I was fired for refusing to deploy a security flaw - and then presented with a non-compete clause designed to make sure I couldn't work for anyone else either. - Movies & TV update: News, Reviews and Trending

I was fired for refusing to deploy a security flaw – and then presented with a non-compete clause designed to make sure I couldn’t work for anyone else either.

My name is Donna Kirby. I am a principal software architect. I have built secure financial systems for fourteen years. I know what a flawed certificate looks like. I also know what a retaliatory firing looks like, because I have now seen both in the same week.

I joined the company six years ago from a smaller firm where I had built the authentication layer for a payments platform that processed $200 million in annual transactions. Glen Tanner, the CTO, interviewed me himself. He sat across a conference table with a wall-mounted display showing system uptime statistics that were impressive only if you did not look at the error rates beneath them. He introduced me at the all-hands as someone who would push us on the technical fundamentals. I thought he meant it. He had a way of saying things that sounded like commitments and functioned as staging. He used the word rigor twice in my introduction. It was a performance for investors in the room, not a standard for the engineers listening.

In year two, I rewrote the company’s certificate validation protocol because the existing version had not been updated since the platform migrated to a new payment processor. Nobody asked me to do it. I did it because the protocol was wrong and I do not build on top of something that is wrong. The revision took three weeks. I documented every change – the original protocol, the revised protocol, the specific vulnerabilities addressed – and saved a complete copy to my personal drive before submitting it to Glen. Glen signed off on it in a group email. He did not read it. I know because the revision included a formatting change in Section 3 that he would have flagged if he had opened the document. He signed off on the subject line. I still have the original email thread on my personal drive. It contains a timestamp and his approval of a document he did not read.

In year three, a junior developer named Marcus flagged a certificate validation issue in a client-facing system – a flaw in the certificate chain that left a known vulnerability in the authentication layer. It was the same category of vulnerability I would later find in year six, in a different system, with the same implications. Glen reviewed the flag in a team meeting. He said: we’ll address it in the next release cycle. Marcus said: the vulnerability is exploitable now. Glen looked at him with the particular patience of a man who has decided what is going to happen and does not want to have the conversation that changes it. He said: I’ve noted it. Marcus. Thank you. The system shipped. Marcus was reassigned to a low-visibility internal project the following month – data migration, no client-facing work, no presentation opportunities. He stopped raising flags in meetings. Within six months, he stopped being in meetings altogether. His desk moved from the engineering floor to a corner office on the third floor that was technically a promotion in title and functionally an exile from the work that mattered. I watched this happen over six months. I saved the email thread from that meeting to my personal drive. I also saved the reassignment announcement. I did not know, at the time, that I was building an archive. I knew I was keeping things that mattered.

I keep a local copy of every significant email thread in my work inbox, exported to my personal drive. I started doing this after a dispute at a previous firm in year two of my career – a disagreement about deployment standards that was resolved in my favor, but only because I had the email chain. Without the emails, I would have lost. With them, the disagreement was resolved in eleven minutes. I do not trust institutional memory to preserve what is inconvenient. I trust my personal drive. The archive contains six years of email threads from this firm, organized by date and subject. Glen does not know it exists. Nobody does.

In year five, I was offered a principal architect role at a competitor. More money. A team I would build from scratch. A security infrastructure I would own end-to-end. The recruiter called it a once-in-a-cycle opportunity. She was probably right. I turned it down because the technical work at my current firm was genuinely interesting – I had designed a security architecture I wanted to see through to full deployment, and the problem set was one I had spent three years preparing for. I told myself this was professional judgment. It was also attachment to the work, which is different from attachment to the company, though I had not yet learned to distinguish between the two.

Glen thanked me personally for staying. We were in the hallway outside the engineering floor. He put his hand on my shoulder briefly – a gesture that felt like mentorship and functioned as possession. He said: I’m glad you’re staying. Loyalty matters here. I looked at his hand on my shoulder. I said thank you. I remembered the word loyalty. I thought about it in year six, when I needed a word for what he expected from me and what I had given him and the distance between those two things.

In October of year six, I identified a flaw in a security certificate the company was preparing to deploy – a validation chain issue in the payment processing authentication layer. The flaw was not subtle. It would leave a known vulnerability in the certificate verification process – the kind of vulnerability that a competent attacker could exploit to intercept transaction authentication tokens. The vulnerability affected the same authentication layer I had rewritten the protocol for in year two. The protocol I revised would have prevented this exact category of flaw – but the revision had been superseded by a newer deployment framework that Glen’s team had adopted without consulting the security architecture team. Without consulting me.

I raised it through two formal channels: a written technical assessment to the engineering lead and a formal risk flag in the project tracking system. Both were deferred – the engineering lead said he would escalate, and the project manager said the timeline was fixed. When the flag reached Glen’s desk, the project was six weeks from a contracted launch deadline worth $4 million in revenue. He wanted a certification. I wanted a secure system. He wanted to ship a product. I wanted to ship a product that worked.

