Firewall Wizards mailing list archives
Re: RE: present day admin skills
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 10 Jan 2002 08:52:15 -0500 (EST)
For those that have contacted me off-list, in private, well, Bcc: is a wonderful thing, and it's been used here for that purpose, to retain anonymity of you people. I've been stating these issues about poorly skilled folks ending up in jobs requiring some level of competence for a few years, and replies like this have been common in the past (I'm surprised only one has filtered out of the present discussion this time). But, I have to say honestly, while I can relate and understand this, to a degree, I have to say quite plainly, and do not mean to sound too harsh, though it will come off as harsh and biting; I have little sympathy for these situations folks talk themselves into being hired for. It boils down to a point of passing the buck and not taking responsibility. Specifics inline:
I think I can tell you why people act that way. I do a lot of similar things during the day (doing things the hard way) because I don't have the time to stop and learn something new, no matter how trivial, otherwise I could never keep up with the workload. So I go with what I know works, even if I know there is another possible way to do something (like using cron; I don't know how to use it but do know that a scheduling command is available). In addition to performing lite-weight audits (exams) of credit unions (which is my real job), I am also in charge of all the systems at my state agency where I work. True, only 9 people and 3 servers in the office.
Ouch! First, not being able to read and comprehend is a serious issue to have to contend with, for you and the state agency. I worked just recently for a company doing serious system audits, 800 servers and four of us in the unix systems security department. None of the others in the group had any serious security experience, beyond some of the administration chores they'd been doing for sometime. So, I learned to mentor, alot. but that is beside the points here. Ahh, yes, mentoring, passing on what I've learned to others. It has only served further ingrain those skills and that knowledge deeper into my own grey matter. And is similar to raising a daughter, and finding how much I've become my parents over the years...sometimes it's like trying to herd cats, it depends upon the commitment of those I'm task to 'assist'...
However, I know nothing about the Raptor firewall and yet I have a Universal-Universal rule I need to fix since outside people are using our licenses. Every once in a while, I have to start/stop the raptor service to free up licenses. I wish I knew how to fix this problem permanently, but I don't have time to read the Raptor manual, understand it, and then fix the problem (and believe me, I have tried!). I can't convince the boss that it is in his best interest to send me to Raptor training. You know how state agencies are about spending money, even though it is only $120 for Symantec training for 3 days. They can spare me the time, they can't spare the money.
First, I worked 3 jobs in a past life to put myself through what college I did <250 credits with a major (developmental psych[0]) and two minors <philosophy/religious studies and photography[1], talk about a workload>. While doing that I learned that all my time was extremely valuable, and so learned to use all of it and still retain those habits to this day: manuals in the bathroom. Yep, I even take then with me when on a jobsite, or one of the industry rags I get to keep myself up to date. I haven't read a manual in a setting whence I've read only a paragraph or chapter at atime in a lifetime or two...and I've yet had an occasion that I've had to use the pages to finish up the task on the pottery under me... I also tend to get so stressed with being over loaded and doing the work of others at times that I need a bit of time to relax before my mind will let me sleep, so, I got into a habit of trying to do a bit of reading just before turning off the lights, for those few short hours of sleep. I've been forced to learn new stuff, with a desk full of things still to do and no worktime to learn in, so I had to keep those bathrooms stocked with manuals and industry rags. I actually like <love? my wife claims she's got second place in my life and has learned to deal with my *real* mistress> IT work, it has allowed me to maintain that college, thing about learning and experiencing new and different, as everything changes so dramatically from month to month and year to year and one can never really stay on top of it all. Isn't it a shame some folks have to do a job they hate? Of course, I've learned to think a bit more before volunteering, but, still take them steps forward, hand raised, while my co-workers head off to the coffee room to gossip... Secondly, if matters are this bad, $120 is a small price to put out of your own pocket to save some face! Damn, you