The Funeral Dirge at 441 Hertz

The server room hums with a frequency that used to sound like progress, but lately, it just sounds like a funeral dirge played at 441 hertz. I am sitting across from Dave. Dave has been with the company for 21 years. He knows the names of everyone’s children, he remembers the specific day we moved from the old warehouse to this glass-and-steel monstrosity, and he is currently explaining to me that our cybersecurity is ‘solid’ because the antivirus definitions updated at 2:01 AM. I feel a physical twitch in my left eyelid. It is the kind of twitch you get when you realize the person holding the map is looking at it upside down, but they are so kind and have been holding it for so long that you feel like a monster for pointing it out.

Dave is what we call an Expert Beginner. It is a specific, agonizing category of professional who reached a plateau of competence back when the Blackberry was the height of sophistication and simply decided to set up camp there. He is not lazy. On the contrary, he works 51 hours a week, meticulously checking cables and ensuring the printers don’t revolt. But in a landscape where the threat actors are pivoting every 21 months, Dave’s brand of loyalty is becoming our greatest vulnerability. We are drifting toward a catastrophic data breach on a cloud of mutual politeness and Christmas cards.

The Motor Oil Illusion

I remember meeting Morgan C.-P. a few months back. She is a food stylist, the kind of person who spends 11 hours making a single hamburger look like a religious experience for a magazine cover. We were at a weird networking event where the appetizers were mostly foam. Morgan told me that her job is essentially a series of beautiful lies. She uses motor oil instead of maple syrup because it photographs better. She pins cardboard inside cakes to keep them from sagging. Looking at Dave, I realize his IT infrastructure is a Morgan C.-P. creation. From the outside, the dashboard looks green. The lights are blinking in the right sequence. But the moment a real auditor or a sophisticated ransomware strain actually tries to ‘bite’ into our network, they are going to find a mouthfull of motor oil and cardboard. We are styling our security instead of building it.

It is a strange contradiction to value loyalty while simultaneously resenting it. We are told that tenure is an asset. In most departments, it is. A salesperson with 21 years of relationships is a goldmine. A CFO who knows the bones of the company is a fortress. But IT is different. In IT, 21 years of tenure without a corresponding 21 years of aggressive, painful re-learning is just institutional blindness. Dave thinks a firewall is a physical wall you build around the data. He views the cloud as ‘someone else’s computer’-which is technically true but practically useless when you are trying to implement a Zero Trust architecture. He doesn’t understand lateral movement. He thinks that if the front door is locked, the windows don’t matter.

“

I actually tried to explain this to him last Tuesday. I brought up the concept of a zero-day exploit, the kind of vulnerability that doesn’t have a patch yet. Dave smiled at me with the indulgent warmth of a grandfather explaining how to bait a hook. ‘Our antivirus updates every night,’ he said. ‘We’re covered.’

I wanted to scream, but instead, I just drank more of that ozone-tasting coffee. I have turned my own brain off and on again 11 times today just trying to process the gap between our reality and his perception. We are caught in a cycle of ‘yes, and’ that is slowly killing the company. Yes, Dave is a great guy, AND he is a liability. Yes, he saved the server back in 2001 when the basement flooded, AND he is the reason we will likely lose our insurance coverage next year. It is a tragedy of the loyal but obsolete. The organization feels too much guilt to replace him, and he is too proud to admit he is out of his depth. We are all participating in a polite conspiracy of silence while the digital house burns down around us.

This is where the friction becomes heat. I have spent $401 on various security certifications for myself just so I can speak the language, even though it is not my job. I see the holes. I see the way our legacy systems are screaming for mercy. When you realize your internal expertise has become a bottleneck, you have to look outside, not just for tools, but for a different kind of philosophy. There is a specific relief in talking to professionals who do not have 21 years of emotional baggage tied to a specific server rack. Organizations like Spyrus exist precisely because the gap between ‘the way we’ve always done it’ and ‘the way it needs to be’ has become a canyon. You need a partner who isn’t afraid to tell you that your maple syrup is actually motor oil.

The Reactive Visual Model

I often think about Morgan C.-P. when I am walking through our data center. She told me once that the secret to her job is knowing exactly what the camera can’t see. If the camera doesn’t see the toothpick holding the tomato in place, it doesn’t exist. Dave operates on the same logic. If he doesn’t see the hacker sitting in our O365 environment for 211 days, then we are secure. It is a reactive, visual-based security model in an invisible, proactive war.

I made a mistake last year. I trusted Dave when he said we didn’t need multi-factor authentication because ‘it would just confuse the guys in the warehouse.’ I prioritized user convenience over existential survival because I didn’t want to hurt Dave’s feelings. That is a failure of leadership, not a failure of IT. I let my affection for a veteran employee cloud my judgment of his technical limitations. We ended up with 11 compromised accounts in a single week. Dave’s solution? He changed their passwords. He didn’t look for the persistence mechanisms. He didn’t check the API hooks. He just turned it off and on again and assumed the ghost was gone.

The Weight of Complicity

There is a psychological weight to this that no one talks about. It is the exhaustion of being the only person who knows the ship is sinking while everyone else is praising the captain for how shiny the deck looks. I find myself digressing into thoughts about retirement ages and severance packages. Is it more ethical to keep a man employed in a role he can no longer perform, or to protect the 401 other employees whose livelihoods depend on the company not being liquidated by a Russian hacking syndicate? It’s a 1-to-11 ratio of guilt versus responsibility.

I think about the 11 different ways I could bring this up to the board. I could show them the audit logs. I could show them the industry standards. But the board loves Dave. Dave fixed the Chairman’s home laptop in 2011. Dave is the guy who ‘just makes it work.’ That ‘just making it work’ is the most dangerous phrase in the English language. It usually means bypassing security protocols, ignoring updates that break legacy software, and leaving the back door propped open with a brick because the key is too hard to turn.

Historians vs. Active Defense

We need to stop equating tenure with expertise. In the world of bits and bytes, tenure can often be the opposite of expertise. It can be the accumulation of bad habits and outdated mental models. If you haven’t fundamentally changed how you view network architecture in the last 21 months, you aren’t an expert anymore; you are a historian. And historians shouldn’t be in charge of active defense.

I will probably have to be the one to do it. I will have to be the ‘bad guy’ who suggests we bring in a managed security service or a specialized firm to overlook Dave’s work. I can already see his face. It will be the look of a man who has been told his dog is ugly. But I’d rather deal with a hurt ego than a $1,001,001 ransom demand that we can’t pay.

In the end, this isn’t about Dave. It’s about the illusion of safety. We cling to the familiar because it’s comfortable, not because it’s effective. We trust the person we know, even when the person we know is telling us that the fire is just a sunset. Morgan C.-P. can make a plastic turkey look like a feast, but you can’t feed a family with plastic. And you can’t protect a company with 21-year-old assumptions. I’m going to go have another cup of ozone coffee and draft the proposal. It’s time to stop styling the network and start securing it. Even if it means finally admitting that Dave, for all his loyalty, is the biggest hole in our armor.

The Shift in Philosophy