Firewall Wizards mailing list archives
RE: What challenges are security admins facing?
From: "Mike McNutt" <mike.mcnutt () aqssys com>
Date: Tue, 3 Jun 2003 10:57:10 -0500
[snip]
I'm talking things you might not normally take intoconsideration. Forexample, lack of communication or documentation,inaccurrate networkdrawings of firewall locations,Ahh, documentation, the bain of most every IT person. It's important to document and to maintain, but, sometimes the more pertient facts never get put into a container for retrieval, often the area<s> to store documentation get to unweildly, in terms of document never getting date stamped in a proper fashion to determine what is current and what is dated out of reality, to downright crappy naming conventions such that finding the facts sought becomes a major chore itself. Every IT dept needs to have a primary and backup person whose job it is to maintain departmental documentation, they get tasked with harrassing others to produce their share, and with keeping the archives of documentation current, and readable and traversable.
Every IT department needs to have a primary and backup person just to harass people other IT people into documenting what they've done? Maybe that can be justified (?) in a larger corporation, but not in a smaller company - certainly not one that I work at. To me, documentation, or least the ability to reiterate WHY something was or was not performed, is a simple prerequisite to ANY profession; from doctors, lawyers to IT or construction. In our company, I expect other network admins to know why they did or did not perform a task - AND BEFORE it is done. (i.e. THINK before you ACT) Then, if they cannot remember what/why/when, I say: "WRITE it down, and then write down WHY you need to write it down." That way, the next person has a clue. It seems to work.
Of course in these time especially, with IT being sorely over tasked and understaffed, this area is left unfilled, even though it is perhaps as important as the daily/weekly/monthly backups...
More important than backups? You're documentation must be of a more critical nature than mine. If I don't have backups I don't have our product, our source code, our client list, our accounts, our payroll, or our servers that people work on daily... All of which are more important to each individual getting paid at the end of the week. Oh, without my backups, I don't have my documentation either... Oh sure I can print it all out, but then as you say, I'd have to hire 2-3 people just to do that. And on the side, they can hound people to complete accurate documentation with proper indexes and aptly named files for better searching & traversal. But then again I like my job, and my people like their jobs (even though I make them document their work; yes they hated it at first:). It's not realistic to have people "clean up" behind my admins because our company, like many, simply doesn't have that kind of money to spend when others are perfectly capable of it themselves. So, since I'm IT, insuring I have backups alleviates a lot of that headache - so I concentrate on good backups and make people document their own work. I suspect you were emphasizing the importance of IT documentation in the workplace. I'm agreeing with you there. Where we diverge seems to be implementation thereof, but what works for me may not work for you. <shrug> To the original poster: What challenges me is what others have already touched on: the responsibility of the IT person. To me, that's core. I continually have to remind myself that "I'm here because they're paying me to help them do what they *cannot*". You need to understand *how much* you mean to your company, and how critical it is that you do your job day-in and day-out. That doesn't mean every IT person is worth $100k or more (underpaid), and it doesn't mean that every IT group needs a pat-on-the-back every Friday with a benefit party at the end of the month (underappreciated) and 8 weeks paid vaca per year (overworked)... It simply means we have a job to to do, because others can't do it. It's all the daily chores, and then all the nightly research. Keep the servers up, manage vendors, keep (internal/external) clients happy, know every possible upgrade for every system & software; test them, deploy them, maintain them, retire & replace them. All the while trying to stay abreast of threats to "your" work. The better YOU are as an IT person, the more you are NEEDED. And at the end of the day/week/year, take some satisfaction in completing a task for the company that few others *would* have, let alone *could* have. Mike _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: What challenges are security admins facing? Mike McNutt (Jun 03)
- RE: What challenges are security admins facing? R. DuFresne (Jun 06)