17
Caught my intern forwarding sensitive logs to his personal Gmail last Thursday
I was reviewing the SIEM alerts and saw a weird outbound connection from our log server. Tracked it back to a kid I hired three months ago who was just emailing himself whole event files. Said he wanted to 'practice parsing them at home' but never asked permission. Anyone else deal with new guys thinking they can just take data offsite without a word?
2 comments