RE: What challenges are security admins facing?

["Mike McNutt" <mike.mcnutt () aqssys com>]

[snip]

> > I'm talking things you might not normally take into 
> consideration. For
> > example, lack of communication or documentation, 
> inaccurrate network 
> > drawings of firewall locations, 
>
> Ahh, documentation, the bain of most every IT person.  It's 
> important to document and to maintain, but, sometimes the 
> more pertient facts never get put into a container for 
> retrieval, often the area<s> to store documentation get to 
> unweildly, in terms of document never getting date stamped in 
> a proper fashion to determine what is current and what is 
> dated out of reality, to downright crappy naming conventions 
> such that finding the facts sought becomes a major chore 
> itself.  Every IT dept needs to have a primary and backup 
> person whose job it is to maintain departmental 
> documentation, they get tasked with harrassing others to 
> produce their share, and with keeping the archives of 
> documentation current, and readable and traversable.  

Every IT department needs to have a primary and backup person just to
harass people other IT people into documenting what they've done?  Maybe
that can be justified (?) in a larger corporation, but not in a smaller
company - certainly not one that I work at.  To me, documentation, or
least the ability to reiterate WHY something was or was not performed,
is a simple prerequisite to ANY profession; from doctors, lawyers to IT
or construction.  In our company, I expect other network admins to know
why they did or did not perform a task - AND BEFORE it is done.  (i.e.
THINK before you ACT)  

Then, if they cannot remember what/why/when, I say: "WRITE it down, and
then write down WHY you need to write it down."  That way, the next
person has a clue.  It seems to work.


> Of 
> course in these time especially, with IT being sorely over 
> tasked and understaffed, this area is left unfilled, even 
> though it is perhaps as important as the daily/weekly/monthly 
> backups...

More important than backups?  You're documentation must be of a more
critical nature than mine.  If I don't have backups I don't have our
product, our source code, our client list, our accounts, our payroll, or
our servers that people work on daily...  All of which are more
important to each individual getting paid at the end of the week.  Oh,
without my backups, I don't have my documentation either...

Oh sure I can print it all out, but then as you say, I'd have to hire
2-3 people just to do that.  And on the side, they can hound people to
complete accurate documentation with proper indexes and aptly named
files for better searching & traversal.  But then again I like my job,
and my people like their jobs (even though I make them document their
work; yes they hated it at first:).   It's not realistic to have people
"clean up" behind my admins because our company, like many, simply
doesn't have that kind of money to spend when others are perfectly
capable of it themselves.  

So, since I'm IT, insuring I have backups alleviates a lot of that
headache - so I concentrate on good backups and make people document
their own work.  I suspect you were emphasizing the importance of IT
documentation in the workplace.  I'm agreeing with you there.  Where we
diverge seems to be implementation thereof, but what works for me may
not work for you. <shrug>


To the original poster:  

What challenges me is what others have already touched on:  the
responsibility of the IT person.  To me, that's core.  I continually
have to remind myself that "I'm here because they're paying me to help
them do what they *cannot*".  You need to understand *how much* you mean
to your company, and how critical it is that you do your job day-in and
day-out.  That doesn't mean every IT person is worth $100k or more
(underpaid), and it doesn't mean that every IT group needs a
pat-on-the-back every Friday with a benefit party at the end of the
month (underappreciated) and 8 weeks paid vaca per year (overworked)...
It simply means we have a job to to do, because others can't do it.  

It's all the daily chores, and then all the nightly research.  Keep the
servers up, manage vendors, keep (internal/external) clients happy, know
every possible upgrade for every system & software; test them, deploy
them, maintain them, retire & replace them.  All the while trying to
stay abreast of threats to "your" work.

The better YOU are as an IT person, the more you are NEEDED.  And at the
end of the day/week/year, take some satisfaction in completing a task
for the company that few others *would* have, let alone *could* have.


Mike
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards