Being one-man-army and end up “strong-armed” [closed]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
2
down vote

favorite












I have went through How to deal with an incompetent colleague? and How should I handle an incompetent coworker?, but I feel my case differs quite a lot.




I started working at my current workplace - which is private educational institution in the UK - about 6 months ago. I am quite advanced PHP developer and have about 5 years of work experience. However, despite being 23 years old I am currently a student in the given organization (almost finishing), I was invited (or requested more or less) to work for them full time on the Virtual Learning platform they ware developing, without me looking for a job (I had dedicated my time to being a student there and was supporting myself just fine). At the end of the interview I was asked prior to starting in the beginning of next week to - quoting - learn Classic ASP 1, I explicitly mentioned that I am a PHP developer (which I said beforehand, when explaining what my skill-set is) then the conversation went in to the direction that the software will be "converted" in to PHP.



Once started I realized that the software was written in Classic ASP, being operational since day 1, which was about 3 years ago and currently being offered as a service to others (kind of a SaaS). A lot of times I noticed that there are obvious major security flaws and I notified my team member to which he replied (emphasis mine):




Don't worry about security. At the moment we are building everything, once all is ready and it is working we will start adding layers of security where needed and it will be OK.
I don't know why you are worried about security at this stage




Which raised a few red flags, however I considered that when we start rewriting it everything will be done properly. (I didn't knew that it was operating for so long nor that it was being resold)




It has been a few months now and the only tasks which I am required to carry out are to make security flaws in applications which work properly for the purpose to "integrate" them (resulting in automatic log-ins..)



Currently my opinion is discarded as soon as I start making an argument that he is wrong for something (strong-arming). There is no deployment strategy, everything is done writing directly to production files via FTP (although I am compensating on isolating the components I am developing and testing, maintaining tests and applying code practices and standards). No backups are in place, no encryption for anything and the "system" is built in a way that everyone working in here can view everyone's personal information including communication, and student works (assignments, exams, etc.).



I am suspecting that he is even leaking data (in form of student works) for personal profit, but I could not state that as all the people coming to speak with him, they speak in their own native language, which is totally different from mine native and English.



So after long description (for which I apologise and tried to keep as short as possible) my actual questions:



  1. How should I proceed to escalate my concerns, if they are closed friends with the CEOs?

  2. Should I blow the whistle to ICO ([Information Commission Officer] (http://ico.org.uk/)) that there are no policies in place for security and privacy and no maintenance being done? (which I noticed when a teacher was fired and deleted all presentations and stuff relating to the module we ware doing and my whole group was left empty handed on any materials)

  3. Should I notify higher levels (those running the programs and issuing the certifications) that I am suspecting that most of the student works are being purchased from members of staff and are not legitimate?

Again sorry for the long post and if anyone would like private discussion I am all for it :)




Discontinued by Microsoft in February 17, 2000; 15 years ago as per Wikipedia's ASP page on Active Server Pages







share|improve this question














closed as off-topic by Joe Strazzere, gnat, scaaahu, Telastyn, Masked Man♦ Jul 2 '15 at 16:28


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions asking for advice on what to do are not practical answerable questions (e.g. "what job should I take?", or "what skills should I learn?"). Questions should get answers explaining why and how to make a decision, not advice on what to do. For more information, click here." – gnat, scaaahu, Telastyn
If this question can be reworded to fit the rules in the help center, please edit the question.












  • Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
    – Vietnhi Phuvan
    Jul 2 '15 at 12:41










  • Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
    – DaGhostman Dimitrov
    Jul 2 '15 at 12:46










  • If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
    – Vietnhi Phuvan
    Jul 3 '15 at 0:02










  • You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
    – Vietnhi Phuvan
    Jul 3 '15 at 0:08
















up vote
2
down vote

favorite












I have went through How to deal with an incompetent colleague? and How should I handle an incompetent coworker?, but I feel my case differs quite a lot.




