Firewall Wizards mailing list archives
RE: What challenges are security admins facing?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 5 Jun 2003 18:09:29 -0400 (EDT)
On Tue, 3 Jun 2003, Mike McNutt wrote: [SNIP]
Ahh, documentation, the bain of most every IT person. It's important to document and to maintain, but, sometimes the more pertient facts never get put into a container for retrieval, often the area<s> to store documentation get to unweildly, in terms of document never getting date stamped in a proper fashion to determine what is current and what is dated out of reality, to downright crappy naming conventions such that finding the facts sought becomes a major chore itself. Every IT dept needs to have a primary and backup person whose job it is to maintain departmental documentation, they get tasked with harrassing others to produce their share, and with keeping the archives of documentation current, and readable and traversable.Every IT department needs to have a primary and backup person just to harass people other IT people into documenting what they've done? Maybe that can be justified (?) in a larger corporation, but not in a smaller company - certainly not one that I work at. To me, documentation, or least the ability to reiterate WHY something was or was not performed, is a simple prerequisite to ANY profession; from doctors, lawyers to IT or construction. In our company, I expect other network admins to know why they did or did not perform a task - AND BEFORE it is done. (i.e. THINK before you ACT)
first, and perhaps it's my fault for being less then perfectly clear, which I was not <smile>; in mosty *any* org, small, medium, and large, folks wear all sorts of hats in their IT positions. So, I ment not that an IT dept needed to hire two folks whose sole responsibility it is to deal with documentation, but, adding those hats to the many already worn by various staff is doable. And, documentation mans much more then explaining 'after the fact' what one might have done in a particular situation. If I'm the recovery 'expert' for my group and off on vacation on some beach, without a highbandwidth connection to work and lacking a buzzing pager cause it felt funny hanging from my swimsuit, and the office sufferes some catostrphic loss of the filesystems on a prod server, if I have not documented how to recover a system, others might not beable to do that until I return, or until the emergency chopper they sent returns with my <hopefully> wamr living body. To me, documentation covers the departmental proceedures/standards as well as the where;when;why something out of the ordinary in proceedure is done.
Then, if they cannot remember what/why/when, I say: "WRITE it down, and then write down WHY you need to write it down." That way, the next person has a clue. It seems to work.
<chuckle> you mean others learn cause of seeing someone else have to 'peel the potatoes' after they messed up? Perhaps some folks get to that point after teenhood, many don't, and I guess I work and have worked with those that don't far too often...
Of course in these time especially, with IT being sorely over tasked and understaffed, this area is left unfilled, even though it is perhaps as important as the daily/weekly/monthly backups...More important than backups? You're documentation must be of a more critical nature than mine. If I don't have backups I don't have our product, our source code, our client list, our accounts, our payroll, or our servers that people work on daily... All of which are more important to each individual getting paid at the end of the week. Oh, without my backups, I don't have my documentation either...
Here you have me for sure, I was wraught with the pains of dealing with poorly maintained documentation as I was putting the reply to virtual paper, and let those emotions get the best of me at the time. Backups do outwiegh documentation, but, not by too awfully much. Imagine all software shipped without any documentation. Then folks are stuck with pounding away in the dark to -=learn=- how to setup and maintain applications, I guess this is one way to turn all techies, semi to advanced into highend hackers... Of course, having the backup tapes and no one knowing how to restore them leaves one in the same lurch as having the docs and no tapes...
Oh sure I can print it all out, but then as you say, I'd have to hire 2-3 people just to do that. And on the side, they can hound people to complete accurate documentation with proper indexes and aptly named files for better searching & traversal. But then again I like my job, and my people like their jobs (even though I make them document their work; yes they hated it at first:). It's not realistic to have people "clean up" behind my admins because our company, like many, simply doesn't have that kind of money to spend when others are perfectly capable of it themselves. So, since I'm IT, insuring I have backups alleviates a lot of that headache - so I concentrate on good backups and make people document their own work. I suspect you were emphasizing the importance of IT documentation in the workplace. I'm agreeing with you there. Where we diverge seems to be implementation thereof, but what works for me may not work for you. <shrug> To the original poster: What challenges me is what others have already touched on: the responsibility of the IT person. To me, that's core. I continually have to remind myself that "I'm here because they're paying me to help them do what they *cannot*". You need to understand *how much* you mean to your company, and how critical it is that you do your job day-in and day-out. That doesn't mean every IT person is worth $100k or more (underpaid), and it doesn't mean that every IT group needs a pat-on-the-back every Friday with a benefit party at the end of the month (underappreciated) and 8 weeks paid vaca per year (overworked)... It simply means we have a job to to do, because others can't do it. It's all the daily chores, and then all the nightly research.
AMEN! Knowing how to stay fucntionally literate in this everchanging world of IT is perhaps the biggest part of the game. If I can't keep my knowledgebase up to snuff, then my worth to the organisation starts to diminish as others with something more current hire on and move up the ladder and payscales I'm lumbering on. Stagnating knowledge is the key to becoming obsolete, or never moving ahead in the IT world.
Keep the servers up, manage vendors, keep (internal/external) clients happy, know every possible upgrade for every system & software; test them, deploy them, maintain them, retire & replace them. All the while trying to stay abreast of threats to "your" work. The better YOU are as an IT person, the more you are NEEDED. And at the end of the day/week/year, take some satisfaction in completing a task for the company that few others *would* have, let alone *could* have.
<smile> I bet we'd find over a beer that we agree on much more then the importance of documentation in an org. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: What challenges are security admins facing? Mike McNutt (Jun 03)
- RE: What challenges are security admins facing? R. DuFresne (Jun 06)