must spend more then that on a weekend at the golf course. I know, I know, I'm being glib here and taking advantage of your typo, having a clue, I'm sure you meant something more on the order of $1200. Yep, these training courses do cost a good buck these days! I remember when folks like M$ and Novell were first test driving their instruction sessions and certification processes and begged folks to take them for free. Now they tend to charge an arm and a leg for these things. And I guess taking a full Summer from the golf course is too much to ask of anyone in management. And the kids certainly do need that trip to Disney World I guess. I'm hoping to get their, if I can ever afford to retire in 30 years <even at 44, it's 72 when they let me take that route>, but, well social security is still not solvent, and the feds are dipping into that again to pay for last years tax blunder....Well, at least it's not a SANS certification, damn those prices went up faster the the national debt! I've never had any formal training with computers. I've taught myself what I know, reading, and trial and error, and gleaned as much as I could from those I have worked with and/or met and places like these mailing lists and Usenet newsgroups. I made it a commitment to try and be a professional in the industry I work in, after all, it is my responsibility to do so. I learned to try and type as fast as I think and sometimes fail to take the time to ispell my e-mails and such, often relying upon my wife, when she has the time, to proof my documents. And some have at times tried to prick at me that this is a sign of a lack of education or knowledge, it's really just typos, and I will admit, because I do not take the time to ispell it all, *my* excuse for being a bit lazy, but, we all are human after all and prone to such excesses <smile>. I still have to work on the acre and a half here, and do them chores and the daughters school functions. The family tells me life is *not* a vacume of work for sure...
I also deal with "How do I do.....?". I am also the designated Information Resource Mgr. I file the Computer Incident Reports monthly with another state agency. I make final decision on spec'd hardware, deal with the vendors, get the quotes, and everything else involving computer stuff. I deal with the webserver. Basically, they want a jack-of-all-trades but they don't really understand why I don't know all the answers (they kind of do, but they don't). And that means I have to go dig up answers for stuff that I really don't have in-depth training for, so it takes me longer to find the solution.
Vendors are fun, first rule of vendors, especially if something is broked and more then one vendors product might have the slightest possible impact upon the problem; it's the other vendors product that is at fault, and it goes down the line and round the circle till you get so dizzy... I've learned to keep them in separate corners and ignorant of one another existence till we can actually discover a point of failure, and focus upon the real product/culprit<s>. you know, -the usual suspects- kinda perspective...
I've installed Linux of various distro's on personal machines at least 20 times over the last 6 years. I still can't fix a problem resulting from the last install (startx during boot and get an error from kppp-Mandrake v8) because I don't know how and I don't have the time to work on it while trying to keep up with everything else. It's pretty much last on my list of priorities right now. I've read Unix in a Nutshell, didn't understand it.
Again, OUCH! See above. Unix in a Nutshell is a reference companion for the most part, an addition to the man pages, which can be more terse, yet the nutshell book supplies many examples, comprehension sure is an issue here. I'm surprised that any work is accomplished at this state agency, in this department, being gov jobs tend to be tied to lots and lots of documents and regulations and such (i.e. requires reading of them, and comprehension of often that political/legal mumbo-jumbo doesn't it? The rainbow series, I recall those discussions here, Marcus even had some 'kind(?)' words about them a time or two). I'm seriously wondering how a job was obtained with these *issues*. And really, I'm not trying to sound harsh or like an asshole-SOB, but, I'm so shocked to be reading this. Dang, Linux has so many documents for people to learn from and gain a clue or further confuse, they try to cover so much with such old documentation and change the format so often from the info stuffs to html, /usr/doc/ can, if one does not watch themselves, allow you to get lost for at least two to three months gaining clues and/or headaches. And afterall, Linux does not require that X-gui, I'm seldom in it once a month maybe, I know I've gone for six sometimes without having to touch it here, depends upon what I need to do. But, do keep the Linux box on the shelf for now, you've really got other issues to *not* deal with adeptly...