I started working at my current workplace - which is private educational institution in the UK - about 6 months ago. I am quite advanced PHP developer and have about 5 years of work experience. However, despite being 23 years old I am currently a student in the given organization (almost finishing), I was invited (or requested more or less) to work for them full time on the Virtual Learning platform they ware developing, without me looking for a job (I had dedicated my time to being a student there and was supporting myself just fine). At the end of the interview I was asked prior to starting in the beginning of next week to - quoting - learn Classic ASP 1, I explicitly mentioned that I am a PHP developer (which I said beforehand, when explaining what my skill-set is) then the conversation went in to the direction that the software will be "converted" in to PHP.



Once started I realized that the software was written in Classic ASP, being operational since day 1, which was about 3 years ago and currently being offered as a service to others (kind of a SaaS). A lot of times I noticed that there are obvious major security flaws and I notified my team member to which he replied (emphasis mine):




Don't worry about security. At the moment we are building everything, once all is ready and it is working we will start adding layers of security where needed and it will be OK.
I don't know why you are worried about security at this stage




Which raised a few red flags, however I considered that when we start rewriting it everything will be done properly. (I didn't knew that it was operating for so long nor that it was being resold)




It has been a few months now and the only tasks which I am required to carry out are to make security flaws in applications which work properly for the purpose to "integrate" them (resulting in automatic log-ins..)



Currently my opinion is discarded as soon as I start making an argument that he is wrong for something (strong-arming). There is no deployment strategy, everything is done writing directly to production files via FTP (although I am compensating on isolating the components I am developing and testing, maintaining tests and applying code practices and standards). No backups are in place, no encryption for anything and the "system" is built in a way that everyone working in here can view everyone's personal information including communication, and student works (assignments, exams, etc.).



I am suspecting that he is even leaking data (in form of student works) for personal profit, but I could not state that as all the people coming to speak with him, they speak in their own native language, which is totally different from mine native and English.



So after long description (for which I apologise and tried to keep as short as possible) my actual questions:



  1. How should I proceed to escalate my concerns, if they are closed friends with the CEOs?

  2. Should I blow the whistle to ICO ([Information Commission Officer] (http://ico.org.uk/)) that there are no policies in place for security and privacy and no maintenance being done? (which I noticed when a teacher was fired and deleted all presentations and stuff relating to the module we ware doing and my whole group was left empty handed on any materials)

  3. Should I notify higher levels (those running the programs and issuing the certifications) that I am suspecting that most of the student works are being purchased from members of staff and are not legitimate?

Again sorry for the long post and if anyone would like private discussion I am all for it :)




Discontinued by Microsoft in February 17, 2000; 15 years ago as per Wikipedia's ASP page on Active Server Pages







share|improve this question














closed as off-topic by Joe Strazzere, gnat, scaaahu, Telastyn, Masked Man♦ Jul 2 '15 at 16:28


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions asking for advice on what to do are not practical answerable questions (e.g. "what job should I take?", or "what skills should I learn?"). Questions should get answers explaining why and how to make a decision, not advice on what to do. For more information, click here." – gnat, scaaahu, Telastyn
If this question can be reworded to fit the rules in the help center, please edit the question.












  • Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
    – Vietnhi Phuvan
    Jul 2 '15 at 12:41










  • Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
    – DaGhostman Dimitrov
    Jul 2 '15 at 12:46










  • If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
    – Vietnhi Phuvan
    Jul 3 '15 at 0:02










  • You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
    – Vietnhi Phuvan
    Jul 3 '15 at 0:08












up vote
2
down vote

favorite









up vote
2
down vote

favorite











I have went through How to deal with an incompetent colleague? and How should I handle an incompetent coworker?, but I feel my case differs quite a lot.




I started working at my current workplace - which is private educational institution in the UK - about 6 months ago. I am quite advanced PHP developer and have about 5 years of work experience. However, despite being 23 years old I am currently a student in the given organization (almost finishing), I was invited (or requested more or less) to work for them full time on the Virtual Learning platform they ware developing, without me looking for a job (I had dedicated my time to being a student there and was supporting myself just fine). At the end of the interview I was asked prior to starting in the beginning of next week to - quoting - learn Classic ASP 1, I explicitly mentioned that I am a PHP developer (which I said beforehand, when explaining what my skill-set is) then the conversation went in to the direction that the software will be "converted" in to PHP.



