Home page logo
/

basics logo Security Basics mailing list archives

Re: General question
From: Nathaniel Hall <lists () spider-security net>
Date: Fri, 23 Feb 2007 11:30:11 -0600

Francois Yang wrote:
what if your boss told you that the network engineers who maintain the
network and servers got paid more (10k more) than you  the security
analyst because they DO MORE THINGS? what would be your reaction? In
my situation I was like WTF (to myself of course) and basically said
that it was a totally different area and job description. That also
bought to my attention that maybe he didn't really read my resume, cuz
I was doing network administration for the past 6 yrs before I got
this job.  Now what does that tell you about the boss and my job?
That would tell me that I'm not alone.  There are a lot of people who
have this problem because it is had to see what security does until
something goes down or when systems are compromised.  Even then they are
usually upset because they have systems down.  For me it is almost
always an endless loop.  I make requests for things to help our security
stance.  Instead I get more work to do because they think I don't do
anything.  Then the server I attempted to secure gets compromised.  Then
I get more work because they say I didn't do enough to protect it.  Then
it all starts over again.

Trust me, you are not the only one.  I have been educating my bosses for
3 years and it has started to sink in more and more.  Now that I have
gotten him to really understand security, he is leaving the company and
my position has been moved under somebody else.  Now I have a new boss
to educate and he is one who thinks all security people are paranoid and
the network should be open.  It just gets better and better.

-- 
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Spider Security


---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your 
enterprise with BigFix, the single converged IT security and operations 
engine. BigFix enables continuous discovery, assessment, remediation, 
and enforcement for complex and distributed IT environments in real-time 
from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]