TMJPLetter2JennyChangUS_20101208

	A.B.Treiner * Leopoldstraße 124 * D-80802 München
	Trend Micro Inc. Jenny Chang - CCO 10101 N. De Anza Blvd. Cupertino, CA 95014 United States
			Date:
			Munich, 8. December 2010
	My ejection from Trend Micro Germany by bullying attacks Dear Sirs, dear Madams, You know that I worked for Trend Micro more than 3.5 years mostly from early in the morning until late at night. You may also know that I brought up several projects which saved Trend Micro large investment budgets. So I worked for your company over three years nearly 13-15 hours per day. I am very sure that I was one of the most committed employees of Trend Micro since founding the company. I think you know also that I initiated the correct implementation of the Standard String Libraries (STL) to all build trees of IMSS. This initiative caused a dramatically enhancement of IMSS. I am quiet sure that the wrong implementation of the STL library was mainly responsible for many failure scenarios at customer side (such as segmentation violations, memory leaks, looping processes, etc). So enhancing the stability of IMSS and the increasing of customer satisfaction was mainly caused by my initiative. Furthermore you know that I was the only engineer from EMEA SEG who shared knowledge with colleagues from US and JP and CN. And I was the only one from EMEA SEG who published concept papers, white papers, case studies and other documentaries for global consideration beside my normal responsibilities. All this initiatives have been only performed by me – I did not see any similar activities from other colleagues although they mostly worked for Trend Micro since about ten years. Also you may know that I solved several case issues which caused before a circular attention to service engineering - nearly every two months. This was mostly due to implementing solutions which covered related RFC recommendations only fractionally. So it seemed that I was the only engineer from EMEA SEG who was able and willing to analyze and adapt RFC compliant solutions to Trend Micro products. Again I guess you know that I also solved rather difficult cases for IWSS, where the main supporter stated that the issue can not be solved because of a wrong software design. So I was not surprised that global developers contacted me for enhancement topics of IWSS instead of the main supporter. I am sure that global development respected my expertise and product competence although I never got knowledge transfer for IWSS. Since I informed Oscar and Rice about my initiatives, I myself put several solutions into practice within my spare time to enhance the testing infrastructure within EMEA SEG. I developed tool sets for backup and recovery and another one for sharing testing sessions within separated networks. Also I developed a tool set for merging customer related case data between involved teams within separated networks. Additional, I engineered a tool set for auto-handling maintenance tasks for virtual hosts. On top of that I set up an infrastructure and tool sets to handle well established security mechanisms such as Private/Public Key-Authentication and assignment of dedicated super-user permissions. As a security company, Trend Micro should consider such mechanisms described above. I do not think that especially enterprise customers would accept security solutions from Trend Micro if they would know that Trend employees do not respect minimal security mechanisms such as “do not work with root account”. By the way, I know of engineers within EMEA SEG who used to compile debug builds as super user and delivered these kind of builds to customers. Such proceedings are well known as major reason of vulnerabilities within software products and I am sure customers would switch immediately their security providers if they would know about such issues. Concerning the Backup and Recovery project: I sent a documentary about the solution and an overview about my personal efforts to realize this project to Oscar Chang as well as to Michael Eberl. They knew that the solution was not a simple ad hoc implementation. So they knew the solution would cover all requirements from work groups as well as from big enterprises. The realization of only the backup and recovery solution cost me the efforts listed on the next page. So considering all the other projects, one can imagine the enormous budget that I saved Trend Micro by developing these solutions solely within my spare time. Project analysis: 3 man weeks Realization: 3 man month Redesign/Revision: 4 man weeks (this was necessary as I determined the low Unix knowledge of colleagues - contradictory to their self-manifestation) Synchronization effort: 4 man weeks (weekly synchronization of my private development environment and the development environment within the company) Effort for realizing a simulation environment to cover the company specific network infrastructure (separated networks, replication via gateways) 4 man weeks Testing/quality-assurance 4 man weeks Documentation Presentation: 4 man weeks Implementation Pilot phase efforts: 4 man weeks Summary: around 50 man weeks Background for realizing the backup solution was that 2008 several colleagues had unplanned outages because of disk crashes at their personal environments. These breakdowns interfered with our ability to handle cases. From my point of view it is a strong issue to avoid such situations. My manager explained to me that we will not have any chance to get a budget to manage such disruptions by third party products as well as we do not have any capacity to develop solutions by our own team. During my career I already experienced that managers with similar approach were kicked out of their job as related disaster scenarios occurred and the they had to declare their inability of acting. So, I protected not only Trend Micro from such kind of scenario – I also protected Michael Eberl losing his job. As software company, I am sure you can imagine that the effort of each of the above mentioned initiatives would be calculated by serious product managers with at least several man years. So I saved Trend an investment budget of at least one million dollar. The backup and recovery solution works for all platforms used within Trend Micro (Windows, Linux and