A term popular in my country
marking incompetent IT workers. I encountered some champions on
my last "real" job some time ago. I relocated to Zagreb and started on
my new job for some big Oracle partner as a systems administrator. My
first task was to promptly deploy a new set of services for the
company it self. After gathering some more information it turned out
that their core systems were compromised, an intruder found a way in
trough a vulnerable SMTP service. Odd part is that this happened 6
months ago and in their own words "nobody had time to patch
it" (for six months?!), real champions, and you now
understand the true meaning of the term. It doesn't stop there, most
of their core systems were as much as 5-6 years old without any
patches ever applied to them. The company develops some kind of HR
software, which surprisingly sells very well. But they also provide
many of their clients with technical support, systems maintenance and
administration. I can hardly imagine what those systems look
like.
We agreed that I will have a 10-14 days probation period before they
make a final decision. So after receiving my first assignment I set to
work with enthusiasm trying to prove my self. Once the test period
ended my job was fully done, all the new systems and services were
operational and working as expected. So then the management and
honorable Systems Engineer offered me a contract, a bullshit
contract. Since I moved from another city their terms were
unacceptable, and I couldn't manage in another city with what money
they offered me. So I left them with a full set of new services and
systems deployed free of charge, now they can play the systems
engineer game for the next 5 or so years until someone else
brings their complete business in question.
I was in Zagreb again a few months later on a security conference where I met a
good friend of mine. So as we talked I mentioned the same story to
him, he was curious about it and decided to take a brief look at
their site... in short; Apparently some champion there (I guess it was
the honorable sys. eng.) deployed some CRM system and left the
database, with a bunch of data, wide open. Employees records,
usernames and passwords, clients records, payment records and God
knows what else. Ironic on one of my meetings with the management I
was warned that I "pay to much attention to security issues! We
are not concerned so much about security, we make regular
backups!".