Cybersecurity startup fires intern for secretly bypassing safeguards in live production systems “to think like an attacker,” sparking debate over whether termination was too harsh: ‘letting it slide would’ve sent the wrong message about security culture’

Where is the line between being fearful and fearing nothing at all?

Nobody wants their employees to avoid taking risks out of irrational fear, but rather out of calculated caution…Rules are made for a reason, a pre-thought created to benefit the company at best it can, not just some made-up regulation 'just-cause'! There are laws dependent on each industry, for a colorful range of reasons: some based on morals and ethics, and others based on the need for security and secrecy. Each as important as the next. 

As artists, we are taught not to copy the works of others.

As leaders, we are taught to fight for good!

As teachers, we are taught to educate those who know less.

And as goverment authorites we are taught to value loyalty and nationalism.

Those are the basic 'how to's'…But the more we observe people today, the more we notice that they tend to fail in the 'what not to do' department…As if breaking the rules were a fudge chocolate Sundae and they're just a young boy who lives for sugar…But in some jobs, rule-breaking is non-negotiable. Especially when it comes to working with intelligence and security sources. So if you have the opportunity to work in a place of such sorts, it's best to ensure you've read the rule book before saying yes to the job! 

Author image for Emma Saven Emma Saven
Add us on Google
Advertisement

  • So when this Cybersecurity intern goes against the ‘rulebook,’ there are no second chances. His intentions may have been pure, some could even say innovative. But in an industry that prides itself on being secure (cough cough, it's in the name), anything or anyone who threatens that safety barrier is a threat.  

    This Cybersecurity startup began noticing some strange activity a few weeks after their new intern joined…He attempted to bypass their security to, and so I quote, “Think like a hacker”…Now, to put this story in simple terms for all our loyal readers: Genius? Perhaps. Against company policy? Certainly. Fired? Without Question. Necessary? Debatable… 

    This is where the controversy comes in. Interns are brought in to learn, so on one hand, firing them for one mistake may not be the most effective option. Whilst, on the other hand…we are certain that no cybersecurity company would put up with such behavior regarding ‘security culture', so why should they have to? 

  • Stressed employee sitting with his hands on his head with AI projection in the background
    via dotshock

    Image is representative only and does not depict the actual subjects of the story.

  • Advertisement

  • AITA for firing an intern at our cybersecurity startup after they crossed a security boundary?

    I'm a security engineer at a small cybersecurity startup (about 5 people). We recently hired a college intern.
    via logindefense
  • smart, motivated, very eager to prove themselves. No major red flags at first. Part of our onboarding is very explicit: do not test, probe, or experiment on production systems unless explicitly authorized.
    via logindefense
  • This is drilled into everyone especially interns. We work with real customer data and real security controls.
    via logindefense
  • Advertisement
  • A few weeks in we noticed unusual activity in our logs tied to an internal admin function.
    via logindefense
  • Long story short, the intern had been * Using their access to explore internal tools outside their scope * Attempting to bypass a control "to see if it was possible" * Doing this without telling anyone, documenting it, or asking permission They didn't break anything but they did intentionally try to circumvent safeguards in a live environment.
    via logindefense
  • When confronted they said they were "thinking like an attacker" and wanted to show initiative. They genuinely didn't seem malicious but also didn't seem to understand why this was a hard line.
    via logindefense
  • Advertisement
  • After discussing it internally decided to terminate the internship immediately. We explained that in security, intent doesn't matter as much as boundaries and this was a trust issue.
    via logindefense
  • Now here's where I'm conflicted: They're young, this was their first security role and nothing catastrophic happened.
    via logindefense
  • Part of me wonders if this should've been a harsh warning and a teachable moment instead of firing them.
    via logindefense
  • Advertisement
  • Logging data into AI computer source
    via eugen-tamass-images

    Image is representative only and does not depict the actual subjects of the story.

  • On the other hand if anyone else had done this it would've been a serious incident.
    via logindefense
  • Some coworkers think we overreacted and potentially damaged someone's career over a mistake. Others think letting it slide would've sent the wrong message about security culture.
    via logindefense
  • Advertisement
  • So... AITA for firing the intern?
    via logindefense
  • LongjumpingFee2042 It's a hard line so I cant blame you for taking the action you did. but saying that. An intern shouldn't be able to access the prod systems willy nilly like that. They are toddlers running around and will poke and prod anything they have access too What they did was stupid. The system in place needs to be looked at to avoid these stupid situations in the future
    via LongjumpingFee2042
  • danthrowaway122 Compare this to another field, if a pharmacist willingly tries to give different doses to patients that aren't prescribed them, they lose their license immediately. Why should messing with people's valuable data be any less regulated than this when it was explicitly told not to do such a thing? And if they wanted to "take initiative" then they should ask at the very minimum instead of trying to break in while nobody was informed. Imagine being a prisoner and telling the guards yo
    via danthrowaway122
  • Advertisement
  • Nta HappySummerBreeze They had been explicitly warned/instructed to not do that. When confronted they didn't say "oh no! Sorry I forgot we were told not to do that" they instead continued to act like they did nothing wrong - therefore they were an ongoing risk.
    via HappySummerBreeze
  • Drone314 NTA. That kid needs the shock to understand what they did can not fly in the real world. You did the right thing, interns can also be attack vectors. It's really the "ask for forgiveness rather than permission" that sealed their fate. Want to be on the red team? fine, lets get everyone onboard and brainstorm the scenario, there is no room for cowboys in this business.
    via Drone314
  • Two men coding at a cybersecurity company
    via seventyfour

