Is it part of the security teams mission to insure legal compliance to workplace laws?
I’m part of my company’s “architecture team” but that doesn’t mean I have the right (even though I do have the access) to spin up an X1 AWS instance at work with 2TB of RAM. If my immediate manager said it was okay, I would have sense enough to get it confirmed by my CTO.
Company management does not typically go out of its way to disseminate right-to-unionize speech. They are legally prevented from stifling such speech. And apparently, their alleged labor violations were serious enough that the NLRB mandated as part of their settlement that Google must post more material informing workers of their right to unionize [0].
But my overall point is not that I think her alteration was appropriate (given the context of the tool). But that her mistake could reasonably be seen as one made in good faith, especially because the content itself does not outright violate company policy or labor law. In other words: approved content, unapproved venue. The question is: that's a fireable offense?
So why do you keep likening it to hypotheticals that would reasonably violate standard policy and procedure, such as conspiring with your manager to spend $53K on a Mac Pro that you use at home? Or injecting via browser notification a "political_message_you_dont_agree_with"?
A former company I worked for was under a consent decree. Their legal team had to come up with remedies that were acceptable by the government to address them - not their security team.
I was the dev lead responsible for writing software that would be used by the department that was most impacted by the decree. Should I have taken it upon myself to create pop ups informing them to be careful about compliance? Legally, I probably couldn’t have been fired but would that have displayed good judgement?
When you are part of certain departments or positions, you have more access and therefore are expected to have better judgement.
Many startups have a culture where you could spin up an X1 AWS instance with 2TB of RAM if you need it, without having to go and get approval. Similarly, Google has a culture where engineers make various changes to internal tools without needing approval from higher ups.
No, the post states that it is obviously the case:
>This kind of code change happens all the time. We frequently add things to make our jobs easier or even to just share hobbies or interests. For example, someone changed the default desktop wallpaper during the walkout last year so that the Linux penguin was holding a protest sign. The company has never reacted aggressively in response to a notification such as this in the past. It’s always been a celebrated part of the culture.
I’m part of my company’s “architecture team” but that doesn’t mean I have the right (even though I do have the access) to spin up an X1 AWS instance at work with 2TB of RAM. If my immediate manager said it was okay, I would have sense enough to get it confirmed by my CTO.