Everyone gets follow up inquiries from tech marketing staff at vendors we use.

I never (almost any way) respond to inquiries like this, but I thought just this once…

Thank you for being a part of the (company) Webinar. I hope it was revealing, informative and helpful?

We’d love to know:

What prompted you to sign up?
What did you take from it?

Cyber Security Webinar follow up questions…

A couple of notions that everyone in IT should consider.

I’m in the twilight of my tech career, I guess. Not willingly, but finding myself chronically underemployed. It’s been great.

My first experience with information systems was in 1979 – with HP hardware at the phone company. I was also trained there in digital switching. So I was literally there when universities connected to DARPA and dialup opened remote access to students. Or as I like to tease, “I was there when Al Gore invented the Internet.”

Al Gore:

I became the PC Lab Tech for MSU Mechanical Engineering department, where we deployed the first versions of DOS and wrote IP stacks in textedit for the new-fangled co-ax 10BT Ethernet cards that we were stuffing into Intel 8088-based machines. I read the Microsoft DOS Operations Manual cover to cover, believe it or not.

The short story is, I’m professionally interested in Cyber Security, forensics particularly. Intrusion detection and testing would be fascinating to know more about. But … I don’t enjoy the professional context – translated – which means having the work on my calendar.

This isn’t a subtle job application, by the way. More of a roundabout way of answering those questions about how I keep somewhere close to current on tech.

What prompted your interest?
What did you learn?

Answer: I’m always looking for interesting things to do, and try to be prepared. What I know presently is that as an experienced resource, I can’t claim that I know everything. I don’t have all of the answers. But I do know where a lot of risks lie buried like land mines. I know when to slow, stop and find the proper resources to assess and address complex issues of today’s Systems and Networks. I know which issues are critical.

Here are a couple of observations that propel my attendance within the IT / Telecom webinar world.

Over the duration of my career I’ve observed that most organizations (at any scale) lack two very important elements that gravely affect security. At least I believe this is critical to evolving our profession and operations in the next generation.

The first is lack of relentless investment in training / knowledge transfer targeted at front line staff. Education not for technologists, but for users. The language gap between technologists and the business people we serve is immense. This is a strategic blunder. I talk about this with every client. Very few afford the time and expense to address the gap, because it’s an ongoing issue. It’s not a once and done kind of thing.

The second is related to security sustainability – this facet being the absence of successor development / HR investment in Technology services. The human resources affect operational stature. Duh. Two sides of a coin.

An example connecting the two is this: As architects and engineers, we work to build, test and complete projects handing them off to operations people.

What architects and engineers reserve is the realm of break/fix – and in many cases – much time passes. People move out / replacements move in and many of the contextual best practices are forgotten or become obsolete. This creates a patchwork of tactical band-aids that eventually lead to needlessly expensive overhauls. It’s a deadly pattern.

In my career, I’ve looked on as most large entities have adopted continuous improvement programs, but knowledge sustainability and successor planning nearly always fall back on unplanned, event-driven circumstances. On the small enterprise scale, these policies are almost universally non-existent.