Slashdot Mirror
83 Percent Of Security Staff Waste Time Fixing Other IT Problems (betanews.com)
An anonymous reader shares a report: A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems. The study by security management company FireMon shows a further 80 percent say this is taking up more than an hour of their working week, which in a year could equate to more than $88,000. For organizations, eight percent of professionals surveyed helping colleagues out five hours a week or more could be costing over $400,000. Organizations are potentially paying qualified security professionals salaries upwards of $100,000 a year and seeing up to 12.5 percent of that investment being spent on non-security related activities.
83% of security staff are not full-time "security", but are employed to do a rather more wide-ranging job, because let's face it, for at least 83% of them there's no way "security" alone could fill a full-time job.
Is that so terrible?
"IT personnel are usually the helpful, go-to people for sorting out issues"?
If people are calling system security to help with computer issues that should be handled by the IT help desk then it's probably because:
1. The issues being reported appear to be security problems.
2. The IT helpdesk consists of condescending asshats which most employees avoid at all costs (based on my work experience, I bet this is the big reason).
More seriously, if security staff are only being called in on inappropriate calls that take up less time in a given week than they spend choosing what to put in their coffee; you've got a pretty efficient IT setup with very little to worry about.
Or you haven't gotten a clue as to what's going on and the North Koreans are actually running your business.
Mimetics Inc. Twitter
I'll see myself out.
"Not only are modern IT security professionals faced with a growing complexity and skills gap and keeping up with technology investments and advancements, but they are also expected by colleagues to help them sort out their personal computing woes," says Michael Callahan, CMO of FireMon. "IT personnel are usually the helpful, go-to people for sorting out issues, but it's only when you start to cost it out that you realize how much money it equates to."
Do they mean work colleagues come to them with problems instead of the "normal" IT staff? Or that other, non-security, IT staff are coming to them with problem they can't figure out on their own?
In the first case why don't the security people direct the questions to the correct staff members? In the second case, either the company isn't spending enough on hiring and training and the "savings" there is coming back to bite them in the ass, or this is perfectly normal collaboration between colleagues. If ((normal IT salary + security IT salary) * consulting time) is less than (normal IT salary * figuring it out on their own time) it's not really a loss for the company.
This Space Intentionally Left Blank
And 90% spend 20 minutes a day getting coffee which requires an additional 20 minutes a day going to the bathroom. People spend time at work doing things other than what they are paid for, it's the nature of most jobs. Most companies accept this.
Do you mean guys with guns on their hips? Or at least ones who place their hand thusly, giving the appearance they are armed?
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
How much extra time would a less qualified (lower paid) person be taking to do the same work?
If they get paid 20% less but take twice as long, there is savings, not waste.
83% of IT professionals also waste time fixing security problems because management is cheap.
It is only possible to prove the correctness of programs that are purely functional. Today's software is not written like that. Besides, it is easy to blame the programmers on not getting it right the first time. That's like blaming the first steam engines on not being as effective as the latest steam turbines. There is heavy pressure on getting to market fast. Oh boy if I had the time to perfect every line of code I wrote. I would write the best code.
It serves to establish and maintain closer relationships between users and IT security people, so that, you know, if a user has a suspicion of a security problem, they feel more confident and approach IT security staff earlier. But that idea flays wayyyyy above the heads of MBA morons.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I wouldn't mind earning $88K for working one hour a week.
Sheesh, evil *and* a jerk. -- Jade
. . . the loose nut behind the keyboard.
"I didn't change anything on my configuration, but my computer is not working any more, so it must be some automatic security restriction that happened automatically . . . "
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Actually, they are not "sloppy" and "lazy". They are the cheapest "coders" the MBA-morons in charge could find. They could do a better job if their life depended on it. Alternatively, coders that do have it and can do it (a minority) are not given enough time to clean up and fix remaining issues, because said MBA-morons think "it works". I have learned to not give them anything that has the complete functionality before all other aspects are fine. Otherwise they declare the prototype "ready for production" and that is not good at all.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
1) The help desk won't tell the user they don't know how to do their job (and usually the user is so bad at describing the issue they probably haven't had a chance to figure out it's a PEBKAC issue) so they dispatch desktop support.
2) Desktop support doesn't understand what's happening and doesn't communicate well with the user to get the details required to figure it out, so they blame network (security/policy/site connectivity/whatever).
3) The network tech stops what they're doing to prove it's a desktop issue so they can push the job back down the chain.
4) The desktop guys figure out the user is improperly trained - sometimes they're just clueless, sometimes there's a change and their department didn't do the training... or even a simple notification.
That describes 80% of the tickets I am aware of in our organization. Sometimes it bounces back and forth between steps 2 and 3 a couple of times, to the user's frustration and the discredit of the IT department. The important thing is that I am neither tier 1 support nor a network guy, so I can mostly sit to the side and look down disdainfully at the whole farce without actually having to do something about it.
Rice's theorem hates your guts.
I tell people to call the help desk phone line so I can spend more time commenting on Slashdot while waiting for the real security work to roll downhill.
But my Dell cup holder is still broken!
I don’t understand the math, here. The sourced “article” (it’s more of an advertorial, really) affirms:
- salaries upwards of $100,000 a year
- 80% say more than 1 hour per week, which could equate $88,000 per year.
- 8% say more than 5 hours per week, which could equate $400,000 per year.
- up to to 12.5% of investment squandered.
At the risk of making a fool out of myself:
- $100,000 per year is about $50 per hour, isn’t it?
- 80% staff spending 1 hour per week (50 hours per year) would then cost an average of $2000 per employee per year, not $88,000.
- 8% staff spending 5 hours per week (250 hours per year) would then cost an average of $1000 per employee per year, not $400,000.
- 8% staff spending 5 hours per week (12.5% of the work week) and the remaining 72% spending 1 hour per week (2.5% of the work week) would represent an average of 2.8% of investment squandered, not 12.5%.
Naturally, to measure the true loss, you’d also have to deduct the costs saved from not asking the regular IT staff to do the job, and also the gains obtained from the immediate increase in productivity resulting from the security staff’s intervention.
Of course, the article is thinly disguised advertisement for some “automation solutions available that help them keep their day-to-day work”, so accuracy may not be paramount, compared to shock value
That's before the dot com era. No one knows what Slashdot is today.
It's from beetrootnews. By vegetables, for vegetables, about vegetables.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I have more time than this wasted in meetings . Currently it's a BA with a bee in their bonnet about edge case scenarios who wants endless meetings to discuss them...
Too often the people that fix things open up security holes. Most of the time IT departments 'training' consists of "This is how you google the solution to your problem." and "Call this Vendor for this problem."
For anything more than that, the help desk is useless but the Security department knows how to fix the issue.
excitingthingstodo.blogspot.com
Isn't it "1% of IT staff fixes 83% of problems"
Security people need to be on top of multiple fields. You can't be in IT security without knowing a lot about all the layers in system.
Specialist network techs look at a problem and push it to specialist server/desktop techs if it doesn't fit their view of a "network issue". The user gets bounced back and forth till they give up or figure it out themselves.
Take the problem direct to a security specialist and 9 times out of 10, they will be able to point directly to the root of the problem because they don't have tunnel vision. Word of mouth spreads the idea that "Fred in security will know how to fix that", rinse and repeat and you spend half your day on support issues.
It's human nature. And not necessarily a bad thing as as single call for help can lead to nipping a security issue in the bud..
More general training (and higher pay!) for help desk staff is the only real answer but people are locked into the idea that help desk are "ticket generators" rather than troubleshooters.
That's okay, I spend 40% of my time working around app response and usage problems created by overly-aggressive McAfee settings put there by Security.
Table-ized A.I.
(as long as it is legal).
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
You're right . Back in the old days of Slashdot... we like to call it the dot.org era.....
You're basically paying a 'security' professional who is really just an "IT person" in order to make sure you got the 'security' in your company and can check of a box on the PCI/HIPAA/SoX compliance worksheets.
What else is the security guy supposed to do? You can't read/write CVE's all day long, you actually have to do system or network administration at some point.
And what would happen if the guy was only relegated to the core job description? He'd be playing video games all day long anyway.
Custom electronics and digital signage for your business: www.evcircuits.com
Well I am good programmer AND have an MBA, so I'm trying to figure out if I should be offended.
"I didn't change anything on my configuration, but my computer is not working any more, so it must be some automatic security restriction that happened automatically . . . "
Obligatory
"National Security is the chief cause of national insecurity." - Celine's First Law
Rice's theorem hates your guts.
Rice's Theorem is a corollary of the Halting Problem. Both are commonly misunderstood. It is true that there is no procedure for determining if an arbitrary program halts (or does almost anything), but that isn't true for all programs. If a program is designed to be proven correct, and carefully written, then its behavior can be determined.
In practice these constraints are so onerous that almost no one outside of the tallest ivory towers thinks that "proofs of correctness" are a realistic path to more reliable software.
Donald Knuth once sent a program to a colleague with a warning "Beware: I have proven it correct but not tested it."
I want to know my employer is getting value for the money they pay me.
If I'm spending my time doing things we can employ someone on a third of my salary to do, I'm going to suggest we do exactly that. I have no shortage of high value activities to put my time into.
You appear to have no fucking clue whatsoever about the software creation process, its constraints and complications, and how fucking astonishing it is that things as complex as modern operating systems even fucking run, let alone work.
You want to mathematically prove 300GB of Windows source code? You go right ahead, then borrow a time machine so you can come back and tell us how it went, because by the time you've finished our grandchildren will all have died of old age.
Sure, blame the programmers.
You want a secure system? I can do that. I'll hit the big red fucking button on the data centre wall and all our data will be beautifully secure.
Strange, people I work with don't want that to happen. They would prefer to compromise security in order to achieve other outcomes.
That's got fuck all to do with programming. That's people, processes, stupidity, resource constraints and other factors that are so far beyond the control of programmers that blaming them is total idiocy.
Shit, you already know you shouldn't trust the software to be secure so what fucking difference does it make whether the programmer is any good anyway? Put the right mitigations in place and you'll survive a four year old jumping on the keyboard his parent left attached to your GIT repository.
Fucking security "professionals" need to learn how to do their fucking job, and that it doesn't include blaming every other cunt for their own failings.
How about starting with not appointing idiots with zero knowledge about code as their bosses, and not letting those zero-brain idiots set the milestones and delivery dates?
It is a little known fact that programmers don't really like to ship buggy, unstable and barely tested code. Most of them would just love to ship rock solid code that could even drink fruity drinks with little umbrellas because it's SO secure. But that takes time they don't get from their PHB morons.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Rejoice. At least if you're in Europe. We recently got changes in our laws that those MBA dimwits are now personally (read: with their own stash of money) responsible for security breaches if they can't show that they've taken reasonable steps to get their act cleaned up.
In other words, you won't find an ITSEC in Europe right now that isn't stressed out, overworked and has more overtime piled up than a doctor in a warzone.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
IT security is a huge problem because it has been ignored until the recent past. Only now that security breaches start to get expensive, especially in the light of ransomware attacks that now also start to hit big businesses (because until now, a security breach there only meant that your data gets stolen and your identity gets abused, who gives a fuck about that?), and also changes in laws that put the knife for security breaches right at the throats of C-Levels, they start to replace mental lull with operative hectic and realize that SOMETHING has to be done.
SOMETHING!
It's a great time to be security consultant, I tell you... Well, provided that you just want to make a ton of money and don't really care that you should actually tell your customer "You're fucked. Shoot yourself"...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Because no republican has ever tried to use the latest technology available to spy on anyone ever. The red scares and black listing never happened. And of course, the Muslim witch hunts used today are only used to spy on potential terrorists and no one else, and we are all safer for it. Boy how nice it is to wake up and not think of which ever terror group both government and media has decided is in season this year thanks to the efforts of the 12 or so intelligence agencies in the U.S.. Yeah, we definitely need more bureaucracy. By any chance, you wouldn't happen to work for her majesty? I like my wolves as wolves and not dressed as sheep holding face recognition CCTV cameras and telling me it's for my "safety." Locked and loaded and college educated; I'll be fine. You should learn to take charge of your own life and not leave it in the hands of others. That includes access and possession of knowledge and your fears. Be more proactive in your computing and way of thinking. Facebook, Twitter, and Google are horrible sources. There are these tax funded, objective, nonfiction sources of information written by pre-milllenial people with doctorates in a place called a public library you should put the phone down and visit once in a while.
Security, by the very definition of the job, deals with stuff that isn't for public consumption. That in turn means that it usually takes a bit of work to get these people cleared to do what they're doing. It actually took nearly 2 months for me to just get all the necessary clearance checks done so I can sit in the office that I sit in now. Without them, no chance to get in there at all.