Glen called me into his office on a Tuesday. The office had glass walls and no blinds – a design that looked transparent and functioned as a stage. He sat behind his desk. I stood.

Donna – the certificate needs to ship by Friday.

I told him it had a flaw in the validation chain that would leave a known vulnerability.

He said: Flag it as a future improvement. Ship it.

I put the request in writing. I sent it back to him by email for confirmation. This is what I do when someone asks me to do something I will not do – I make them say it in writing. Most people reconsider at this step. I have sent five such requests in my career. Four people reconsidered. Glen did not reconsider. He replied at 4:48 PM on Wednesday: Donna – just ship it.

I did not ship it.

Thursday morning at 9:15 AM – sixteen hours and twenty-seven minutes after Glen’s email – Pam Sokel, the HR director, called me into a meeting room on the second floor. The room had no windows. The fluorescent lights made a sound I had never noticed in other rooms – a low, electrical hum that filled the silence between sentences. Pam sat on one side of the table. A folder was already open in front of her. A pen was beside the folder, positioned at a specific angle – the angle of preparation, not accident.

She was efficient. Not unkind. She had done this before and the efficiency was the unkindness.

Ms. Kirby, we’re terminating your employment effective immediately. The cause is failure to meet project delivery expectations. Your separation agreement is here. It includes a 24-month non-compete covering all software development roles in the financial technology sector in the United States.

She slid the agreement across the table. The paper made a sound against the surface – a dry, specific sound that I will remember.

I looked at it. I read the non-compete clause. I read it again.

No geographic limitation.

Twenty-four months.

The financial technology sector.

In the United States.

I had built secure systems for fourteen years. This clause was designed to make those fourteen years unsaleable. Not for twenty-four months – for as long as it took the industry to forget I existed. Two years in technology is a generation. A generation of silence is an erasure.

The agreement had a 48-hour signature deadline. I picked it up. I put it in my bag. I did not sign it. Pam watched me put the agreement in my bag without signing. She did not say anything. She picked up the pen that had been positioned at the prepared angle and put it back in the folder. The meeting was over in four minutes.

I sat at my kitchen table that evening with the separation agreement and my laptop open side by side. The kitchen was quiet – the specific quiet of a room where a person is reading a document that will determine the next two years of her career. I read the non-compete clause three times. I counted the industries it covered. I noted there was no geographic limitation – which is unusual and, in most jurisdictions, a sign of overbreadth that courts will not enforce. I noted the 24-month term – which is aggressive for a software architect who poses no legitimate competitive threat to a company she did not steal from but was fired by. I opened my personal drive. I found Glen’s email – just ship it – timestamped at 4:48 PM Wednesday. I found my termination notice – timestamped at 9:15 AM Thursday. I counted the hours between them on the kitchen table, with both documents visible.

Sixteen hours. Twenty-seven minutes.

I closed the laptop. I picked up my phone and texted Deborah Marsh. I had met Deborah at a legal tech conference three years ago and kept her card in my desk drawer. Security architects keep contingency plans. Her card was my contingency plan.

I retained Deborah that evening. I gave her three things: the separation agreement, the email archive – the entire archive, six years – and the timeline. She read the non-compete clause. She read the email from Glen – just ship it – and the timestamp. She read the termination notice – 9:15 AM Thursday. She counted the hours.

She said: This is a retaliatory termination. Sarbanes-Oxley Section 806 covers technology employees who raise security concerns in good faith. The non-compete is overbroad on its face – no geographic limitation, blanket industry coverage, and invoked in the context of a security whistleblower action. We can challenge both simultaneously.

I filed the OSHA whistleblower retaliation complaint the following Monday. Deborah filed the declaratory judgment action challenging the non-compete in state court the same week. When the company’s attorney called Deborah to demand I stop consulting – I had taken one small project, a security audit for a nonprofit, outside the fintech sector entirely – Deborah told them the non-compete was unenforceable as written and that pursuing enforcement would be introduced as additional evidence of retaliation in the OSHA proceeding. The company’s attorney was quiet for a moment. Then he said he would consult with his client. The company did not call again.

The deposition was four months later. Glen Tanner sat at the end of a conference table with his attorney. A court reporter was present – a woman who typed without looking up, her fingers steady and mechanical. I sat across from Deborah, watching.

Deborah placed the email on the table. Exhibit 4.

Mr. Tanner, I’d like to direct your attention to Exhibit 4. Is this your email address in the from field?

Glen looked at the email. He looked at his attorney. His attorney’s pen stopped moving.

I – yes, but this is out of context. The project had a delivery deadline-

Deborah’s voice did not change. It did not need to.

The timestamp on this email is Wednesday at 4:48 PM. Ms. Kirby’s termination notice was issued Thursday at 9:15 AM. That’s sixteen hours, twenty-seven minutes. Can you help me understand what changed between those two events?

The court reporter’s typing continued – the same steady, mechanical pace. She did not look up. Glen’s attorney placed his pen flat on the table. It was the motion of a person who is preparing to stop the proceeding.

Glen’s attorney objected. Glen did not answer. He did not need to answer. The timeline was on the record. The email was on the record. His signature was on both. The court reporter typed this into the transcript – the objection, the silence, and the fact that the silence was the answer.

The deposition ended eleven minutes later. Glen’s attorney terminated it. Glen stood and buttoned his jacket with great care – a gesture I had seen him perform in dozens of meetings. It was the gesture of a man who controlled his surface when he could not control the room. He did not look at the transcript. He did not look at Deborah. He did not look at me. He walked out. His attorney followed him. The door closed quietly.

The non-compete was voided by the court six weeks after the deposition – overbroad, no legitimate protectable interest, and the timing of its invocation supported the retaliation claim in the OSHA proceeding. The OSHA case settled three months after that. The terms are confidential. I signed the NDA because the number made sense and because I was finished with the architecture of that company – not the technical architecture, which I still believe in, but the human architecture that allowed Glen to sit behind his glass-walled desk and tell me to ship a flaw he knew was a flaw.

I work from home now. Different clients. Different systems. The same work – building secure architectures for organizations that want them to be secure, not to look secure.

The separation agreement is in my filing cabinet. Bottom drawer, folder labeled Closed – 2026. I have not opened the folder since the case resolved. I opened the drawer last Thursday to file a new client contract and I saw the folder beneath the new paper. It is there. It sits beneath six years of email archives I printed before I returned the company laptop – a stack of paper three inches thick that contains, somewhere in its middle pages, the email where Glen wrote just ship it and the timestamp that ended his argument. The non-compete clause is on page four of the agreement. I know exactly where it is. I do not need to read it again. I closed the drawer. The new client contract went on top. Paper accumulates.

Last week, I opened a new client’s architecture review and found a potential issue in their authentication layer – not a vulnerability yet, but a structural weakness that could become one under load. I flagged it. I documented it in a written assessment with a timestamp and a citation to the specific protocol standard. I sent it to the client. The client called me within the hour and said: Thank you for catching this. We’ll address it before launch.

That is what it sounds like when the person reading the flag wants it to be correct.

The client I lost during the eight months of unemployment – six years of relationship, a payments firm I had built the original authentication layer for – signed with a competitor during the gap. Their name was on a deal announcement I saw in a trade publication three months after the non-compete was voided. I read the announcement. I recognized the system architecture they described. I had designed it. I had named the security layers. Someone else was maintaining it now, running it on a schedule I had built, monitoring the alert thresholds I had calibrated. I do not reach out to them. I know where the weaknesses will develop – year three of operation, when the authentication tokens need to be rotated and the rotation protocol needs to be tested against the load profile I had modeled. Someone else will have to find the flaw I would have found. Maybe they will. Maybe they will flag it and someone will listen.

They invoked the non-compete to make sure that refusing was the most expensive decision I had ever made. What they did not know is that I had the email where Glen wrote just ship it – and I had the timestamp of my termination. Sixteen hours, twenty-seven minutes. Anyone who has worked in security knows what a sixteen-hour gap between a refusal and a firing means. It means the flaw was not the problem. I was the problem. And the non-compete was the mechanism for making sure the problem went away quietly.

It did not go away quietly. It went on the record.

I was fired for refusing to deploy a security flaw – and then presented with a non-compete clause designed to make sure I couldn’t work for anyone else either.

I am a school nutrition procurement auditor, and when I checked the expired dairy invoices and allergen substitution logs, I realized Darlene Vickers had been falsifying the records that protected children’s breakfast safety, and the proof was scheduled to disappear at 07:15.

I am a USDA veterinary pharmacologist, and when I ran the blood serum on a commercial cattle herd, I realized the operations manager had been pumping them full of banned antibiotics and altering the shipping manifests to send tainted meat to public schools.

I came back from maternity leave on a Monday and discovered that my business partner had taken out a $200,000 loan against our building, diverted $94,000 in tuition payments, and filed paperwork naming herself the sole managing partner – all while I was home with a newborn.

I am a provenance researcher for an auction house, and when I ran a spectral analysis on a 1968 export stamp, I realized my director was preparing to sell looted antiquities using ink that was not manufactured until 2018.

My husband’s family used my Master Sommelier credential to secure $1.4 million in financing for their restaurant group, and during our divorce they told me I owed half the debt from a business I was never actually allowed to run.

Leave a Reply Cancel reply

Related Posts

Leave a Reply Cancel reply