The Ultimate Insider Threat: Being an A-word
By: Paco Campbell
Published: Saturday, November 29th, 2025
There’s a moment in Office Space when Bill Lumbergh wanders into a cubicle with his coffee mug and his condescending little half-smile — and you can just feel the productivity leaving the building.
No malware.
No ransomware.
Just a man whose personality is an OSHA violation.
Lumbergh never sabotages anything.
He doesn’t breach data.
He doesn’t blackmail the company.
He simply shows up, and that’s enough to make everyone stop caring.
Most insider-threat frameworks are obsessed with the rogue engineer with root access. But the truth is simpler, dumber, and more dangerous:
The ultimate insider threat is the leader who makes everyone miserable.
The kind who uses authority like a flashlight they never learned to aim anywhere but someone’s face.
Leadership: First Line of Defense — or Root of Decay
We talk about “culture” like it’s a soft metric, a squishy HR concern you sprinkle around to keep millennials from quitting during lunch.
But culture is a control plane.
It determines whether people escalate issues or stay quiet.
Whether they question a strange pattern or assume someone else will deal with it.
Whether they raise their hand early — or wait until the reactor is already smoking.
Lumbergh is funny on screen because his damage is small and slow.
In real life, his style becomes a chronic condition: meetings that feel like punishment, teams that operate out of fear, a workforce that learns the safest thing to do is nothing.
And that’s how companies rot — not from hackers, but from leaders who treat psychological safety like an optional add-on.
Security Theater vs. Security Reality
Here’s the part the industry hates to admit:
We will spend millions on IAM, SIEM, XDR, and whatever acronym Gartner invents next quarter —
but not one of those tools can defend a team from an asshole in a high-up title.
We harden systems, but never personalities.
We patch servers, but never egos.
We audit access, but never arrogance.
Yet arrogance is the precursor to half the disasters we read about.
A single bad leader can:
• silence junior staff who notice something wrong
• create an environment where no one escalates early
• turn cross-functional collaboration into trench warfare
• push people to hide mistakes
• burn out the exact experts the company depends on
A CVE won’t destroy your culture.
A “leader” who belittles, mocks, or intimidates will.
And unlike a CVE, they can’t be patched.
They can only be removed.
I Know This Pattern
When I read about the Campbell’s lawsuit — the recording, the allegations, the termination — something in me jolted.
Not because I’ve lived that story, but because I’ve lived the shape of it.
The pattern.
The dynamic.
The leader whose behavior becomes such a liability that everyone around them learns to work in careful, quiet arcs just to avoid setting off the next detonation.
I’ve been in rooms where the air changed the moment a certain leader walked in.
I’ve sat across the table from people whose tempers were more dangerous to the organization than any phishing campaign.
Once you’ve seen that damage up close, you never confuse arrogance for strength again.
The Campbell’s Case: When the CISO Is the Vulnerability
That’s why this story resonated.
A lawsuit filed by a former employee includes a recording that allegedly captures a then-executive — who has since been terminated — making disparaging remarks about colleagues and customers. The company says they verified the recording was his before ending his employment.
The rest remains allegations in an active legal matter.
The specific facts will be sorted out in court.
That’s not the point here.
The point is what this situation represents:
A leader whose alleged conduct — belittling, mocking, and demeaning the very people and products he was supposed to protect — became such a liability that it triggered a corporate response at the highest level.
Most companies fear the insider who steals data.
But the more realistic threat is the insider who destroys trust — the executive who creates so much psychological damage that people disengage, check out, shut up, or leave.
No attacker loves a target more than one run by leaders who demoralize their own workforce.
It’s like leaving the back door open and placing a welcome mat.
Whether or not every allegation sticks, the lesson isn’t in the legal filing — it’s in the wake-up call:
You can have zero critical vulns and still be insecure if your leadership culture is rotten.
Gen Z, RTO, and the Myth of “It’s Good for the Younglings”
And now we arrive at the generational plot twist.
Corporate America keeps pushing RTO with the same energy as a parent insisting their kid eat broccoli “because it builds character.”
The subtext is always the same:
“It’s good for Gen Z. They need mentoring.”
Sure.
But mentoring from whom?
If you force people back into offices where leaders behave like Lumbergh with a Wi-Fi budget, congratulations — you’ve created a pipeline of disillusioned talent who will leave the moment they get a better offer.
Gen Z isn’t fragile.
They’re just unwilling to tolerate what previous generations normalized:
• public humiliation in meetings
• “don’t take it personally” racism
• micromanagement as a personality
• managers who think yelling is a leadership style
• executives whose temper detonates every 45 minutes like scheduled cron jobs
If RTO is going to be mandatory, then psychological safety has to be mandatory too.
You can’t drag people into the building and then act shocked when they want to escape again.
Psychological Safety Is Critical Infrastructure
This is the part people pretend is philosophical, but it’s practical.
Psych safety determines:
• whether issues are caught early
• whether small problems become catastrophes
• whether people stay long enough to develop expertise
• whether talent actually talks to each other
• whether teams operate like collaborators or survivors
If psychological safety is weak, everything downstream is brittle.
And brittle systems don’t fail gracefully.
They shatter.
The Real Insider Threat
In Office Space, Lumbergh never learns.
He doesn’t grow.
He doesn’t apologize.
He just keeps sipping his coffee while the building metaphorically (and eventually literally) burns around him.
The punchline is that he never sees the flames.
He’s too busy asking someone to come in on Saturday.
Real life isn’t a comedy, and the stakes aren’t TPS reports.
The Campbell’s situation — whatever the ultimate legal findings — is a reminder of something far bigger:
The most dangerous insider isn’t the one with stolen credentials.
It’s the one with institutional power and zero emotional intelligence.
Because you can defend against malware.
But you can’t defend against a leader who sets the culture on fire and everyone looks the other way.