Yes, that means I have to empty my own waste bin and run the vacuum cleaner myself every time it gets so dirty that even I don't want to walk across the carpet. Is that security related? No. It's janitor work (and trust me, my appreciation for these people went up a LOT since I took that job!). And I have to carry computers around, I have to install my own hardware, I have to run cables, I have to change lightbulbs, you get the idea.
If you say 83% of security staff are "wasting" time on non-security related jobs, I don't question the 83%. I question what the other 17% of security are actually doing.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
(as long as it is legal)
Pray that you never find child pornography on a system. A coworker did and reported it to the IT manager, whom informed HR and Security (rent-a-cops). The coworker and IT manager gave statements to Security, and were questioned on video tape by the staff attorney. The IT manager and the security guard chief retrieved the system after hours. That was Tuesday. For the next three days, the user of that system freaked out, banged on doors, chased after the techs, and went pissing-and-moaning throughout the hallways in full view of the security cameras. The user got let go on Friday. The story never made the papers. Never heard if the case gone to court.
My experience doing I.T. for several mid-sized companies over the last 20 years is, none of them had big enough budgets to justify hiring dedicated "security" people. It's simply the best "bang for the buck" to hire a core group of a few I.T. "support people" who take care of servers, trouble tickets from users, and do some of the planning and upgrade projects.
When I've met "InfoSec" guys working for businesses similar to the ones I've worked for (perhaps a bit larger in size with larger budgets)? They typically come off as a bit arrogant. They like to spend a lot of time going around to other people in I.T., giving out their unsolicited advice on how something or other should be done, and do a lot of bending the ear of middle or upper management to get policies and procedures put in place to formalize their ideas.
Are they intelligent people who actually do have a lot of knowledge about securing a network? Yes! But they often fail to really grasp that security is always going to be a trade-off. The more you secure the environment, the less worker-friendly it becomes. The I.T. "generalists" who have been supporting networks, servers, workstations, and all the peripherals and software swirling around them often have an awareness that many of these recommendations for "better security" aren't being implemented. The InfoSec types become a bit like annoying flies or gnats that keep buzzing around your head while you're trying to work. They work against your own goal of improving efficiency and worker productivity with their demands that "everyone change their passwords every 14 days, using no less than X number of characters with upper and lowercase, plus at least 1 special symbol", or that all the USB ports on the desktops be glued shut, or ??
I'm sure that in many cases, these guys get paid handsomely to secure things, but once they've implemented all the ideas they can come up with -- they have a lot of time on their hands, just checking log files or doing the occasional audits of what's already supposed to be in place. It makes sense to utilize them to do more of the "day to day support" stuff, so you're not paying them to sit on their hands waiting for the next big malware outbreak or suspected hack to come along.
"Hey IT, can you fix my outlook? It's not working."
"Sure"
"Hey IT, can you fix my chair? It's not working."
"sure"
"Hey IT, can you fix my fridge? It's not working."
"err...sure"
"Hey IT, can you fix my A/C? It's not working."
"Just to say, I'm not the guy that fixes A/C."
"Can you also fix my fan? It's not working."
"...sure"
Why don't these people ask their co-workers to fix their cars for them? How about their busted TV?
As someone who taught corporate level security classes, who is now in corporate security offices going around helping other businesses and use to be a system admin security people are some of the worst technical people around excluding end users.
The reason they are doing outside work is because under normal circumstances most of them are doing nothing. Most are so tech ignorant that they just watch their tools for alerts but don't have the skills needed to set them up for much more than what ships with the tools. So you have people sitting around the technical area of the business people see them and ask them to do stuff.
So that's why you were unemployed for two years!
So that's why you were unemployed for two years!
Uh, no. Try again.
Even if programmers always followed best practices, this would not eliminate vulnerabilities.
It's easiest to understand this through analogy. Your house has security vulnerabilities. A thief can kick in a door, or break a window, or just ring your doorbell pretending to be a neighbor. No matter how solid the construction, there's always a way in, given enough will and determination.
Code is no different. It's really just an arms race. You can fortify your code, but then so will the intruders.
If this is actually true...I never never met a person as altruistic as yourself.
