IDS mailing list archives
Re: Rather funny; looks like page defacement to me
From: Callan K L Tham <miburo () singnet com sg>
Date: Wed, 18 Jun 2003 11:56:28 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 17 June 2003 22:54, Paul Schmehl wrote:
I'm not picking on you. You just happened to be the one that articulated it, OK?
No problem. It was written when I had severe caffeine withdrawal, so I expected a reply of some sort.
I see this attitude a lot, and it troubles me a great deal. I think all too often we "IT people" get isolated from the real world and think that everyone else should be just like us. An admin who doesn't know TCP/IP? There are many. The norm in most small companies is to "promote" the "computer guy" to the IT slot when they can afford one (and often when they can't afford one this person works "part-time" in computers.) Oftentimes this guy (or gal) just knows more about computers than most people in the office, but they're a long way from trained on networking and TCP/IP, security, etc.
I understand this; which is why I feel compelled to clarify my previous point.
Yet they are expected to perform and "get the job done" without any training or preparation. They spend many sleepless nights reading books, trying to learn the myriad of things that they have to know to protect their companies. On top of all that pressure, they have the pressure from their *peers* constantly denigrating them because they don't know enough.
Ok, so I was a bit caustic on the "incompetent admin" point; and if I hurt any feelings, or was too harsh, then I apologize. However, in order to perform the job well, even seasoned admins need to constantly spend countless hours reading up and learning just in order to keep up. And it just validates my point of a company not caring enough about their infrastructure to hire someone who can hit the ground running. Nobody would hire me (I'm a security engineer) to draw structural diagrams. Similarly, companies should not promote their non-tech staff to do IT security/admin. It is not fair to the individual involved (extra pressure, workload), and their work performance almost invariably suffers. It is also unfair to the company, as that individual cannot perform up to their expectations. It's a lose-lose situation.
When is the last time *you* took time to teach someone who was less knowledgeable than you? When is the last time *you* were responsible for *everything*? Mail, web, DNS, networking, routers, switches, wiring, IDS, firewall, virus protection, OS updates and patches, backups, disaster recovery, printers, faxes, applications, hardware repairs, etc., etc.? Most of these folks are doing *all* of that, *by themselves*, because that's *all* their companies can afford. And they're doing yeoman duty for 2/3rds the pay that the high-paid pros are.
Actually, my current job is the only one so far where I don;t have to handle everything, so I know and understand the pressures associated with it. However, I cannot say I was in a position where the company cannot afford a dedicated IT guy on staff, or at least outsourced the admin to external vendors. It is increasingly a must for companies to have at least a vendor to call on for help, as the reliance on technology increases. This is especially true in Singapore, where I live and work. Most small to medium sized enterprises (SMEs) outsource their IT support.
I took on the task of trying to help one of these types of people (because he emailed me privately with a question about snort), and I quickly realized what a daunting task it is for him. He had to learn Unix, mysql, snort, apache, sendmail and TCP/IP all at the same time. Yet he tackled it with enthusiasm and he's making great progress. He's the "computer guy" in a small architectural firm, and he got the job because he was constantly helping people in the office who had computer problems. Once they decided they *had* to have an Internet presence, he was tapped for the job.
As I said, if they _have_ to have an internet presence, the least they could do is to get a consultant and help the poor lad out. They wouldn't want to lose him to exhaustion, would they?
If you want our profession to improve, the onus is on *you* to do something about it. Criticism is easy. Anybody can do that. Teaching others what you know and helping them get up to speed is much more difficult and time consuming. It's also a great deal more fulfilling *and* humbling. There's no better way of realizing the gaps in your own knowledge than trying to teach someone else. Instead of wallowing in your smug self-righteousness, going home after work and complaining about "them", get out there and make a friend. Teach one of those poor "draftees" how to protect their enterprise. (Trust me, they're no threat to you professionally.)
Ok, that accusation of my "wallowing in smug self-righteousness" was a little uncalled for. Believe when I say I know a lot of these "draftees", friends of mine who wants to be in the line, and I do my best to help in whatever way I can, be it answering their questions, guiding them, asking them to come over and try their hand at stuff in my home LAN, lending them books, etc. I definitely do not believe imparting knowledge contitutes a threat to me professionally. I agree that there's no better way to find out my own weaknesses by teaching others. But they've got to absorb the knowledge themselves, and I cannot help much in that. It all boils down to the individual. No one can finish learning everythinig, and if they show the effort, they will get better at it. But I believe you have seen your fair share of incompetent admins who _believe_ they're untouchable; and those are the ones I'm lambasting, along with the companies who say "We've got a firewall, so we're safe." There, I've thrown another $0.02 SGD into the fray. Hope I've clarified my points. Callan - -- "I disapprove of what you say, but I will defend to the death your right to say it." - Beatrice Hall Registered Linux User #311796 ICQ UIN: 1926211 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+7+LznyMhcbScbQYRAjVpAJ43+hd8fbjV5vj086WZo0tb5tw8CACdEHQS eBp3DDHUr4ffpOvwjtEE3u0= =QY0K -----END PGP SIGNATURE----- ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- Re: Rather funny; looks like page defacement to me, (continued)
- Re: Rather funny; looks like page defacement to me broyds (Jun 14)
- RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Mike Lyman (Jun 17)
- RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Jim Butterworth (Jun 17)
- RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Angel Rivera (Jun 17)
- RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Mike Lyman (Jun 17)
- RE: Rather funny; looks like page defacement to me Roger A. Grimes (Jun 17)
- Re: Rather funny; looks like page defacement to me Bill Royds (Jun 17)
- RE: Rather funny; looks like page defacement to me Roger A. Grimes (Jun 17)
- Re: Rather funny; looks like page defacement to me broyds (Jun 14)
- Re: Rather funny; looks like page defacement to me Callan K L Tham (Jun 17)
- Re: Rather funny; looks like page defacement to me Paul Schmehl (Jun 17)
- Re: Rather funny; looks like page defacement to me Bill Royds (Jun 18)
- Re: Rather funny; looks like page defacement to me Callan K L Tham (Jun 18)