I recently changed jobs and moved to Berlin—which is another story in itself.
While getting everything set up for my new role, I noticed something. Several days after leaving my last job, I still had access to internal systems: Teams, VPN, project documentation, etc.
Which of course meant I still had access to a lot I definitely shouldn’t have.
Some Things That Still Haunt Me
No security cameras. Not even in places you’d expect, like entrances or the server room.
The server room was unlocked. It hosted sensitive data. The room had no lock, poor air conditioning, minimal lighting—and apparently, no fire alarm. Some engineers needed clearance to access certain client systems. I didn’t have it, but I still could’ve walked in and grabbed anything.
Sensitive conversations. I sat near the IT security office and overheard almost everything—especially discussions about high-risk client projects. Not exactly secure.
Passwords never expired. People were still using credentials they set over a decade ago. No one was ever asked to change them. And yes, after seeing a few exposed by that classic security threat—the average user—you can imagine what some of them looked like.
Shared admin accounts. Sticky notes. No MFA. No logs. Just trust, assumptions, and chaos.
Audit theatre. They’d temporarily change configurations to pass compliance checks like Cyber Essentials. There was even a Windows Server 2003 box still in production… quietly shut down before audits, and powered back on after.
This wasn’t some scrappy startup. It was a long-running company in a compliance-heavy space.
The problem wasn’t malicious intent—it was a culture of neglect. Compliance was performative. IT lacked authority. HR was out of sync. Leadership assumed everything was “probably fine.”
I didn’t leave because of this stuff. But I wasn’t surprised by any of it.
If you’re in a place like this: protect yourself. Keep notes. And when you leave, check that you’re actually out—because someone might forget to log you off.