Horror Stories and Cyber Readiness – Unscripted With SST Episode Eleven

In this Halloween themed episode of Unscripted with SST, host Tracy Tobin brings together Beau Elston, Josh Shrake, and Ryan Gallenberg to share real incidents from the field. These stories are not hypothetical. They are real situations that led to security gaps, outages, and long nights for both IT teams and the businesses involved.

Each story highlights how small oversights can grow into big problems if there is no structure or strategy behind technology decisions.

The Public Workstation With Full Access

Josh opened the episode with a story from a site visit where he found a publicly accessible workstation left unlocked. The account on the machine had access to the company’s entire shared drive, including personal information, confidential files, and internal documents.

This happened simply because the business had no enforced access controls or security policies. Even basic protections like MFA, proper permissions, and automatic screen locks would have prevented it.

The lesson is simple. If access is not managed, everything is exposed.

The Storage Update Failure

Beau shared an experience involving a storage array update. The equipment had redundant components, which should have allowed the update to occur with no downtime. Instead, a misconfiguration caused the failover process to break, taking systems offline during business hours.

A planned maintenance window would have prevented widespread disruption. Even the most redundant systems can fail, and critical updates should never be performed when operations are in full swing.

Vendor support contracts were the only reason the business recovered quickly. Without them, downtime would have been much longer.

The Rearranged Office That Broke Everything

Ryan and Josh recalled a week spent rebuilding a client’s network after the company moved equipment over a weekend without notifying anyone in IT. Cables were moved, devices were powered off, and vendor systems were unplugged. The result was a complete outage that took days to unravel.

The business assumed everything would work the same after the move. Instead, IT had to reverse engineer the entire setup.

This story shows why communication is essential anytime equipment is relocated, replaced, or unplugged. A quick conversation could have avoided days of downtime.

The Friday Night Reboot Disaster

Josh described a simple reboot gone wrong at a healthcare facility. After restarting a piece of call routing equipment, the device failed to function and could not be accessed for troubleshooting. Inbound phone calls for the facility were affected until vendor support stepped in hours later.

Even small changes need failover plans. Even scheduled maintenance can go sideways. And even simple reboots are not risk free.

The key takeaway is to have a backup method ready before touching production systems.

The Breach That Was Not Gone After All

Beau closed the episode with a cyber incident that seemed resolved until compromised accounts suddenly reappeared. The attackers had stayed in the environment through hidden persistence mechanisms that were not uncovered until deeper forensic analysis began.

This incident shows how complex modern threats have become. Without layered security, active monitoring, strong logging, and correlated visibility across systems, threats can hide for weeks or months without detection.

A single tool is not enough for modern security. Businesses need a full strategy.

Key Takeaways From the Team

The team wrapped up the episode with practical advice to help businesses avoid similar disasters:

• Create a ninety day security roadmap with clear ownership and measurable goals.

• Commit to a security framework and make it part of organizational culture.

• Schedule and follow maintenance windows so updates do not impact operations.

• Over communicate any change that might affect IT systems.

• Document everything so recovery is faster when issues occur.

• Use layered security to catch threats at multiple points, not just at the endpoint.

Ready To Strengthen Your Cyber Readiness?

Every story in this episode had a common theme. The impact could have been smaller if the business had structure, communication, and proactive planning in place.

SST helps organizations improve readiness through employee training, advisory services, modernization planning, policy development, and cybersecurity assessments.

Schedule a cyber readiness session and leave with a clear ninety day plan for strengthening your defenses.