It's a free country, live like you wanna live, but to me, I view work in a much more mercenary fashion. I want to get paid as much as possible, period...if they have me peeling potatoes for $100K+ a year, I'm happy to do it, and hope then never find anyone willing to do it cheaper.
The *only* reason i work..is to make enough money to allow me to live the lifestyle that makes me happy. If I won the lottery tomorrow, I dunno if I'd even bother telling them I wasn't coming back....ok maybe I would, I'm not that cold...but I certainly would never "work" again.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Sounds like someone who has never worked in the industry. Ever.
BeauHD. Worst editor since kdawson.
Right - pray for it. It's not because it's a disgusting, abhorrent thing that brutalizes and damages innocent children - it's just a SUPER inconvenient thing to have to deal with making a couple legal statements and filing a report.
If it was a "SUPER inconvenient thing", the easiest course of action would be to do nothing.
You might even have to miss your lunch for a day or two.
My coworker reported the filenames he came across while transferring data between systems. He never looked at the images. He only had the log file from the data transfer. It was the IT manager and security chief's job to make the determination and confiscate the system.
Do you ever think before you post?
Yes, I do. Your knee-jerk hostility towards me is misplaced.
All child pornography reports are fake. Someone just wanted an excuse for a witch hunt.
The user was never told why security confiscated his system. He was offered a replacement system but kept insisting on getting back his old system. He behaved like a lunatic for three days, throwing away whatever professional reputation he had. An innocent person would have accepted a replacement system and continued on working.
You just need to press the "Deploy Cupholder" button harder!
Sleep your way to a whiter smile...date a dentist!
He drained one swamp to get his swamp even larger.
Now it's a gamble over how long he will be in office.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
That's a shame, but you do realise plenty of people take pride in their skills and get satisfaction from being useful and good at something?
They could do a better job if their life depended on it.
Not entirely sure what you're trying to say. Did you make a mistake in that sentence? Was that supposed to say "couldn't"? Did you do that while complaining that people make mistakes? The irony is so thick you could cut it with a knife.
Dear brilliant managers, Please do forbid your valued security specialists to talk with those abusive colleagues. Let them handle the problems themselves! *Then* calculate your losses, you, mediocre condescendent a-holes! People are not robots, you know, they interact and even help each other!
Can you give some references? This is seriously difficult to believe given how much our governments normally kiss the MBA arses.
"It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
I have this problem.
A VP of a department with a staff of hundred low paid employees tells IT with a staff of 10 who is paid 4x as much to do data entry because they don't have the manpower to do it. Sure it is my job and I'll do it. However the company is wasting money on me where I could be doing something much more valuable to the organization. And that expense will get pushed to the customer.
For the consumer, do you want to pay an extra dollar for a widget, because the they had the IT guy working on something that they could get other cheaper staff to do just as well if not better then you add the cost of this taking away time to make the process better or safer because the guy wasn't allowed to do the job they wanted him for?
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Maybe I'm odd but I have skills that are genuinely worth the salary I'm paid.
My employer needs people with those skills, so why wouldn't I assure that they benefit from mine?
If they didn't need those skills then yeah, I'd tell them to replace me with someone cheaper that can do the things they need. I'll get a job somewhere else that actually needs me.
That's more rewarding for me personally as well as being basic business sense.
The potential conflict would come if they could replace my skillset for less, e.g. by using resources in lower cost regions. I find that people like that tend to move out of those regions because they can draw a comparable salary to my own by coming to where the work actually is.
It helps that being available in-person is a substantial benefit for the role.
I don't know anyone in IT who doesn't have to spend a little time here and there working on stuff that is outside their job descriptions. What makes them special, just because they work on network security?
I think you're spot on.
I think one reason the security people are getting dragged into ordinary problem solving is that ordinary support people are running into end-user problems that are *caused* by security configurations that support can't change.
I think a lot of security people want to sit in the back room and implement a bunch of security changes without consideration of what breaks or how it effects end users. It may be the "right" thing to do, but they don't care about the side effects.
It is possible to prove the correctness of programs
Only if the thing doing the proving knows what your actual intention was. Your program can be logically sound, free of intrinsic vulnerabilities and still do the opposite of what you intended.
It doesn't matter what your proof shows, eventually your program gets compiled and then all bets are off. It also interacts with an OS, and again all bets are off. See also Ken Thompson's Reflections on Trust". You can gain some additional confidence that your code is correct, bet never prove it. Even if you say you can prove the assembly, it gets run on different CPUs. Anyone saying they can prove a program correct probably should give that ridiculous claim a lot more thought.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
We get it. You have never written software, have no idea what is involved, and couldn't write a hello world program if you tried. Thanks for your "insight".
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
If someone took my work PC with all of my data on it, I would lose my shit as well. He may have had a bitcoin wallet on there with a million dollars in it for all you know. Maybe his only copy of a manuscript he's been working on for half a decade is on there. There are other reasons why someone would lose their cool when their PC/Data suddenly is yanked away that are totally unrelated to kiddie porn.
There should be backups. If the IT department is doing its job, the loss of a particular machine should be inconsequential. If a person is storing critical data like a bitcoin wallet or manuscript on a single disk without a backup, they're gonna have a bad time no matter what their scheming coworkers are up to.
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
and sometimes I end up wasting upwards of half my time not programming, and nobody seems to care!
In fact, clients often specifically tell me to not to mention the problems I run into that prevent me from doing my job.
I just can't believe these people are going to get their panties in a bunch over security professionals losing an hour a week here and there.
First off on the topic, I don't think it is all that surprising, but would add that it isn't just "Security staff", but essentially all IT staff not in a direct support roll. It happens to me all the time, and for the most part I'm happy to oblige if I can. It only becomes annoying when I have other priorities or pressures, and so-and-so wanders by and wants me to figure out his printer problem or something when I should be testing a corporate application for bugs on a deadline.
Second I do have a limited support role for some specific applications, and as a result I submit a LOT of tickets. Not only because I need to for myself in a development capacity, but also on behalf of some users with certain problems. Anyway as you call it "pass the buck", I typically refer to it as the "blame game", it is easily the number one thing that makes things take about 10,000% longer than they should, but also ends up with a lot of "resolved" tickets for unresolved problems.
One in particular I had this year (and indeed I went through the whole BS process last year with a similar result), was essentially complaining about the testing environment for a particular application we're doing development on. Under a lot of pressure to test the bejuses out of it to ensure nothing gets into production, however this is "challenging" by the fact that the environment runs about 25 times slower. So a test query that might take 7 seconds on DEV or on PROD takes about 3 MINUTES on the stupid testing rig. Now multiply that by hundreds of test cases. It is absolutely brutal, and testing certain things becomes very difficult if not even very reasonable to do within the time frames of the project. Anyway I have no idea why it is so slow, and as mentioned, it has been this way for awhile now. It isn't like it is 25% slower or something like that, the difference is astounding and hard to simply say attribute to only old hardware or something. Also for reference, this is an older legacy system, which should probably run pretty good on just about anything seeing as it was designed to initially run on hardware from the 1990's...
Anyway so after I get thoroughly frustrated, I decide to give it a try to get someone to do something about it. So I start the whole process as I am required to do with a stupid IT help desk ticket... First it is required to get escalated a bit, as it isn't something one of their first line staff is used to dealing with. Then the blame game starts. The data centre hardware guys blame the application and the code, who blame the DBA's and the DB structure, who blame the network people, who blame the security people, who blame the middleware folks, who blame the vendors of VM, who blame the hardware, who blame the DB optimization, who blame... etc... What basically happens at each juncture a bunch of emails are flying around, I'm usually called to do performance testing and testing and testing at each point (all of which ends up being exactly the same), the ticket itself gets "resolved" and "re-opened" multiple times because some group decides that they are done, and it just continues and goes on, and eventually in the end nothing actually happens. Which at a certain point I just make sure my management is aware of the issue, and the fact that I can only reasonably test to a certain point given the circumstances, that all the various IT parties have been made aware of the issue, did nothing, and as such are willing to accept the risk, that should something get into a production setting that I couldn't test for, the blame for that falls directly on the low performance of the environment and the lack of support that it has... Bitter much I know. Anyway I know I will run into this again next year, and the year after that, etc... until they probably replace everything and start anew with a different configuration.
Another issue other than the blame game is "partial" tickets, where part of a ticket will get done (say installing some software), but the second part of the ticket (say creating a user account) doesn't.
If someone took my work PC with all of my data on it, I would lose my shit as well.
In the Enterprise environment, "your" work PC can be replaced, reimaged and assigned to someone else for any reason at any time.
He may have had a bitcoin wallet on there with a million dollars in it for all you know. Maybe his only copy of a manuscript he's been working on for half a decade is on there.
User profile data is stored on the network and accessible by logging into any system on the network. If data got stored outside of the user profile (typically the root of the C drive), it could be recovered during the 90-day period that the hard drive is kept before being destroyed. For systems suspected of having kiddie porn, the law requires keeping the system intact for one year after the initial police report.
There are other reasons why someone would lose their cool when their PC/Data suddenly is yanked away that are totally unrelated to kiddie porn.
The user had six weeks of notifications that warned him to remove personal data prior to the PC being refreshed.
video tape? When did this happen? 1987?
2012. It may have been a DV tape.
So the 100k security guy is spending 10% of his time doing something that the 100K admin is supposed to be doing. Sad!
love is just extroverted narcissism
What's the big deal?
You missed the part where the user ran up and down the hallways like a lunatic for three days. The IT department was under lockdown protocol while the soap opera played out in the hallways.
I'd have to look it up but IIRC it either has become or is about to become a EU guideline (which is essentially EU "law") that CEOs can be made personally liable for security breaches and the ensuing financial backlash if they can't show that they have taken reasonable steps to mitigate the risk.
Yes, most likely this means that having a CISO and not just using him as a liability shield (read: find the cheapest idiot willing to sit on that ejector seat) will most likely already do, but nobody wants to be the first to duke it out in front of a judge. So they all fill cabinet after cabinet with CYA papers.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
And "lockdown protocol" is what, exactly?
Active shooter in the building, wait for instructions from security or police.
And why would the IT manager not simply call security and have the offending employee removed - either to police custody, or to a treatment program for his apparent nervous breakdown?
Security was recording everything on the hallway cameras.
I guess this sort of Mickey Mouse idiocy is what I'd expect from a company that would hire you.
This happened at hospital. The contracting agency I worked for had nothing to do with hospital security.
"That's got fuck all to do with programming. That's people, processes, stupidity, resource constraints and other factors that are so far beyond the control of programmers that blaming them is total idiocy."
There's not a single comma in any program that hasn't been put there by a programmer or that could at all be there if not for the programmer deciding it was the moment to write it down.
So, yes, I do blame them.
"How about starting with not appointing idiots with zero knowledge about code as their bosses, and not letting those zero-brain idiots set the milestones and delivery dates?"
Those idiots can set the most obnoxius delivery dates, the most stupid features on the roadmap all they want; the code is not there till a programmer puts it there. Not a single second before that moment.
"It is a little known fact that programmers don't really like to ship buggy, unstable and barely tested code"
That's obviously untrue as it can be attested by basically any public tracker from any community-based open source project.
And then, it's that even less known fact, specially among programmers, that the vast majority of them could not do any better, even if their very lives were at stake.
If you regard the MBA as a valuable qualification that qualifies you to be a competent manager, I do expect you to be offended! If not, there obviously is no need to.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Well, I am a "fucking security professional" and I do know how to do my "fucking job", but I also ask a pretty high price for my time. None that were willing to pay have ever regretted it, but there were quite a few that said "too expensive". Not that I lack for work at all...
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If you are relating to SOX, that is not worth the paper it is printed on. If it is something else, I also would like to know what it is.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Typo. Should obviously have been "couldn't". There is no irony here unless you have no understanding of the little fact that there are mistakes of different severity. Or do you believe that people need to be perfect before they are allowed to criticize others? In that case there is really nothing to add here, because you fail at existence.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Oh wait, it's creimer. Yeah, never mind - monumental stupidity is sort of your jam, isn't it?
Oh wait, it's an asshat! Writing paragraphs after paragraphs in a futile attempt to insult me. ROFL
If they didn't need those skills then yeah, I'd tell them to replace me with someone cheaper that can do the things they need.
Your boss wants you working on the things that only you can do, not working on the things that any number of people can do just as well for a much lower pay.
You got pwned. Just laugh like the rest of us.
I've been laughing for weeks.
Not everyone is content with mediocrity.
Also 100k isn't even that so money that you shouldn't aim higher. It's the starting salary of many IT/software positions.