Solaris). Buying a comparable third party product would cost Trend Micro several ten thousand dollars only for an implementation in Germany, several 100 thousand dollar considering EMEA and at least a million dollar considering a global implementation. Although Michael Eberl consistently pushed me to publish my backup solution I had to struggle against great obstacles after publishing the solution. Especially Jochen Strobl argued against the solution as it allegedly would not suit his requirements. His arguments could all be voided by self verifications or by official statements from related suppliers. Jochen Strobl adopted the responsibility for the virtual infrastructure to his own although he did not have the competence to handle the system. The responsibility for this project allowed him to shield himself from daily business - including the advantage of being rewarded for doing nothing. As well it got him into a position where he did not have to provide proof about his doing and even about his performance. The missing competence was obvious by keeping in mind that he took three quarters of a year to set up a virtual server. This usually is the task of a novice with advices from senior experts which normally should be accomplished within a week. By the way, it happened several times that virtual servers crashed and had to be repaired manually since the servers were not able to restart automatically due to disabling all mechanisms of self-repairing and auto start of Unix at initial installation time. Although Jochen Strobl declared to be in charge of the servers, he finished work at 3:30 pm even during times of the above mentioned disaster scenarios informing others that he will not be able to solve the issue anyway. So trouble shooting and problem solving had always to be done by others - mostly as me - during unpaid over time. Jochen Strobl seemed to expect that my backup solution could disturb his convenient situation and therefore he boycotted, discredited and disparaged my solution in each possible way. His activities had been assisted by his colleagues such as Karen Martin and Michael Zwenger and lastly were supported by Michael Eberl. Karen Martin, Jochen Strobl and Michael Zwenger have several in common: All three are finishing their work consistently around 3:30 pm. Every morning before they started to work, Karen and Jochen allowed themselves a two hours breakfast. Michael Zwenger visited a two hours English training every week. It was stated officially that these two hours as well as the two hours breakfast will not be determined as working time. Although this has been expressed clearly by the management, Karen and Michael Zwenger did not see any reasons why they should work any longer than 3:30 pm. They were rewarded as full-time workers but they allowed themselves a part-time job. Additionally Karen and Michael Zwenger spent hours every day with private phone calls. Jochen Strobl reduced his duty hours in a very special way - he approved himself around 2-3 days off every month by self certified sick notes. I never ever recognized any indications of sickness neither before nor after absences due to sickness. In this way he increased every year his spare time days to a whole of nearly 70 days. Karen Martin usually had to shift four cases per day to engineers skilled appropriately. This normally takes 20 minutes a day. But this would have insufficiently covered her manpower capacities. Therefore she also had to provide pre-analysis for cases before shifting them to engineers. But she never covered this duty despite being dedicatedly responsible for. If at all, she frequently analyzed issues which did not relate in any way to the case topics. Karen declared herself as windows expert, but I remember cases where she did not find the origin of a windows problem for more than five weeks. Finally in one case I had tell her the origin of the problem which was caused by an improper name resolution between AD Server and the NTP Server associated within the windows registry. Karen always finished her work at 3:30 pm even with escalated customer cases whereas I often worked until 11:00 pm to analyze customers environments or simply trying to find solutions or workarounds. Nevertheless, Karen spread rumors about an allegedly minor customer orientation of me and that I myself had declared I would not have any network knowledge. After a while she spread similar rumors that I would not have any database knowledge. And finally she put out rumors that I should have said that I do not have any IT knowledge in general. Now see my attached project history. I am very sure you will come to the conclusion that my competence covers the knowledge of all colleagues together. By the way Karen tended to blame others in a rather vulgar and foul-mouthed way to ensure her position. Even though she did not step back from acting violently to enforce her position. I think co-workers hiding their limited knowledge behind infamous activities should not serve as role model. Karen worked as transport coordinator for hardware components at her last employer. Would you accept medical advices from someone who was employed before to handle crutches and false teeth? I think, Karen did not have the expertise that usually is required in an engineering team. I never experienced before that the role of a process coordinator was considered to be a manager role. The requirements of a manager are analytical skills, strategic thinking and entrepreneur's creativity whereas the requirements of a coordinator only is the awareness that specific topics have to be assigned to engineers with related skills. Both requirements are contrary. I have met some former colleagues of Karen who confirmed that she was known as someone who faced disputes mostly with hooligan attitudes. Karen was designated in 2009 to review the ideas of Trend Learning Circle (TLC) and to put the ideas into practice in order to enhance the team-work. She never covered this task, although I indicated to Michael Eberl several times the need of improvement of our co-working. Instead, Karen prepared a list of five rules which should be considered by our case handling. Unfortunately, she only repeated issues which already had been considered standard for years by all SEG Engineers. Within his annual