    Image is representative only and does not depict the actual subjects of the story.

  • Advertisement
  • Cam23806 NTA - You did the correct thing. And you'd be teaching the wrong lesson if you had "let this slide." This was a conscious decision on their part. Sounds like they didn't really think it though. But a very clear failing to follow protocol in a job that is all about protocol. Also, as a short-lived internship, it's not like this is something that will follow them unless they choose to add it to their resume. Hopefully they'll retain this lesson in their future positions.
    via Cam23806
  • G_Michael0 NTA. Violated terms of their employment. Better to learn now than later.
    via G_Michael0
  • Hot Maintenance7461 Snowden was caught red handed several times before he exfiltrated the data he did, zero tolerance is the law in security. If you don't follow it you get what you deserve
    via Hot Maintenance7461
  • Advertisement
  • NTA. quats555 Either they didn't listen to the rules, didn't believe you that it was important, or lied to you about what they were doing or why they were doing it. None are a good thing when an intern dealing with a superior in cyber security.
    via quats555
  • NTA. tsukinofaerii Nothing catastrophic happened this time. Next time an intern pulls something like that, maybe not. You're following rules established not just for this person, but for the company. The time for teachable moments is in the classroom, not here. Additional point: it shows an extreme lack of critical thinking and understanding of risk management to have been doing any of this in prod. Even if the probing they'd been doing had been within the scope of their position, the foolishnes
    via tsukinofaerii
  • a920116 I don't work in cybersecurity but I would say NTA. The intern didn't follow the one very explicit rule that you gave. He tried to breach the security as an "attacker". The key part of the job his security and he tried to break it. I feel like as long as you explained fully why he was being let go and why it is hard to accept the intern still but will provide a reference if needed. It was his first role sure but the intern crossed a very serious line in security and they didn't follow the
    via a920116
  • Advertisement

Stay up to date by following us on Facebook!

Tags

hacking internship cyber security fired breaking rules
Scroll Down For The Next Article

Also From FAIL Blog

Woman organizes concert tickets for friends who back out last-minute, she refunds their payments, but resells the tickets for an extra $150 each, when they discover she kept the profit, they accuse her of stealing: 'Insinuating that the profit was theirs'

Woman organizes concert tickets for friends who back out last-minute, she refunds their payments, but resells the tickets for an extra $150 each, when they discover she kept the profit, they accuse her of stealing: 'Insinuating that the profit was theirs'

Trending Now

Parents allow unemployed 23-year-old son to move home, he requests $10k from Dad after quitting new job: 'You don't quit your job without having another lined up'

Parents allow unemployed 23-year-old son to move home, he requests $10k from Dad after quitting new job: 'You don't quit your job without having another lined up'

01
15+ Employees who walked out of their jobs and never looked back: 'I looked at my boss, deleted my files, and left'

15+ Employees who walked out of their jobs and never looked back: 'I looked at my boss, deleted my files, and left'

02
34 Lord of the Rings Memes for Fans Quoting LOTR Whenever Possible (December 21, 2025)

34 Lord of the Rings Memes for Fans Quoting LOTR Whenever Possible (December 21, 2025)

03
Hallmark’s Brainrot Holiday Movies Are Keeping You From Creating New Christmas Classics

Hallmark’s Brainrot Holiday Movies Are Keeping You From Creating New Christmas Classics

04
‘I saved you’: Rejected job offer turns out to be a blessing in disguise when a recruiter admits that the prospective company was corrupt

‘I saved you’: Rejected job offer turns out to be a blessing in disguise when a recruiter admits that the prospective company was corrupt

05
‘Just fix it’: Retail customer blames employee for not stopping her from buying the wrong phone charger for her iPhone, then demands a refund without a receipt, worker refuses

‘Just fix it’: Retail customer blames employee for not stopping her from buying the wrong phone charger for her iPhone, then demands a refund without a receipt, worker refuses

06
Advertisement