Firewall Wizards mailing list archives
Re: Who stay focused? (was: [Fwd: Question])
From: <hugh.fraser () arcelormittal com>
Date: Wed, 6 May 2009 16:29:41 -0400
Ultimately, though, most of us work in a business environment that's generally governed by business decisions. One of the lessons I learned long ago as a software developer is that the customer only wants good enough, not perfection, even though as a software developer I always knew I could make the product better with a bit more time. Security's no different. There's a sweet spot somewhere between wide-open and ratcheted down so tight nobody can use it. That sweet spot is always different, and as a security professional, my job is to identify the exposures, the technology and processes to address them, and to work with management to measure the risk. Ultimately, though, I have to sell it, knowing the business climate (a tough sell these days). Sometimes the customer doesn't want to pay for the perfect solution, and I will be held partially accountable for the fallout. But if you've done the front-end work correctly, you will have identified the potential for problems up front. Hopefully, with your credibility still intact, you'll be able to use the opportunity to move closer to the ideal solution.
On Wed, 15 Apr 2009, Brian Loe wrote:Instead use your change management policy to requestthe changes youwant to make or the access a user wants. Then if baddecisions aremade by other people they are documented as to who isresponsible forthe resulting evil! I could care less what my employer wants to do, solong as I haveinformed them of my opinion and accountability fortheir stupidity hasbeen assigned to someone else.This assumes two poiots though, that the BIG guys up there have integrity and have taken responsiblity for their decisions. I seldom find either f those to be the case and have seen cases whence the "stupidity" still rests on the techies shoulders as "they failed to properly inform me of the error of my ways". Thanks, Ron DuFresne
I really have to agree with Ron on this. I see this all too often: Tech: "If you do that, this important functionality will break." Manager does that. Functionality breaks. Manager: "It is all your fault." Tech: "I warned you that would happen." Manager: "You didn't persuade me to not do it, so it is your fault." Manager spreads his version of fault around the company. hermit921 _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Who stay focused? (was: [Fwd: Question]) hugh.fraser (May 07)