Once started I realized that the software was written in Classic ASP, being operational since day 1, which was about 3 years ago and currently being offered as a service to others (kind of a SaaS). A lot of times I noticed that there are obvious major security flaws and I notified my team member to which he replied (emphasis mine):




Don't worry about security. At the moment we are building everything, once all is ready and it is working we will start adding layers of security where needed and it will be OK.
I don't know why you are worried about security at this stage




Which raised a few red flags, however I considered that when we start rewriting it everything will be done properly. (I didn't knew that it was operating for so long nor that it was being resold)




It has been a few months now and the only tasks which I am required to carry out are to make security flaws in applications which work properly for the purpose to "integrate" them (resulting in automatic log-ins..)



Currently my opinion is discarded as soon as I start making an argument that he is wrong for something (strong-arming). There is no deployment strategy, everything is done writing directly to production files via FTP (although I am compensating on isolating the components I am developing and testing, maintaining tests and applying code practices and standards). No backups are in place, no encryption for anything and the "system" is built in a way that everyone working in here can view everyone's personal information including communication, and student works (assignments, exams, etc.).



I am suspecting that he is even leaking data (in form of student works) for personal profit, but I could not state that as all the people coming to speak with him, they speak in their own native language, which is totally different from mine native and English.



So after long description (for which I apologise and tried to keep as short as possible) my actual questions:



  1. How should I proceed to escalate my concerns, if they are closed friends with the CEOs?

  2. Should I blow the whistle to ICO ([Information Commission Officer] (http://ico.org.uk/)) that there are no policies in place for security and privacy and no maintenance being done? (which I noticed when a teacher was fired and deleted all presentations and stuff relating to the module we ware doing and my whole group was left empty handed on any materials)

  3. Should I notify higher levels (those running the programs and issuing the certifications) that I am suspecting that most of the student works are being purchased from members of staff and are not legitimate?

Again sorry for the long post and if anyone would like private discussion I am all for it :)




Discontinued by Microsoft in February 17, 2000; 15 years ago as per Wikipedia's ASP page on Active Server Pages







share|improve this question














I have went through How to deal with an incompetent colleague? and How should I handle an incompetent coworker?, but I feel my case differs quite a lot.




I started working at my current workplace - which is private educational institution in the UK - about 6 months ago. I am quite advanced PHP developer and have about 5 years of work experience. However, despite being 23 years old I am currently a student in the given organization (almost finishing), I was invited (or requested more or less) to work for them full time on the Virtual Learning platform they ware developing, without me looking for a job (I had dedicated my time to being a student there and was supporting myself just fine). At the end of the interview I was asked prior to starting in the beginning of next week to - quoting - learn Classic ASP 1, I explicitly mentioned that I am a PHP developer (which I said beforehand, when explaining what my skill-set is) then the conversation went in to the direction that the software will be "converted" in to PHP.



Once started I realized that the software was written in Classic ASP, being operational since day 1, which was about 3 years ago and currently being offered as a service to others (kind of a SaaS). A lot of times I noticed that there are obvious major security flaws and I notified my team member to which he replied (emphasis mine):




Don't worry about security. At the moment we are building everything, once all is ready and it is working we will start adding layers of security where needed and it will be OK.
I don't know why you are worried about security at this stage




Which raised a few red flags, however I considered that when we start rewriting it everything will be done properly. (I didn't knew that it was operating for so long nor that it was being resold)




It has been a few months now and the only tasks which I am required to carry out are to make security flaws in applications which work properly for the purpose to "integrate" them (resulting in automatic log-ins..)



Currently my opinion is discarded as soon as I start making an argument that he is wrong for something (strong-arming). There is no deployment strategy, everything is done writing directly to production files via FTP (although I am compensating on isolating the components I am developing and testing, maintaining tests and applying code practices and standards). No backups are in place, no encryption for anything and the "system" is built in a way that everyone working in here can view everyone's personal information including communication, and student works (assignments, exams, etc.).



I am suspecting that he is even leaking data (in form of student works) for personal profit, but I could not state that as all the people coming to speak with him, they speak in their own native language, which is totally different from mine native and English.