I'm starting to work towards a CISSP and have scheduled myself to take the test in about 2 years. Why so far out? Because I know that in order to get thru the study material, feel that I understand it, and _have_the_time_ to prepare myself, there is no other way I will make it.
Due to the issues you have outlined here, I'm wondering if two years is enough time or if the task can ever be completed. The dyslexia there will require tutoring I fear. I take it you planned on self study, being the costs of the classes are not any cheaper then the raptor courses you could not afford above. By the way, whose footing the bill for the test? Thats at least a month on the golf course isn't it?
As has been mentioned before, IT departments are understaffed (especially in government). I'd like to be able to do a good job but the workload and the constant need to keep up with everything else is what holds me back. Unfortunately, I do my best learning hands-on, but, as you can see, my days and nights are not exactly free. And let's not even go into my personal life demands. If you're married, you'll know what I mean. ("You never spend time with me...")
Yes, I understand having a life, as does the wife and kid here, who often have to go to family get togethers without me, due to the fact I'm home accomplishing the work that co-workers have not been qualified to complete, similar to your examples in this posting, or I'm doing up extensive spoonfeeding documents to explain things these people should have known to get hired for the job in the first place, but, for some reason, good-looks or something, it was not picked up by HR, the preliminary technical interviews or the mgr's personal interview<s>, that this is a person lacking skills required of the position. This surely explains statements that surprise me from various gov agencies like this recent mention of the SANS weekly: SANS NewsBites Vol. 4 Num. 02 Jan 9 2002; --8 January 2002 National Research Council Report: US Firms at Risk Summary: "From an operational standpoint, cybersecurity today is far worse than what known best practices can provide." http://www.cnn.com/2002/TECH/industry/01/08/security.reut/index.html News that has well been known and documented by most folks in this and the various other security related lists for quite a few years, yet, only comes to be acknowledged by gov agencies years after others have been sounding alarms loudly for quite sometime. It certainly leaves one with a *shudder* up the spine to know that the government can even function under these circumstances, though, I'm sure many besides myself have plenty of hands on knowledge of the ineptitude that often messes up our lives. I gained some of mine directly, while condemned for a period to supporting the EPA for Lockheed Martin, they have a whole building of folks here in my area, of way underpaid folks, similar to the level of skilllessness you document, who have just as much a lack of inclination to learn to be functional. What was interesting was that the EPA had a list of requirements and qualifications so demanding, that if anyone actually had those skills, abilities and experience, they'd make well over a hundred grand or two a year! Certainly not the 30-50k being offered. So folks learned it seems to pad resumes with fictitious skills so they could sit in astonishment in the security staff meetings after the Yahoo and Amozon DDOS events and the GAO's audit and compromise of their inside to home X sessions wondering how it was accomplished. Imagine their surprise when I mentioned in those staff meetings how Mitnick used many of the same exploits 15 or more years ago when he took over another gov employees X windows sessions to his household, while that employee was away skiing... Of course the EPA had been considering a firewall for more then 5 years, but, since it could not function in a secure manner to allow their X and rsh connections to their home machines, it was shelved until something 'usefull' could be put together. Well, the GAO audit <publically presented in congressional meetings> twisted heads quickly and totally forced the shutdown of any work for the EPA and it's external clients for a month or more, I'm not sure how long, I got a better offer and moved on as fast as my legs would let me run! I think they finally settled for a gauntlet device and a few fw-1 systems, internally, to segment people without clearances from data and information requiring them, but had not yet thought of how to proxy e-mail and or http, and so had gaping holes in what traffic they had to open up to function again... Of course, when a Lockheed support person, like me, went to deal with EPA folks needing a clue, they DEMANDED that EPA policy be side stepped to allow them to revert to the dreaded r* commands they knew, adapting to encrypted connections was too much, it would require people to learn something new! Ahh, yes, the government in inaction! BTDT, never again without a ton of gold to compensate for the frustration levels their regulations and BS puts on a person... Of course, I'm probably babbling here, from your perspective, please forgive me and let me get back to the issues you document.
