' was often used.
And don't get me started on the use of the term 'human resources'
[Edit] - more detail. I'm a techie but have occasionally had line management (in addition to tech lead) responsibilities. The first time I took on these duties, I had to do the relevant HR training and was amazed at the attitude: a little bit of 'duty-of-care' and a lot of 'follow-this-process-to-make-sure-the-law-is-on-our-side'
My experiences of UK large company HR departments was basically that they were the hit squad - if they were in the building then you knew someone was in major trouble.
I had an interesting experience a couple of years back when everyone in our office was called to a surprise meeting with HR except me.... I had already resigned, everyone else got the bullet in that caring way that HR departments are famous for.
A company I worked at did something similar; those who were being kept were told to go somewhere else, not to go to that meeting. Those that were still around were herded into the classroom, to be met by the HR head and a hired goon of a security guard. The entire office was being closed, but the way it was done was more hurtful to those folks than the basic business decision.
Can confirm as a programmer in UK. I hit this wall recently when asking for extended leave to deal with a personal crisis. The colluded response from HR/the business was to give me notice.
Take it from someone whose partner works in HR: they are not your friend. They may be nice people, they may try to help, but their _job_ is to protect the company's interests. Each time you talk to them about conflict, you're taking a bet your interests and theirs align.
In other news, for a bunch of smart people, engineers are spectacularly underunionized.
They are however, definitely interested in retention. They have a keen understanding of the total cost of finding and onboarding a new employee. If a particular executive is putting that in jeopardy then a good HR department will take note.
> They have a keen understanding of the total cost of finding and onboarding a new employee.
Because they will be involved in recruiting, they will also have a keen understanding of how much that increases their workload, which is otherwise pretty flimsy in a lot of cases. The more churn, the more they can justify their headcount.
They definitely are, but in a circumstance like this the most _urgent_ problem they've got is a bunch of ex-employees with a legal action brewing. Implicitly admitting liability without a quid-pro-quo isn't going to happen.
Which isn't to say HR won't want him gone. Just not yet.
Nope; they help the business get the most out of you without getting sued. That's the alpha and omega of HR.
Their obligations are to the company, not to you. When they answer your questions, they do it so you can't claim later on that the company didn't tell you such and such or that the procedure XYZ was unclear, and sue them. They are nice so that you won't see the company as adversarial and sue them. And so on and so forth.
At some places, they have one branch of "good cop" HR that cuddles the employees, hands out candy and attempt to boost morale, and one "bad cop" branch that does all the dirty work of protecting the company from liability and attempting to squeeze out as many hours as possible while keeping compensation and human costs to a minimum.
They aren't your friends. They protect the company first. Definitely think twice before going to HR for anything not related to the normal benefits/vacation type issues. If you have an issue with another employee, you may very well be the problem that gets eliminated, not the other employee.
Many people, myself included, feel that HR is almost totally on the side of the company and don't represent employee interests effectively (if at all).
Having a major disruption in your security department can mean an upcoming disaster for a company offering cloud based services. From what this sounds, they not only got rid of 2 very competent employees, the manager doesn't seem to have acted especially brilliant, and they might have discouraged competent security people from applying at the company. What could possibly go wrong with this?
People aren't fully strategic 100% of the time. When clouded by emotion, suboptimal decisions can look strategic. (Ex. establishing/asserting their authority.)
2) If you fire someone on the spot (I have), you'd better have a damn good reason (I did--repository sabotage) as the company is now going to have to pay money to defend/payoff this.
3) Suddenly firing important people disrupts daily business functions for weeks or months.
4) Unless you think they are going to actively sabotage something, you can wait until they get home to reprimand or fire people.
All told, some manager is getting thrown under the bus for this.
The Google thing is a medium splash in a big pond. This is a small splash, but arguably in a much smaller and more concentrated pond. Within the community of red teams and DEFCON regulars I wouldn't be surprised if this is much better known than the (now) ex Googler is within the more general tech community.
An internal memo with astonishingly poor typography was leaked. Since Google sell a word processor and are a font vendor this made them look bad. So he was fired.
(I'm only half joking. People don't talk about how poor the layout of that document was, but it was my first and lasting impression)
It's unbelievable that it was only the memo. And quite likely just the last straw.
I can easily imagine someone that produces poor quality once publically probably did so many times privately and likely more of a symptom of underlying inadequacy than the actual reason for firing.
But you know, headlines..
And yes, have no previous experience or knowledge about this so sorry if I'm armchairing a bit.
Larry Summers (a leading economist with often controversial opinions) got fired from his position as the president of harvard for effectively making the same point [1] except, you know, well argued unlike in the Google manifesto.
If Larry Summers gets fired for that, a random engineer is definitely getting the boot.
Honestly, relative to the usual discussions on the topic (including discussions about the Google memo), the memo was refreshingly well-argued, coherent and polite.
Everyone agrees it was polite, but well-argued and coherent is where not everyone does agree.
I've seen people with advanced degrees host debates where they legitimately advocated creationism as the truth against evolutionary biologists with equally advanced degrees. They were polite, and their supporters would say well-argued and coherent. But anyone who knows anything about the topic would see that the creationists weren't actually adding to the discussion or making strong points at all. Those creationist debates are always unsatisfying and exhausting to listen to, and after a while, that schtick becomes old and non-creationists stop engaging because it's just boring. But creationists will attend and be excited every time because having a debate against a real scientist legitimizes them.
That's how this memo thing felt. Nothing new was added to the discussion (at least not to those of us who have had this discussion before) and it just seemed like an opportunity that some less savory folks jumped on to promote some out-dated views (and more importantly, for mainstream media to jump on to paint all of tech as a place where those views are the norm. That story sells despite how wrong it is).
FWIW, I do hate impoliteness though. I understand why people felt defensive for the author after watching the internet freak the hell out (in rude or dismissive ways) about the memo which was not impolite in itself.
Well yes, that's my opinion :). I found the memo coherent, in the sense that it was well-structured and followed consistent reasoning, and well-argued, in the sense that it linked to supporting research and reasoned mostly correctly from it. It doesn't mean everything there was 100% correct, but almost no one is; it still was a quality entry to the intellectual debate.
At the risk of perpetuating the disagreement, IMO if anything is similar to the creationinst debaters, it's the voices against the memo.
Going through the few recent HN discussions on the topic, I found that on the one side, you had people (including an actual scientist in the domain) telling that the memo basically got the science (even if not ultimate conclusions) right, as supported by _even more_ research people linked to, vs. the other side saying he presents "outdated" views of "biological determinism", etc., with no counter to the research cited by the memo itself (not to mention others) - just unsubstantiated accusations and dismissals.
More than 5 doctors confirmed the memo was consistent with science and his text referenced appropriate sources, as common with any paper. It's incredible that non-medical people can override science with their belief. It's Galileo all over again, fired because one shall not contradict [place godly entity here].
The paper went much further than presenting a summary of mashed up research from a variety of fields that investigate sex & gender variations. For that, all you need is some reprints of Nature and Scientific American.
Instead it wanted to connect that research to a) company policy and b) American-specific political divides. And to do that required a battery of assumptions regarding intention, merit, aptitude, worth, values.
That's where the wheels came off and everyone started projecting their own ideological interpretations, and you've been arguing past each other ever since.
Sorry, I thought it was a vulnerability/technique impacting Google services that dropped at the convention. Now I get the connection was being made to widely reported staff behavior.
I am not sure that creating burner accounts to libel people by name is an entirely appropriate use of this site no matter what your personal feelings are.
You don't have any evidence to substantiate any of what you are writing and this individual has no opportunity to respond to what you are writing.
This is highly unprofessional behavior no matter what you think the justification is.
FTA: "Josh Schwartz, director of offensive security based in San Francisco, and John Cramb, senior offensive security engineer in Sydney, Australia, worked on the cloud giant's security 'red team'"
The one we were talking to had an Australian accent, but I did not ask. The other one is @fuzzynop and yes he's in California. He actually DJ'd for dualcore.
I understand feeling sorry, but doing a talk like this without the full support of your leadership is an incredible error. If you work for a big company, you can't do talks like this without aligning pr, leadership etc.
From TFA: "Salesforce executives were first made aware of the project in a February meeting, and they had signed off on the project, according to one person with knowledge of the meeting."
They had executive signoff until half an hour prior to the talk, and they didn't see the text revoking permission until after the talk. I'm not sure what else they were supposed to have done.
And Alkove was there - physically present. He could've warned them off in person, and made sure they knew what was up. No one is going to care why he didn't.
Aware and signed off on the project and aware and signed off on the defcon presentation are two different things. I only know what I've read in this article and discussion on this, but I don't read "Salesforce executives were first made aware of the project in a February meeting" as meaning they had corporate sign off (they may have, but thats not what that sentence means)
The executive is Jim Alkove. He is a moron and our security org has completed revamped after he "left" to join other companies. All the recent advancements in Microsoft security/Win10 were because we no longer had a leader like him.
Feel sorry for these guys.