So after long description (for which I apologise and tried to keep as short as possible) my actual questions:



  1. How should I proceed to escalate my concerns, if they are closed friends with the CEOs?

  2. Should I blow the whistle to ICO ([Information Commission Officer] (http://ico.org.uk/)) that there are no policies in place for security and privacy and no maintenance being done? (which I noticed when a teacher was fired and deleted all presentations and stuff relating to the module we ware doing and my whole group was left empty handed on any materials)

  3. Should I notify higher levels (those running the programs and issuing the certifications) that I am suspecting that most of the student works are being purchased from members of staff and are not legitimate?

Again sorry for the long post and if anyone would like private discussion I am all for it :)




Discontinued by Microsoft in February 17, 2000; 15 years ago as per Wikipedia's ASP page on Active Server Pages









share|improve this question













share|improve this question




share|improve this question








edited Apr 13 '17 at 12:48









Community♦

1




1










asked Jul 2 '15 at 11:39









DaGhostman Dimitrov

1137




1137




closed as off-topic by Joe Strazzere, gnat, scaaahu, Telastyn, Masked Man♦ Jul 2 '15 at 16:28


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions asking for advice on what to do are not practical answerable questions (e.g. "what job should I take?", or "what skills should I learn?"). Questions should get answers explaining why and how to make a decision, not advice on what to do. For more information, click here." – gnat, scaaahu, Telastyn
If this question can be reworded to fit the rules in the help center, please edit the question.




closed as off-topic by Joe Strazzere, gnat, scaaahu, Telastyn, Masked Man♦ Jul 2 '15 at 16:28


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions asking for advice on what to do are not practical answerable questions (e.g. "what job should I take?", or "what skills should I learn?"). Questions should get answers explaining why and how to make a decision, not advice on what to do. For more information, click here." – gnat, scaaahu, Telastyn
If this question can be reworded to fit the rules in the help center, please edit the question.











  • Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
    – Vietnhi Phuvan
    Jul 2 '15 at 12:41










  • Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
    – DaGhostman Dimitrov
    Jul 2 '15 at 12:46










  • If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
    – Vietnhi Phuvan
    Jul 3 '15 at 0:02










  • You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
    – Vietnhi Phuvan
    Jul 3 '15 at 0:08
















  • Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
    – Vietnhi Phuvan
    Jul 2 '15 at 12:41










  • Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
    – DaGhostman Dimitrov
    Jul 2 '15 at 12:46










  • If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
    – Vietnhi Phuvan
    Jul 3 '15 at 0:02










  • You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
    – Vietnhi Phuvan
    Jul 3 '15 at 0:08















Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
– Vietnhi Phuvan
Jul 2 '15 at 12:41




Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
– Vietnhi Phuvan
Jul 2 '15 at 12:41












Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
– DaGhostman Dimitrov
Jul 2 '15 at 12:46




Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
– DaGhostman Dimitrov
Jul 2 '15 at 12:46












If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
– Vietnhi Phuvan
Jul 3 '15 at 0:02




If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
– Vietnhi Phuvan
Jul 3 '15 at 0:02












You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
– Vietnhi Phuvan
Jul 3 '15 at 0:08




You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
– Vietnhi Phuvan
Jul 3 '15 at 0:08










2 Answers
2






active

oldest

votes

















up vote
6
down vote



accepted










Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.



Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.



Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.






share|improve this answer



























    up vote
    4
    down vote













    1. Is the "they" the manager? He is a close personal friends with the
      CEO? If he is friends with the top dog then you don't really have any
      safe level to report a problem to.

    2. Do you mean CIO. If the CIO is not aware there are no policies in
      place for security and privacy then he/she is incompetent or
      complicit.

    3. Works are being purchased from members of staff and are not
      legitimate is a pretty serious matter. You need more than
      suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.

    Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.



    If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.



    The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.






    share|improve this answer






















    • +1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
      – AlexFoxGill
      Jul 2 '15 at 12:41










    • For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
      – DaGhostman Dimitrov
      Jul 2 '15 at 12:48











    • You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
      – paparazzo
      Jul 2 '15 at 12:55


















    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    6
    down vote



    accepted










    Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.



    Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.



    Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.






    share|improve this answer
























      up vote
      6
      down vote



      accepted










      Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.



      Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.



      Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.






      share|improve this answer






















        up vote
        6
        down vote



        accepted







        up vote
        6
        down vote



        accepted






        Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.



        Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.



        Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.






        share|improve this answer












        Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.



        Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.



        Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jul 2 '15 at 12:15









        jwsc

        1,781515




        1,781515






















            up vote
            4
            down vote













            1. Is the "they" the manager? He is a close personal friends with the
              CEO? If he is friends with the top dog then you don't really have any
              safe level to report a problem to.

            2. Do you mean CIO. If the CIO is not aware there are no policies in
              place for security and privacy then he/she is incompetent or
              complicit.

            3. Works are being purchased from members of staff and are not
              legitimate is a pretty serious matter. You need more than
              suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.

            Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.



            If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.



            The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.






            share|improve this answer






















            • +1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
              – AlexFoxGill
              Jul 2 '15 at 12:41










            • For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
              – DaGhostman Dimitrov
              Jul 2 '15 at 12:48











            • You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
              – paparazzo
              Jul 2 '15 at 12:55















            up vote
            4
            down vote













            1. Is the "they" the manager? He is a close personal friends with the
              CEO? If he is friends with the top dog then you don't really have any
              safe level to report a problem to.

            2. Do you mean CIO. If the CIO is not aware there are no policies in
              place for security and privacy then he/she is incompetent or
              complicit.

            3. Works are being purchased from members of staff and are not
              legitimate is a pretty serious matter. You need more than
              suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.

            Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.



            If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.



            The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.






            share|improve this answer






















            • +1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
              – AlexFoxGill
              Jul 2 '15 at 12:41










            • For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
              – DaGhostman Dimitrov
              Jul 2 '15 at 12:48











            • You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
              – paparazzo
              Jul 2 '15 at 12:55













            up vote
            4
            down vote










            up vote
            4
            down vote









            1. Is the "they" the manager? He is a close personal friends with the
              CEO? If he is friends with the top dog then you don't really have any
              safe level to report a problem to.

            2. Do you mean CIO. If the CIO is not aware there are no policies in
              place for security and privacy then he/she is incompetent or
              complicit.

            3. Works are being purchased from members of staff and are not
              legitimate is a pretty serious matter. You need more than
              suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.

            Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.



            If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.



            The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.






            share|improve this answer














            1. Is the "they" the manager? He is a close personal friends with the
              CEO? If he is friends with the top dog then you don't really have any
              safe level to report a problem to.

            2. Do you mean CIO. If the CIO is not aware there are no policies in
              place for security and privacy then he/she is incompetent or
              complicit.

            3. Works are being purchased from members of staff and are not
              legitimate is a pretty serious matter. You need more than
              suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.

            Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.



            If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.



            The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Jul 2 '15 at 12:40

























            answered Jul 2 '15 at 12:23









            paparazzo

            33.3k657106




            33.3k657106











            • +1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
              – AlexFoxGill
              Jul 2 '15 at 12:41










            • For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
              – DaGhostman Dimitrov
              Jul 2 '15 at 12:48











            • You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
              – paparazzo
              Jul 2 '15 at 12:55

















            • +1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
              – AlexFoxGill
              Jul 2 '15 at 12:41










            • For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
              – DaGhostman Dimitrov
              Jul 2 '15 at 12:48











            • You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
              – paparazzo
              Jul 2 '15 at 12:55
















            +1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
            – AlexFoxGill
            Jul 2 '15 at 12:41




            +1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
            – AlexFoxGill
            Jul 2 '15 at 12:41












            For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
            – DaGhostman Dimitrov
            Jul 2 '15 at 12:48





            For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
            – DaGhostman Dimitrov
            Jul 2 '15 at 12:48













            You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
            – paparazzo
            Jul 2 '15 at 12:55





            You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
            – paparazzo
            Jul 2 '15 at 12:55



            Comments

            Popular posts from this blog

            What does second last employer means? [closed]

            Installing NextGIS Connect into QGIS 3?

            One-line joke