This case is a perfect example of why offboarding checklists don't scale. The fact that his code explicitly checked AD status shows he knew the manual process and exploited the gap between HR decision and IT execution. I've seen orgs try to solve this with better runbooks, but the real fix is event-driven automation that revokes access within minutes of termination, before any logic bomb can even check its trigger condition.
This case is a perfect example of why offboarding checklists don't scale. The fact that his code explicitly checked AD status shows he knew the manual process and exploited the gap between HR decision and IT execution. I've seen orgs try to solve this with better runbooks, but the real fix is event-driven automation that revokes access within minutes of termination, before any logic bomb can even check its trigger condition.
Agreed, and that helps to validate and reduce the risk of insider threats.