I feel like an old-time mainframe; "a timeslice (1sec) for this job, and another timeslice (1sec) for this one, and another (1sec) for this....". And for humans, that's not really an efficient way to get things done. the reason 12 yr olds know the commands? they don't have anything else to do. they don't work under a deadline for a living. they get to do it for the sheer joy of learning. I'd love to go back to that way of life but who will pay the bills, do the laundry, feed the cats, cook the meals, do the dishes, keep up the maintenance on the house and mortgage?
And they have the gumption to actually go out and seek knowledge! It's amazing, but these kids have a willingness to learn, and will use all the resources at their disposal to accomplish the chore, though, I do know many adults that retained that ability to seek knowledge, in its various forms and can even retain some of it, or at least take notes for when our minds drift into the abyss of dementia...
I would gladly forgo a payraise just to be able to squeeze in extra time to learn stuff. That learning will benefit me more down the road and keep the stress level down.
Have you actually done that? Asked that your raises over the years be applied to educating you to actually become functional in your job? Have you taken on any of those two to four week yearly vacations, any of the manuals that confuse you and either learn to read them or have someone read them and explain to you what they are reading so that you can actually do some of the work you have been tasked to do? Another person replied to me on this posting off list and will remain anonymous for that reason (even the taliban can't beat his name and e-mail address out of me. Well, I'm sure anonymous would understand that tempting me with one of those new fangled systems sporting intels new 2.2 gigahertz chip, able to play with the super duper DDRAM would be cruel and unusual punishment and forgive me> with these words: Problem is that 'corporate culture' rewards stupid ness: - the person in example one will get a 'great show award' for finishing task two within 5 minutes, and thus exceeding the users expectation. - the person in example two will get a 'great show award' for showing more then required dedication to the job Since [most!] management is so unbelievably stupid [or uneducated?] nowadays, they don't even know of options like scheduling, scripts and the like. They like to see there people 'busy' and that is what they get: busy looking people. What's wrong with this? Nothing I am afraid. This is the way corporate wheels turn. I sadly nodded my head upon reading this, knowing full well the depth of this observation. And sadly read the words here you presented, knowing our governments, state and federal, are surely in a poorer state.
geez, my simple response turned into a 2-1/2 page rant!
I know! I'm wondering whom you got to take time out of *their* day to type this up for you! I hope it did not take too much of your hard earned paycheck to compensate them. I'm sorry to be so harsh here, but, I can not offer sympathy to someone that does not even try. It's this kind of "commitment" to professionalism that makes my nights after work go onto the wee hours of 4-5am before I can lay down for 2-3 hours of sleep before heading back into the office to do my own work I'm paid to do. That is if the pager does not go off and I have to drop what little life I'm allowed and rush in to deal with a manager, that did not read the screen updates upon each login and the broadcast in his mailbox that the mail servers were going down for a patch, and has called in an ***all points emergency broadcast*** that he's unable to send his daughter an e-mail, telling her that he's sending her that check so she can get her hair done for the next frat dance coming up... I guess it's time I buy a suit (have not had one for more then ten years) and become a Mgr so I can take a break. I love making those pretty little graphs in Excel too! I heard that if you stare at one long enough though, or someone slaps you on the back for the great job, it will make you crossed-eyed...Damn, and these blue-jeans were just starting to fit nicely after 5 years of washing... Thanks, Ron DuFresne <poor me! removing tongue from cheekie now...