I think their performance is relevant. Why would an employee be able to easily run an unknown binary from the internet to begin with? If the systems were properly configured to block this, there would be no issue. If I were an executive, I would absolutely be looking at my IT team in this case.
If the employee went entirely out of their way to run an unknown binary, bypassing OS-level restrictions, and sidestepping established procedures - then the employee should be fired.
You really are not familiar with the concepts of company policy and liability, are you? Whether there is an effective technical restriction in place is relevant to the question “can you run the thing”. It is irrelevant for the question “did you circumvent company policy?” and, subsequently, to the blame/firing that comes from it.
This is the exact same discussion people keep having about “government can’t block VPN” or “encryption can’t be broken” when the idea of a law forcing backdoors in services floats around. Sure, you can still use encryption, technically. But if there’s a law that say “encryption too strong to be broken is illegal”, then you’ll get arrested all the same, effective technical restriction or not.
Irrelevant. The defense of “they should do better” will do jack to prevent the firing of someone that willfully circumvented company policy.
I think their performance is relevant. Why would an employee be able to easily run an unknown binary from the internet to begin with? If the systems were properly configured to block this, there would be no issue. If I were an executive, I would absolutely be looking at my IT team in this case.
If the employee went entirely out of their way to run an unknown binary, bypassing OS-level restrictions, and sidestepping established procedures - then the employee should be fired.
You really are not familiar with the concepts of company policy and liability, are you? Whether there is an effective technical restriction in place is relevant to the question “can you run the thing”. It is irrelevant for the question “did you circumvent company policy?” and, subsequently, to the blame/firing that comes from it.
This is the exact same discussion people keep having about “government can’t block VPN” or “encryption can’t be broken” when the idea of a law forcing backdoors in services floats around. Sure, you can still use encryption, technically. But if there’s a law that say “encryption too strong to be broken is illegal”, then you’ll get arrested all the same, effective technical restriction or not.