Work out and alter the way you think
on
Anxiety and IT?
·
· Score: 1
I agree on physical workout. I went to work with my bike most of the year (about 45 mins single trip) and stopped for about 1.5 months now (weather getting bad).
Because driving my car is more stressful I feel I take my job home sometimes, this does not happen when I go by bike.
Workout really helps.
Next: Why are you so important for your company?
If stuff breaks, does this really mean the company goes down the drain?
And you are the only one who can fix this?
Time to ask for a huge raise!
Get rid of this feeling.
When you cannot do your job tomorrow for whatever reason and IT fails the company will not go bust.
You have a job, do it well. When you close the door when leaving for home, work is gone.
When people call you in the middle of the night, work starts the moment you log into the system.
Between this it's your time, your life. Do something usefull with it instead of living in fear.
The problem isn't GUI vs CLI.
The main problem is automation.
If you need to do something once a day a GUI will do just fine.
Do the same thing 100 times a day and you scream for an automated process.
CLI often has more possibilities for automation.
Having said this, the solution is not providing a CLI for those tasks but a way to interact with the system that requires the least human interaction as possible.
This can be CLI, but also some kind of listening process that picks up a file or data in a message queue.
I've worked for a large govt organisation with 6000+ users, which had 4 field engineers for remote locations (about 2000 users) and 15 sneakers for the other 4000 at their main location. Add about 10 helpdesk employees and 20+ network/server admins and you get an idea. However, this staff was needed because the huge amount of different applications run there.
Another site I worked at had 4 people at HD, 2 server admins, 1 network admin and 2 or 3 sneakers on each of two locations. Roughly 600 users
I'd say it's all about the number of service requests you get and the complexity of the IT environment and not absolute numbers.
Add SLA's and what users/management expect to determine if you are understaffed or not.
Depending on the people you try to teach to be skeptical this might help.
When people are very firm on a point I think they are wrong I ask then to imagine they are looking at the night sky.
Then I ask them if what they see is real.
Most of the time they will reply: yes.
Then give them something to chew on: but the light from some of the stars travelled only for a few years while the light of other stars might have taken several decades to reach us.
It could even be that those stars never existed at the same time.
Is what you see real or not?
After that there is another question: imagine you are on a planet close to Polaris.
And take a peak to the sky from there.
Would you see the same as what we see here?
I think those kinds of questions could teach people not to take anything for granted.
I fully agree with this comment by Alexander.
If you are a senior security XXX you should understand that information security is about risk.
You should be able to talk business, think business and breath business.
Management relies on your judgement when you show you know their business and how to minimize risk.
When I started as security officer I was thinking a lot about threat and how to avoid that.
However, threat is only part of the total risk picture.
Lets consider protecting a crown.
At first we need to determine the value.
If it's a paper crown, why would we protect it at all? It's worthless.
If it's a cheap wooden crown it might be worth to invest some money in protection but not very much.
If it's a gold crown that can be replaced security should always cost less then the actual value.
Only if we are talking about a unique crown that is irreplaceable we can talk about extreme measures and protection at all cost.
Now let's take that that crown again.
The actual threat to the paper crown is low, people can make it themself.
The actual threat to the wooden crown is higher, it's convenient to take away and it has some value.
The actual threat to the gold crown is a lot higher because it's still convenient to take away and it has a higher real value. Just melt it and sell the gold seperate.
The actual threat to the unique crown might be lower then the threat to the gold crown.
That last one is odd but not strange. There is a very small market to sell the item and a very small group of people able to steal it.
The reason why protection on the unique crown is extreme is because it can't be replaced, not because of the threat.
When talking to management you may think you are protecting the crown jewels while they think it's a paper or wooden crown. This is a common gap and needs a lot of understanding about business and how to determine the business value of information and assets.
If you think their perception is wrong try to determine how they value the asset and more important: why.
It might be that their reasoning is wrong, it might be that your point of view is wrong.
A long time ago I saw a lot of risks in a particular business process.
When I talked to the manager he agreed from the perspective of my understanding of the process. However, he also explaned the total business process which has a large part that is handled by a third party.
The total process is almost impossible to abuse and it would involve several authorised people in several companies to do actual damage.
Knowing and talking business made my life a lot easier.
I know how management thinks on subjects and how I can report things in a way they understand and can make a fast decision on. They know I don't report anything that has not been discussed with several independend people involved in the process or with knowledge on the information or asset. It's not only my opinion, it's the opinion of the business.
If they decide to reject a proposal I always get the reasons why. Most of the time they are understandable from business perspective and if not I ask the people involved their opinion on that reason. Based on that I might challenge management again.
It also made upper management a lot more involved in information security.
Once in a while we as security team challenge them on subjects and they respond very well.
They even want us to organize trainings for them and they do ask for our opinion on subjects.
Because we approach the problems from business perspecive and help them make the right choice.
They know we are on the same line, making business better.
While getting in the discussion way too late I'd like to share my thoughts on this subject.
When I was in university besides my job, part of the cource was Java programming.
I've looked through the materials for the next years and while it did touch some topics that were more in dept, a lot was not.
The main problem I noticed that it was tuned a lot towards 'fun' applications.
Build a nice GUI, perhaps connect it to a database and make some code to make that work.
Perhaps catch some common exceptions, but that's it.
At the same time, I was making a Perl application at work to convert a flat file with records from system A with financial information into an other flat file for system B(not exactly rocket science).
The main difference between the applications from my cources and my work?
The application at my work has 75-80% of it's code dedicated to error handling while the applications for my cource would at best have 10% dedicated to that. And most would have been the 'required' try{} catch (Exception e){} ones.
It did not matter what caused the error, as long as it was covered.
For the business application, we tried to think about every possible situation that could go wrong.
Each field in the record from system A (input) is checked if it matches the expected format when entering the program (some are human input) and each field in the record for system B (output) is checked if it matches the expeced format.
In between, every translation or conversion is checked to be correct.
Each error leads to a specific message where the error occured an what caused it.
Each faulty record is fully processed and then rejected specifying all errors.
This is something people probably never learn in Java classes.
And many would not consider this fun.
However, this is what programming in a business situation is or should be about.
Making sure an application does only what it is supposed to do, nothing more, nothing less.
And when something goes wrong, give a clear indication what went wrong.
The best way to teach that?
Probably make people curious on how things work.
Stop teaching a specific programming language and let them solve a problem in natural language.
Make several solutions part of a bigger problem. Solve that.
And after that let the students translate the found solution to a programming language.
Could be Java, C(++), Ada, Perl.
Let them stuggle learning the language habits.
Make learning the syntax part of the 'problem solving' proces.
Since the OP made a bad summary, ommitting the 'Cross Site Request Forgery' (CSRF) part, everyone is jumping on it.
CSRF can be avoided by using two seperate browser sessions that are used independend and share no resources.
It does not protect against mallware on the computer.
It's no rocket science and I would not consider it extreme security browsing.
I have a full-time job and a relationship, so i don't always have time to play. I still manage to get a couple of hours of gaming each day if I want to.
How? Just talked it over with my gf. She's not at home on Tuesday and Friday evenings, so I can play those evenings. Furtermore, most of the time I can play about 1 - 1.5 hours on other evenings, right after dinner. When I am really hooked, I get up early in the weekend and play a couple of hours until my gf gets awake (My alarm clock rings at 5:30 on weekdays, so getting out early is not a problem).
Only thing that the game needs for me are short levels or frequent save possibilities.
The only game I play right now is a online game (not WoW). When I have little time, I just start helping others on short missions. When I have loads of time, I try new missions/quests or help others on the harder/longer missions.
The other games I played are mostly FPS, so (unless playing on hardest difficulty) you have oppertunity to save.
And best of all, my gf also does game (other kind of games, except Unreal Tournament), so we can sit togetter when playing and inform about progression and stuff.
I have talked about typing with a data-typist. As she told me, keyboard layout does not really matter, as long as ou keep using the same layout.
When typing blind, with a dictaphone or from paper, she even manages to conversate with her colleguages. With typing speeds between 250 and 300 chars/min. According to her, typing is just 'moving the fingers without thinking'.
Imagine putting someone like her at an other keyboard layout. I think it will be quite unreadable.
Or someone must write a program to convert the document to qwerty.
I've worked at the Netherlands Ministry of Housing, Spatial planning and the Environment (VROM in Dutch) about 4 or 5 years ago as an IT specialist.
It's not only about the sysadmins.
When I started working there, they were cutting the number of applications.
As far as I remember, they were trying to cut from about 1500 different applications to about 600 to 700.
Most of them were Windows applications.
My grilfriend worked at a Dutch city hall.
She had to support between 45 to 60 different Windows applications.
Switching from MS software to something else could mean that most of these applications have also to be converted / substituted.
That's not something that can be done easily.
I can understand the short-time choice for MS software.
But the negotiations with MS seem to conflict with government policy.
Dutch is also spoken in Suriname and The Netherlands Antilles. The South African language is also related to Dutch. In Belgium, there are two main languages, French and Dutch.
Slashdot Mirror
I agree on physical workout. I went to work with my bike most of the year (about 45 mins single trip) and stopped for about 1.5 months now (weather getting bad).
Because driving my car is more stressful I feel I take my job home sometimes, this does not happen when I go by bike.
Workout really helps.
Next: Why are you so important for your company?
If stuff breaks, does this really mean the company goes down the drain?
And you are the only one who can fix this?
Time to ask for a huge raise!
Get rid of this feeling.
When you cannot do your job tomorrow for whatever reason and IT fails the company will not go bust.
You have a job, do it well. When you close the door when leaving for home, work is gone.
When people call you in the middle of the night, work starts the moment you log into the system.
Between this it's your time, your life. Do something usefull with it instead of living in fear.
The problem isn't GUI vs CLI.
The main problem is automation.
If you need to do something once a day a GUI will do just fine.
Do the same thing 100 times a day and you scream for an automated process.
CLI often has more possibilities for automation.
Having said this, the solution is not providing a CLI for those tasks but a way to interact with the system that requires the least human interaction as possible.
This can be CLI, but also some kind of listening process that picks up a file or data in a message queue.
Too bad they don't give Darwin Awards to people who live to tell their stupidity...
If you ask: "hey, can I get online access to BIA or SWIFT messages" they will come with very expensive solutions.
However, do you really need that? My company works in financial business and most of our SWIFT messages are send out a couple of times a day.
And bank statements (MT940) is retrieved once a day.
The moment you start asking things that have never been asked before banks will have some problem delivering.
I can give some horror stories from corporate experience about interfacing with some of the big names in the financial world....
But maybe you can explain the exact situation to them, why you need specific data.
And they might well have a better solution that would fit your needs at a reasonable price.
Or see a business opportunity.
Another site I worked at had 4 people at HD, 2 server admins, 1 network admin and 2 or 3 sneakers on each of two locations. Roughly 600 users
I'd say it's all about the number of service requests you get and the complexity of the IT environment and not absolute numbers.
Add SLA's and what users/management expect to determine if you are understaffed or not.
Depending on the people you try to teach to be skeptical this might help.
When people are very firm on a point I think they are wrong I ask then to imagine they are looking at the night sky.
Then I ask them if what they see is real.
Most of the time they will reply: yes.
Then give them something to chew on: but the light from some of the stars travelled only for a few years while the light of other stars might have taken several decades to reach us.
It could even be that those stars never existed at the same time.
Is what you see real or not?
After that there is another question: imagine you are on a planet close to Polaris.
And take a peak to the sky from there.
Would you see the same as what we see here?
I think those kinds of questions could teach people not to take anything for granted.
I fully agree with this comment by Alexander.
If you are a senior security XXX you should understand that information security is about risk.
You should be able to talk business, think business and breath business.
Management relies on your judgement when you show you know their business and how to minimize risk.
When I started as security officer I was thinking a lot about threat and how to avoid that.
However, threat is only part of the total risk picture.
Lets consider protecting a crown.
At first we need to determine the value.
If it's a paper crown, why would we protect it at all? It's worthless.
If it's a cheap wooden crown it might be worth to invest some money in protection but not very much.
If it's a gold crown that can be replaced security should always cost less then the actual value.
Only if we are talking about a unique crown that is irreplaceable we can talk about extreme measures and protection at all cost.
Now let's take that that crown again.
The actual threat to the paper crown is low, people can make it themself.
The actual threat to the wooden crown is higher, it's convenient to take away and it has some value.
The actual threat to the gold crown is a lot higher because it's still convenient to take away and it has a higher real value. Just melt it and sell the gold seperate.
The actual threat to the unique crown might be lower then the threat to the gold crown.
That last one is odd but not strange. There is a very small market to sell the item and a very small group of people able to steal it.
The reason why protection on the unique crown is extreme is because it can't be replaced, not because of the threat.
When talking to management you may think you are protecting the crown jewels while they think it's a paper or wooden crown. This is a common gap and needs a lot of understanding about business and how to determine the business value of information and assets.
If you think their perception is wrong try to determine how they value the asset and more important: why.
It might be that their reasoning is wrong, it might be that your point of view is wrong.
A long time ago I saw a lot of risks in a particular business process.
When I talked to the manager he agreed from the perspective of my understanding of the process. However, he also explaned the total business process which has a large part that is handled by a third party.
The total process is almost impossible to abuse and it would involve several authorised people in several companies to do actual damage.
Knowing and talking business made my life a lot easier.
I know how management thinks on subjects and how I can report things in a way they understand and can make a fast decision on. They know I don't report anything that has not been discussed with several independend people involved in the process or with knowledge on the information or asset. It's not only my opinion, it's the opinion of the business. If they decide to reject a proposal I always get the reasons why. Most of the time they are understandable from business perspective and if not I ask the people involved their opinion on that reason. Based on that I might challenge management again.
It also made upper management a lot more involved in information security.
Once in a while we as security team challenge them on subjects and they respond very well.
They even want us to organize trainings for them and they do ask for our opinion on subjects.
Because we approach the problems from business perspecive and help them make the right choice.
They know we are on the same line, making business better.
While getting in the discussion way too late I'd like to share my thoughts on this subject. When I was in university besides my job, part of the cource was Java programming. I've looked through the materials for the next years and while it did touch some topics that were more in dept, a lot was not. The main problem I noticed that it was tuned a lot towards 'fun' applications. Build a nice GUI, perhaps connect it to a database and make some code to make that work. Perhaps catch some common exceptions, but that's it. At the same time, I was making a Perl application at work to convert a flat file with records from system A with financial information into an other flat file for system B(not exactly rocket science). The main difference between the applications from my cources and my work? The application at my work has 75-80% of it's code dedicated to error handling while the applications for my cource would at best have 10% dedicated to that. And most would have been the 'required' try{} catch (Exception e){} ones. It did not matter what caused the error, as long as it was covered. For the business application, we tried to think about every possible situation that could go wrong. Each field in the record from system A (input) is checked if it matches the expected format when entering the program (some are human input) and each field in the record for system B (output) is checked if it matches the expeced format. In between, every translation or conversion is checked to be correct. Each error leads to a specific message where the error occured an what caused it. Each faulty record is fully processed and then rejected specifying all errors. This is something people probably never learn in Java classes. And many would not consider this fun. However, this is what programming in a business situation is or should be about. Making sure an application does only what it is supposed to do, nothing more, nothing less. And when something goes wrong, give a clear indication what went wrong. The best way to teach that? Probably make people curious on how things work. Stop teaching a specific programming language and let them solve a problem in natural language. Make several solutions part of a bigger problem. Solve that. And after that let the students translate the found solution to a programming language. Could be Java, C(++), Ada, Perl. Let them stuggle learning the language habits. Make learning the syntax part of the 'problem solving' proces.
Since the OP made a bad summary, ommitting the 'Cross Site Request Forgery' (CSRF) part, everyone is jumping on it. CSRF can be avoided by using two seperate browser sessions that are used independend and share no resources. It does not protect against mallware on the computer. It's no rocket science and I would not consider it extreme security browsing.
I have a full-time job and a relationship, so i don't always have time to play.
I still manage to get a couple of hours of gaming each day if I want to.
How?
Just talked it over with my gf.
She's not at home on Tuesday and Friday evenings, so I can play those evenings.
Furtermore, most of the time I can play about 1 - 1.5 hours on other evenings, right after dinner.
When I am really hooked, I get up early in the weekend and play a couple of hours until my gf gets awake (My alarm clock rings at 5:30 on weekdays, so getting out early is not a problem).
Only thing that the game needs for me are short levels or frequent save possibilities.
The only game I play right now is a online game (not WoW).
When I have little time, I just start helping others on short missions.
When I have loads of time, I try new missions/quests or help others on the harder/longer missions.
The other games I played are mostly FPS, so (unless playing on hardest difficulty) you have oppertunity to save.
And best of all, my gf also does game (other kind of games, except Unreal Tournament), so we can sit togetter when playing and inform about progression and stuff.
You should have demanded big $ from scoonline.com and tell them that you will show them your DOSS capacities.
You could have earned some $
I have talked about typing with a data-typist.
As she told me, keyboard layout does not really matter, as long as ou keep using the same layout.
When typing blind, with a dictaphone or from paper, she even manages to conversate with her colleguages. With typing speeds between 250 and 300 chars/min. According to her, typing is just 'moving the fingers without thinking'.
Imagine putting someone like her at an other keyboard layout.
I think it will be quite unreadable.
Or someone must write a program to convert the document to qwerty.
I've worked at the Netherlands Ministry of Housing, Spatial planning and the Environment (VROM in Dutch) about 4 or 5 years ago as an IT specialist. It's not only about the sysadmins. When I started working there, they were cutting the number of applications. As far as I remember, they were trying to cut from about 1500 different applications to about 600 to 700. Most of them were Windows applications. My grilfriend worked at a Dutch city hall. She had to support between 45 to 60 different Windows applications. Switching from MS software to something else could mean that most of these applications have also to be converted / substituted. That's not something that can be done easily. I can understand the short-time choice for MS software. But the negotiations with MS seem to conflict with government policy.
Dutch is also spoken in Suriname and The Netherlands Antilles.
The South African language is also related to Dutch. In Belgium, there are two main languages, French and Dutch.
Cert/CC has an article called "Before You Connect a New Computer to the Internet"