OTJT – Cyber Security

Everyone gets follow up inquiries from tech marketing staff at vendors we use.

I never (almost any way) respond to inquiries like this, but I thought just this once…

Thank you for being a part of the (company) Webinar. I hope it was revealing, informative and helpful?

We’d love to know:

What prompted you to sign up?
What did you take from it?

Cyber Security Webinar follow up questions…

A couple of notions that everyone in IT should consider.

I’m in the twilight of my tech career, I guess. Not willingly, but finding myself chronically underemployed. It’s been great.

My first experience with information systems was in 1979 – with HP hardware at the phone company. I was also trained there in digital switching. So I was literally there when universities connected to DARPA and dialup opened remote access to students. Or as I like to tease, “I was there when Al Gore invented the Internet.”

Al Gore:

Remembering Al Gore is fun, but more often younger engineers don’t get the reference. I have well and truly become that old guy… cliche’.
Imagine two of these filled with 2000 pages of MSDOS 1.1 documentation.

I became the PC Lab Tech for MSU Mechanical Engineering department, where we deployed the first versions of DOS and wrote IP stacks in textedit for the new-fangled co-ax 10BT Ethernet cards that we were stuffing into Intel 8088-based machines. I read the Microsoft DOS Operations Manual cover to cover, believe it or not.

The short story is, I’m professionally interested in Cyber Security, forensics particularly. Intrusion detection and testing would be fascinating to know more about. But … I don’t enjoy the professional context – translated – which means having the work on my calendar.

This isn’t a subtle job application, by the way. More of a roundabout way of answering those questions about how I keep somewhere close to current on tech.

What prompted your interest?
What did you learn?

Answer: I’m always looking for interesting things to do, and try to be prepared. What I know presently is that as an experienced resource, I can’t claim that I know everything. I don’t have all of the answers. But I do know where a lot of risks lie buried like land mines. I know when to slow, stop and find the proper resources to assess and address complex issues of today’s Systems and Networks. I know which issues are critical.

Here are a couple of observations that propel my attendance within the IT / Telecom webinar world.

Over the duration of my career I’ve observed that most organizations (at any scale) lack two very important elements that gravely affect security. At least I believe this is critical to evolving our profession and operations in the next generation.

The first is lack of relentless investment in training / knowledge transfer targeted at front line staff. Education not for technologists, but for users. The language gap between technologists and the business people we serve is immense. This is a strategic blunder. I talk about this with every client. Very few afford the time and expense to address the gap, because it’s an ongoing issue. It’s not a once and done kind of thing.

InterWestIT.com Community Volunteering
InterWest IT interprets technology for Clients, reducing lists of alternatives to suites of best-fit services. We match solutions to Client requirements in multiple dimensions: Budget, Operability, Market Engagement and Features / Functionality. IWIT supplies the vision and expertise to accomplish your goals.

We insist on continuous education for your staff.

The second is related to security sustainability – this facet being the absence of successor development / HR investment in Technology services. The human resources affect operational stature. Duh. Two sides of a coin.

An example connecting the two is this: As architects and engineers, we work to build, test and complete projects handing them off to operations people.

What architects and engineers reserve is the realm of break/fix – and in many cases – much time passes. People move out / replacements move in and many of the contextual best practices are forgotten or become obsolete. This creates a patchwork of tactical band-aids that eventually lead to needlessly expensive overhauls. It’s a deadly pattern.

In my career, I’ve looked on as most large entities have adopted continuous improvement programs, but knowledge sustainability and successor planning nearly always fall back on unplanned, event-driven circumstances. On the small enterprise scale, these policies are almost universally non-existent.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: