Interested in hanging onto your IT job? For a lesson in how to lose it, consider the plight of Pennsylvania’s Chief Information Security Officer (CISO) who got canned after four years on the job for allegedly speaking in a public forum about a security breach of the state’s online drivers’ test scheduling system.

The firing’s sent shock waves through the ranks of high-level government IT folks and plenty of corporate folks who are contending with short staffs and budget cuts while trying to keep systems operational and safe.

Robert Maley lost his job as Pennsylvania’s CISO early last week. A source close to the matter told Computerworld that the firing was the result of Maley’s participation in a panel discussion at last week’s RSA security gathering.

At the conference, Maley talked about a recent incident in which a Philadelphia-area driving school managed to get access to the Department of Transportation’s online driver’s test scheduling system. How? According to Maley, the school’s cyber experts exploited a system “anomaly.”

Once the school had access, it scheduled some of its paying customers for driver’s license exams by bumping others who were already assigned time slots. Having the ability to give students preferential scheduling for their exams could obviously give the school an edge over its competition.

Maley’s mistake: He didn’t get permission to talk about the incident first.

Pennsylvania insists that employees get the OK from superiors before they divulge anything about state business.

Some are speculating that Maley’s disclosure might jeopardize a criminal investigation into the incident, but others believe the punishment’s way too harsh for talking about  something that should be shared among security experts.

While most state governments and nearly all corporations have some kind of vetting process for employees who’ll be speaking with the press or making public statements, the idea of firing an employee for talking among peers about issues of common interest seems to have blurred the lines for many.

If the exploit was a new or particularly insidious one, it can be argued that other security chiefs should know about the danger and how hackers could attack their own systems.

And since this was a government agency — and its employees work for the public — it can also be argued that the public has the right to know about compromises to public systems.

Some are wondering why the attack on the Department of Transportation’s computer system wasn’t already reported to the public and whether Maley’s firing wasn’t an attempt to cover up the department’s problem.

To make matters seem even worse, Maley’s firing has happened while the state is struggling — like most — to balance its budget. Part of the balancing act has involved ongoing budget and staff cuts at Pennsylvania’s IT security organization. Over the past 18 months to two years, the administration has cut information security budgets by close to 38%, and staff by 40%.

Fewer security folks could mean that state systems are more vulnerable to attack — something nobody in the upper offices of state government wants a security chief to be telling the public.  But does the public have a right to know that its government’s computers are open to attack?

And since nobody in the state government will discuss Maley’s departure — except to confirm that the man once nominated by a security industry publication as security exec of the year is gone from state government — all these questions go unanswered, for now.

What’s your take on the situation? Should Maley have been fired for talking in public about the incident?