This document tells the story of SysAdmin Steve and his experiences securing a company's new VoIP phone system. It describes many potential security issues like unencrypted SIP trunks allowing sensitive calls and data to be intercepted. It emphasizes that while VoIP security can be challenging, applying defense-in-depth principles like encryption, firewalls, monitoring and secure configurations can help mitigate risks. The story suggests Steve works to educate colleagues and properly secure the system, but leaves his future at the company uncertain.