appraisal Michael Eberl declared such doing as exceptional achievement. To me this isn't even worth mentioning! Michael Zwenger and myself supported the products IMSS and IWSS. We were responsible to each other's backup role. I covered IMSS as a main supporter whereas IWSS was covered by Michael as main supporter. And he was the one who compiled debug builds as super user and sent out such kind of builds to customers. Michael often blamed developers from Asia and US with false pretenses. On one day he described these developers as incapable since they invoked shell scripts from inside of C/C++ binaries. For Unix-/Linux experts it is known that this is an usual way since more than 90 percent of the executables of Unix are either shell-, perl- or python-scripts. A closer look reveals his true personality. He liked to boast about a self developed application. In his own words this application seemed to be the best solution that had been realized ever. After a while it turned out that his private internet provider blocked all traffic from and to his host due to be the origin of malicious attacks. All of a sudden the same application mutated to an application developed from incompetent developers - provided to an unsecured platform. Surprisingly, this was the same application which had been stated as self development in the first place. It utilized the same platform used by thousand of Unix key players without any security issues. I guess that the vulnerability was not caused by the application itself but by compiling components of the software as super user and ignoring the obligatory recommendation of never compiling as root. Michael still compiles debug builds as root within Trend Micro - therefore you can expect someday a press notice that Trend Micro just caused a malicious attack by installing their own build at customer side. I am sure that at this moment all Trend Micro customers will switch to companies with more security competence. Michael Zwenger's competence will be obvious when you regard the following facts. Over nearly two years he did not notice that he used a wrong compiler version. I found out the issue when I had to handle IWSS cases as his backup supporter. After performing the build process I found missing directories etc. Due to internet research and discussing the issue with global engineering it turned out that the wrong compiler version was used at least for the past two years. What do you think of developers who are convinced that bypassing long established make mechanisms would be the appropriate way to perform a build process? As an experienced developer you know that this could never be the right way since it might cause predestined invalid and orphaned references. Another fact is that during the 3.5 years of my employment with Trend Micro Michael never solved a single case when he acted as my backup supporter. I got the impression that he looked the case details only after I returned from absence. Contrary, I myself never gave back a case which I took over as Michael's backup. And, Michael Zwenger spread rumors that I still worked on the backup and recovery solution although it had been working perfectly already for the past 1.5 years without any manual intervention. Obviously he intended to discredit me and my doings. I was not much astonished that colleagues from other regions told me that they tend to assess Michael as wise guy and as a dazzler. Despite all of my performance mentioned above Michael Eberl always considered me as "meets expectation" within our annual appraisals. What was his perspective to appraise my performance in the same way as the one of colleagues who had never covered any additional tasks for the last ten years? Maybe this was caused by Michael Eberl's less experiences with development processes and team leadership. From staff of his former employer I know that he worked as a sub-worker within the user help desk team only. He never had experiences with managing projects or managing teams. He never worked within quality assurance or developer projects. He simply had a three week training to cover the minimum requirements of handling help desk inquiries. I am sure this is not different within other regions but in Europe, staff from user help desk teams are mostly semi-skilled workers and never well-educated engineers. Regardless of his low qualifications Michael Eberl received the worst reputation from staff of his former employers I ever heard. As I already explained Michael Eberl once pushed me to provide the backup solution – after being discredited by Jochen Strobl Michael suddenly changed his position and accused me of working on uncoordinated solutions - allegedly! His change of mind seemed to relate to the issue that both Michael Eberl and Jochen Strobl worked together as sub-workers within the same team at their former employer. To me it seemed that Michael only wanted to protect the convenient situation of Jochen because of comrades thinking. Looking closely one could say that protecting Jochen had a much higher value to Michael than considering the company's and customer's goals. Looking at my work for Trend Micro I am sure that readers will attain the conviction that your manners are not the right way to face one of the most engaged employees of Trend Micro. From my point of view my ejection related to bullying, ostracism and discrimination activities. Trend Micro is always eager to publish two aspects: The one of a growing innovative company and the other of a company with social welfare ambitions. I think the general public should learn the real face of Trend Micro as well which supports bad social interactions with employees. I am notifying you to give you the opportunity to state your point of view about all this. Significantly Trend Micro Germany published several job advertisements shortly after I was expelled where they searched for employees with exactly the same specifications as were required for my job. This contradicts my ejection that had been justified with head count reductions. This clearly supports the bullying activities that I had experienced at Trend Micro. Best regards Attachments

	AllProjects	http://cv.treiner.net/2015/07/curriculum-vitae-english.html
	CurriculumVitae	http://cv.treiner.net/2015/07/curriculum-vitae-english.html