Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are IT Security Professionals Less Happy?

Posted by timothy on from the less-ignorance-less-bliss dept.

zentanu writes "It's said that if you want to be happy, be a gardener. What about IT security professionals? Having worked as an IT security consultant for several years, I now wonder if my job has a negative influence on my happiness, because it constantly teaches me to focus on the negative side of life: I always have to think about risks and identify all sorts of things that could go wrong. As an auditor I search for errors that others have made and haughtily tell them. As a penetration tester I break systems that system engineers and administrators have laboriously built. I assume inside threats and have to be professionally suspicious. The security mindset surely helps me in my job, but is it good for me on the long run? What kind of influence has being an IT security professional had on your general attitude towards life? What helps you stay out of pessimism and cynicism? Is protecting existing things really as good as building new ones?"

1 of 363 comments (clear)

  1. Empathy = happiness by lucm · · Score: 5, Informative

    The best security consultant I met was not a super geek able to hack my Checkpoint installation. He was a very kind, easy going guy, who started by explaining that absolute security was impossible. He asked the management what was the most important stuff to protect, and against who. In a single meeting, less than one hour, he understood our business and our needs, and instead of freaking the management with catastrophe scenarios, he built a security architecture in layers around our most valuable assets.

    He did not try to draw suspicion on employees at large. He asked simple questions like: what if an employee in such position is not as competent or as honest as you thought, or what if an employee in this other position starts having problems at home and this lead him to lower his standards at work? Or what if this key employee was injured and could not even communicate with his replacement for weeks?

    Other good questions he asked: did you see the graffiti in the parking lot? (yes). Do you think the company or someone here was directly targeted? (No). Then why did someone make this graffiti? (Because he had a can of spray and too much time). Anybody here has a teenager at home with unsupervised access to high-speed internet? (Silence). Anybody here has a teenager at home with unsupervised access to the computer where you have your VPN client installed? (More silence).

    In the end that guy provided us with an excellent audit, and a very cost-effective implementation plan for a security upgrade. I don't think he left the building feeling bad for his pessimism; instead I am pretty sure he left with a smile, knowing he helped his customers to get what they needed. Maybe the NSA or some expert hacker can find a backdoor in some obscure network appliance, but our biggest concerns, getting our product specifications stolen by the competition or our CRM database plundered by a disgruntled employee, is not gonna happen.

    --
    lucm, indeed.