alt Hacker News> [Opexus] said that “the individuals responsible for hiring the twins are no longer employed by Opexus.”
Getting close to the classic Monty Python line: "Those responsible for sacking the people who have just been sacked, have been sacked."
Jokes aside, stuff like this sucks because I suspect many employers will take from it the most extreme, dehumanizing lessons, e.g.: (a) make firings [edit: including lay-offs] as abrupt as possible including terminating all access immediately, (b) never give second chances to anyone with any sort of criminal record (even say decades old marijuana posession or something).
I'd prefer a more balanced version: limit unilateral access to sensitive systems in general (not just of recently-fired employees), when someone is fired immediately shut off particularly sensitive credentials if they do exist (but not their general-purpose login/email account), avoid hiring people convicted of wire fraud as sysadmins, hash your @!#$ing passwords, etc.
Replies
Terminating access and rotating passwords (if needed) while the person is in the meeting but has not yet found out they are being let go has been SOP for at least the last 20 years
When you are talking about access like they had "make firings as abrupt as possible including terminating all access immediately" not doing this is incompetence. This is absolutely a standard and has to be for these kinds of positions. I've never worked anywhere where it wasn't for the majority of IT staff. You meet with HR, someone clears your desk, and security walks you out.
Privileged access should only be temporary in context of break glass with approval. People can go ballistic with core systems for reasons other than firing.
They do all of that now though...
In the US, they'll terminate your access while you're on the Teams Meeting behind the scenes and if you have any gaps, issues, blips, or smudges in your resume it gets thrown into the recycle bin by some AI agent.
In an age of malicious agentic AI, this level of access is negligent. A lack of engineering controls preventing this from happening at all means that a simple phishing or supply chain attack could easily have resulted in the same outcome or worse.
Jokes aside, stuff like this sucks because I suspect many employers will take from it the most extreme, dehumanizing lessons, e.g.: (a) make firings [edit: including lay-offs] as abrupt as possible including terminating all access immediately
The employee is always the last to know. This is standard fare.
> a more balanced version: <bunch of weedy ACLs, judgement calls, liability/>
Too complicated and subjective, stinks of more risk.
Also, I don't think it's dehumanizing it all (having been on the receiving end of it way back when during a layoff, and involved in the process more times than I care to count). It's standard practice for involuntary terms at all companies we work with, whether employee is IT or not. If a company is not doing this already, I'd encourage them to.
Then Opexus fired the one who said it.
Leaving no one to say anything anymore on their behalf.
the problem is that its so challenging to figure out what the person actually has access to. Have they ever done a export with sensitive information, that is now sitting on their local machine? Any important clients they still are in contact with over email that they may try to sabotage? Any other creative endeavors you haven't thought through?
The most fool proof way is just to nuke the computer in its entirety.