Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: What challenges are security admins facing?

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 5 Jun 2003 18:09:29 -0400 (EDT)
On Tue, 3 Jun 2003, Mike McNutt wrote:


        [SNIP]


Ahh, documentation, the bain of most every IT person.  It's 
important to document and to maintain, but, sometimes the 
more pertient facts never get put into a container for 
retrieval, often the area<s> to store documentation get to 
unweildly, in terms of document never getting date stamped in 
a proper fashion to determine what is current and what is 
dated out of reality, to downright crappy naming conventions 
such that finding the facts sought becomes a major chore 
itself.  Every IT dept needs to have a primary and backup 
person whose job it is to maintain departmental 
documentation, they get tasked with harrassing others to 
produce their share, and with keeping the archives of 
documentation current, and readable and traversable.  


Every IT department needs to have a primary and backup person just to
harass people other IT people into documenting what they've done?  Maybe
that can be justified (?) in a larger corporation, but not in a smaller
company - certainly not one that I work at.  To me, documentation, or
least the ability to reiterate WHY something was or was not performed,
is a simple prerequisite to ANY profession; from doctors, lawyers to IT
or construction.  In our company, I expect other network admins to know
why they did or did not perform a task - AND BEFORE it is done.  (i.e.
THINK before you ACT)  



first, and perhaps it's my fault for being less then perfectly clear,
which I was not <smile>;  in mosty *any* org, small, medium, and large,
folks wear all sorts of hats in their IT positions.  So, I ment not that
an IT dept needed to hire two folks whose sole responsibility it is to
deal with documentation, but, adding those hats to the many already worn
by various staff is doable.  And, documentation mans much more then
explaining 'after the fact' what one might have done in a particular
situation.  If I'm the recovery 'expert' for my group and off on vacation
on some beach, without a highbandwidth connection to work and lacking a
buzzing pager cause it felt funny hanging from my swimsuit, and the office
sufferes some catostrphic loss of the filesystems on a prod server, if I
have not documented how to recover a system, others might not beable to do
that until I return, or until the emergency chopper they sent returns with
my <hopefully> wamr living body.

To me, documentation covers the departmental proceedures/standards as well
as the where;when;why something out of the ordinary in proceedure is done.


Then, if they cannot remember what/why/when, I say: "WRITE it down, and
then write down WHY you need to write it down."  That way, the next
person has a clue.  It seems to work.



<chuckle>  you mean others learn cause of seeing someone else have to
'peel the potatoes' after they messed up?  Perhaps some folks get to that
point after teenhood, many don't, and I guess I work and have worked with
those that don't far too often...




Of 
course in these time especially, with IT being sorely over 
tasked and understaffed, this area is left unfilled, even 
though it is perhaps as important as the daily/weekly/monthly 
backups...


More important than backups?  You're documentation must be of a more
critical nature than mine.  If I don't have backups I don't have our
product, our source code, our client list, our accounts, our payroll, or
our servers that people work on daily...  All of which are more
important to each individual getting paid at the end of the week.  Oh,
without my backups, I don't have my documentation either...



Here you have me for sure, I was wraught with the pains of dealing with
poorly maintained documentation as I was putting the reply to virtual
paper, and let those emotions get the best of me at the time.  Backups do
outwiegh documentation, but, not by too awfully much.  Imagine all
software shipped without any documentation.  Then folks are stuck with
pounding away in the dark to -=learn=- how to setup and maintain
applications, I guess this is one way to turn all techies, semi to
advanced into highend hackers...

Of course, having the backup tapes and no one knowing how to restore them
leaves one in the same lurch as having the docs and no tapes...



Oh sure I can print it all out, but then as you say, I'd have to hire
2-3 people just to do that.  And on the side, they can hound people to
complete accurate documentation with proper indexes and aptly named
files for better searching & traversal.  But then again I like my job,
and my people like their jobs (even though I make them document their
work; yes they hated it at first:).   It's not realistic to have people
"clean up" behind my admins because our company, like many, simply
doesn't have that kind of money to spend when others are perfectly
capable of it themselves.  

So, since I'm IT, insuring I have backups alleviates a lot of that
headache - so I concentrate on good backups and make people document
their own work.  I suspect you were emphasizing the importance of IT
documentation in the workplace.  I'm agreeing with you there.  Where we
diverge seems to be implementation thereof, but what works for me may
not work for you. <shrug>


To the original poster:  

What challenges me is what others have already touched on:  the
responsibility of the IT person.  To me, that's core.  I continually
have to remind myself that "I'm here because they're paying me to help
them do what they *cannot*".  You need to understand *how much* you mean
to your company, and how critical it is that you do your job day-in and
day-out.  That doesn't mean every IT person is worth $100k or more
(underpaid), and it doesn't mean that every IT group needs a
pat-on-the-back every Friday with a benefit party at the end of the
month (underappreciated) and 8 weeks paid vaca per year (overworked)...
It simply means we have a job to to do, because others can't do it.  

It's all the daily chores, and then all the nightly research.


AMEN!  Knowing how to stay fucntionally literate in this everchanging
world of IT is perhaps the biggest part of the game.  If I can't keep my
knowledgebase up to snuff, then my worth to the organisation starts to
diminish as others with something more current hire on and move up the
ladder and payscales I'm lumbering on.  Stagnating knowledge is the key to
becoming obsolete, or never moving ahead in the IT world.


 Keep the
servers up, manage vendors, keep (internal/external) clients happy, know
every possible upgrade for every system & software; test them, deploy
them, maintain them, retire & replace them.  All the while trying to
stay abreast of threats to "your" work.

The better YOU are as an IT person, the more you are NEEDED.  And at the
end of the day/week/year, take some satisfaction in completing a task
for the company that few others *would* have, let alone *could* have.



<smile>  I bet we'd find over a beer that we agree on much more then the
importance of documentation in an org.


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: