Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security's Shaky State

Posted by ScuttleMonkey on from the overworked-and-underpaid dept.

Ant writes "According to InformationWeek, Information Technology (I.T.) security professionals say when it comes to security, most I.T. departments are underfunded, understaffed, and underrepresented. Resourceful I.T. security professionals are getting the job done, but their efforts have been hampered by undersized staffs and underfunded budgets that limit choices ranging from what products they buy to the vendors they work with."

3 of 184 comments (clear)

  1. Re:No one notices a well done security job... by conteXXt · · Score: 3, Interesting

    Funnily enough open source works in this regard.

    I was able to win the battle with corporate security after they sent in the outside security auditors.

    Outside audit showed nothing vulnerable (for whatever that's worth)

    Inside auditor then came to our office for further (second opinion) audits :-)

    Joke is that we were all using the same tools (nessus,nmap,etc) to different effect.

    --
    The truth about Led Zep should never be told on /. (Karma suicide ensues)
  2. Re:No one notices a well done security job... by jmp_nyc · · Score: 4, Interesting

    Sigh. I've learned "I don't understand why we need X" is all too often a warning from a superior that continuing to push for X (including by providing the supposedly requested info) may be a career-limiting move. OTOH, if X turns out to have been needed after all, not having gotten it is hard to explain to that same superior.

    I've experienced worse. At one company I worked at, I warned of the pitfalls of a particular implementation my boss had been sold on. I was ignored. When the problems I predicted showed up, I was then blamed for creating them.

    I quit that job as soon as a chance to move to a reasonably solid company came along...
    -JMP

  3. Re:No one notices a well done security job... by Nick+Kirven · · Score: 3, Interesting

    I've had a similar experience. A major Canadian real estate company, which I was NOT IT support for, just the end user, decided to switch from a Unix local hosted solution to a web-based initiative.

    Props for looking to the future, major negatives for not thinking out their direction.

    I, well before implementation, pointed out that since this was WWW based, and our office connected to the web via an office about a thousand miles away, to connect then to an office about a mile away, casual lunch web surfers would interfere with the bandwidth I needed. I was called asinine.

    I suggested a plan to have each office that was using this new system (which worked great when we had the available bandwidth) have an independant ISP, outside of the intranet. Sure, it wasn't cheap, but it would remove the need for eight hours of downtime a day. Did I mention I worked eight hours a day?

    Six months later, after billing vast amounts of overtime clearing up backlog via my home DSL connection, the manager I was called asinine by, introduced a plan to resolve the problem. It was my plan, of course. While I should have quit right then, I rode it out, and was eventually fired for not giving a shit, anymore. I should have left first, but is it a surprise I ceased to care?

    --
    - nk