> [0] Had I not needed to go out and make a living, retrained myself for this present lifetime, and gone on for a masters or higher (is one really allowed to violate their on .sig?), I was all prepared to do a thesis on duct-tape and a firm wall being the basis of raising a teenager, in the later years one tapes them upside down so the blood flows to the proper organs <seriously, the daughter here is a fantastic kid!> [1] baptized catholic, confirmed Lutheran, annoying teenage jesus-people <it was 'in' then>, Baha'i, and finally an agnostic human-being, you should see the great pics I have of the crays of past and the co-workers over the years, everyone needs a hobby. P.S. on a totally related cross-thread, circulating on and off-list dealing with secure software and such <trying to save Marcus some time in validating postings to the list, after-all, I have been partially guilty of keeping his so darned busy lately> : Has anyone heard the story about the 'published' CISSP that decided cross-vendor ftpd's were less secure then wu-ftpd and decided we should replace then with it? No? Well, let me tell you a story about a an named umm, ahh, Jed, yes, we'll call him Jed for this little ditty. Anyways, while auditing those 800 systems mentioned above, we discovered that vendors ftpd's of various platforms were not being maintained in any sort of secure fashion and violated corporate policies all over the place. So Jed, who had the ear of a biggie in upper mgt. decided that wu-ftpd was the way to go, nevermind it's history anyone recall the Bugtraq thread two years back "WuFTPD: Providing *remote* root since at least1994"?, 2.6.1 had to finally cover all the bases and be 'stable'. I do have to admit, the one good point would have been a standard implementation and single configuration across platforms. I know, I know, but, no one would listen to me, and scp would have created those issues of having to learn something different, and getting sshd1 on servers took like forever, no one wanted to hear about sshd1 issues and sshd2, well, it required those learning issues for admins to relearn configurations they had not yet fully understood with sshd1. Well, I spent the last two weeks there, before the economy went caput (prior to 9/11 which only served to accelerate the decline, certainly was *NOT* the cause of it's current condition), trying to inform folks that most of the vendor implementations had the same configuration capabilities as wu-ftpd, but the problem was no one had read any documentation nor had a clue about the capabilities, cause open access ftp was, well, just easier. <we don't need no sinking configuration> Nevermind that since there there have been problems found in wu-ftpd 2.6.1. I do not know if I ever made a point or if anyone ever did or will get a clue, but, certifications really are great eh? P.P.S.S. Having broached the topic of economics a few times here, I think I'm entitled to enter it into further evidence. So, if anyone knows of an opening in the RTP area down here, and does not mind a cynical-BOFH that doesn't mind cat-herding. Hell, I don't mind travel <even up to 75% if required>, as long as I can get home weekly or bi-weekly, well, it's not going to be as sweet as it was a few years back when I did the Sunday to Friday thing between mpls and boston <RTP now, I've relocated>. Let me know, I really could use a new paycheck and promise to do my best to earn it! And if you really wanna force me, I'll even go buy a suit. Marcus needs the break (please, keep me too busy to post to the sec lists) almost as much as I could use the paycheck...the P.S.'s demonstrate the ability to consolidate, yes? -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: RE: present day admin skills, (continued)
- Re: RE: present day admin skills Ryan Russell (Jan 12)
- Re: RE: present day admin skills R. DuFresne (Jan 12)
- Re: RE: present day admin skills Ryan Russell (Jan 12)
- Re: RE: present day admin skills R. DuFresne (Jan 12)
- Re: RE: present day admin skills Frederick M Avolio (Jan 11)
- Re: RE: present day admin skills Drew (Jan 12)
- Re: RE: present day admin skills Frederick M Avolio (Jan 12)
- Re: RE: present day admin skills Darren Reed (Jan 12)
- Re: RE: present day admin skills R. DuFresne (Jan 12)
- Re: RE: present day admin skills Marcus J. Ranum (Jan 12)
- Re: RE: present day admin skills George Capehart (Jan 11)
- Re: RE: present day admin skills Robin S . Socha (Jan 12)
- Re: RE: present day admin skills George Capehart (Jan 13)
- Re: RE: present day admin skills Rich Kulawiec (Jan 16)
- Re: RE: present day admin skills George Capehart (Jan 16)
- RE: RE: present day admin skills vladimir bozhinov (Jan 12)