Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Who stay focused? (was: [Fwd: Question])

From: <hugh.fraser () arcelormittal com>
Date: Wed, 6 May 2009 16:29:41 -0400
Ultimately, though, most of us work in a business environment that's generally governed by business decisions. One of 
the lessons I learned long ago as a software developer is that the customer only wants good enough, not perfection, 
even though as a software developer I always knew I could make the product better with a bit more time.

Security's no different. There's a sweet spot somewhere between wide-open and ratcheted down so tight nobody can use 
it. That sweet spot is always different, and as a security professional, my job is to identify the exposures, the 
technology and processes to address them, and to work with management to measure the risk. Ultimately, though, I have 
to sell it, knowing the business climate (a tough sell these days). Sometimes the customer doesn't want to pay for the 
perfect solution, and I will be held partially accountable for the fallout. But if you've done the front-end work 
correctly, you will have identified the potential for problems up front. Hopefully, with your credibility still intact, 
you'll be able to use the opportunity to move closer to the ideal solution.


On Wed, 15 Apr 2009, Brian Loe wrote:



Instead use your change management policy to request

the changes you

want to make or the access a user wants. Then if bad

decisions are

made by other people they are documented as to who is

responsible for

the resulting evil!

I could care less what my employer wants to do, so

long as I have

informed them of my opinion and accountability for

their stupidity has

been assigned to someone else.



This assumes two poiots though, that the BIG guys up there have 
integrity and have taken responsiblity for their decisions.  I seldom 
find either f those to be the case and have seen cases whence the 
"stupidity" still rests on the techies shoulders as "they failed to 
properly inform me of the error of my ways".

Thanks,
Ron DuFresne


I really have to agree with Ron on this.  I see this all too often:
Tech:  "If you do that, this important functionality will break."
Manager does that.  Functionality breaks.
Manager: "It is all your fault."
Tech: "I warned you that would happen."
Manager: "You didn't persuade me to not do it, so it is your fault."
Manager spreads his version of fault around the company.

hermit921


      
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: