|
Volmarias posted:
That doesn't mean that everyone involved in information security as a discipline should be non-technical: quite the opposite. However, having IT responsible for information security is a fox guarding a henhouse. It's a huge conflict of interest.
|
# ? Apr 16, 2014 01:23 |
|
|
# ? May 25, 2024 04:08 |
|
Sickening posted:Wait, are you telling me that every 2 months you work 15 hour shift at work for 7 solid days? Yep, more or less, though we can do the monitoring from our laptops while at home at least. Still makes for a long week, though. Especially this week, since I get to do monitoring plus rebooting servers for kernel updates until 5 or 6AM this coming Sunday morning. I'm trying to get the weekend after next off to get some stuff done for my trip and maybe actually rest a bit, but it's not looking all that promising so far; already got one group who wants to do a major migration that Saturday night.
|
# ? Apr 16, 2014 02:00 |
|
Misogynist posted:Infosec in most larger organizations belongs to risk management, not IT. It's not inherently a technical profession, and the ability to understand the priorities of the business -- this often includes complex regulatory requirements like SOX -- is much more important than being literate with the implementation details. Adam Shostack's The New School of Information Security is a pretty great book about how having technical requirements drive information security is a huge waste of time, because most of the information within a company's network is completely worthless. While that's reasonable, the problem is that you have to have SOME level of domain specific knowledge to effectively manage an area. I'm not suggesting that the person needs to personally run Nessus against your network, but they need to actually understand what a firewall is and why it works, not just that it's a good idea to have one. e.g. caconym's post Caconym posted:I once got a nitpick from our security guy on a solution proposal that revealed that he didn't know that Oracle databases use SQL. So when I'd written about the need for firewall openings for "SQL ports" he thought I'd forgotten the "MS" first even after a two hour meeting discussing the Oracle database. Employees like this can be a drain on their organizations, not a benefit, because they create rules and policies based on misunderstandings, not facts. If the person doesn't actually have a technical background, they need to admit it to themselves, and lean on employees who do, rather than going full-on dunning kruger.
|
# ? Apr 16, 2014 02:18 |
|
AlternateAccount posted:Yes. JUST SAY NO to being on-call 24/7 unless it is reflected in your compensation package. And it should be a huge goddamn reflection. Don't buy into bullshit about how the calls are rare or how you're not the first person they might call, etc. This was my first salary job, and I didn't know what the hell I was doing in negotiations. The best thing I can say is that it's been a "learning experience". Mostly, I've learned that unless it's on paper, it doesn't count. I'm thinking I should write a tiny app of some sort so I'll have a non-work-related code sample to show prospective employers (so I can prove I'm not a mouthbreather). I want to .
|
# ? Apr 16, 2014 02:20 |
|
dennyk posted:Yep, more or less, though we can do the monitoring from our laptops while at home at least. Still makes for a long week, though. Especially this week, since I get to do monitoring plus rebooting servers for kernel updates until 5 or 6AM this coming Sunday morning. Thats pants on head retarded. You are a sucker. The employees you work with are suckers. There either has to be something I am missing because I don't know of a single person i have ever worked with that would do that job without some kind of super special compensation. You do realize you give up almost 6 weeks a year? Sickening fucked around with this message at 04:07 on Apr 16, 2014 |
# ? Apr 16, 2014 03:51 |
|
The last couple of weeks at work have been strange and just depressing. A long time coworker and previously my direct supervisor turned in notice and has moved to what sounds like an incredible job. He's been with this company for 15 years, knows a ton and more importantly, was a good person to work with. The people who know what is going on (everyone but management) are pretty worried, as no one else has his skillset and ability to use common loving sense to deal with problems. When he left our department, a coworker took over and he's one of more difficult people I've ever worked with. It was bad enough when I worked with him, working for is beyond frustrating. He is the 2nd high level IT guy to leave in 6 months, both of them left because of upper management being pants on head and not seeing a fix for it. So now morale is in the shitter since we can all see things aren't going to improve in regards to wages/staffing. So far, the only response from up top is to bring in a consultant to examine departments and make recommendations which will likely be ignored. A coworker is currently out with appendicitis and I'm envious of him.
|
# ? Apr 16, 2014 04:33 |
|
Misogynist posted:Infosec in most larger organizations belongs to risk management, not IT. It's not inherently a technical profession, and the ability to understand the priorities of the business -- this often includes complex regulatory requirements like SOX -- is much more important than being literate with the implementation details. Adam Shostack's The New School of Information Security is a pretty great book about how having technical requirements drive information security is a huge waste of time, because most of the information within a company's network is completely worthless. I disagree. If InfoSec reports in to the IT department, then sure: maybe it's a conflict of interest. Simply having a skillset relevant for assessing the effectiveness of something doesn't inherently result in a conflict of interest, however. On the contrary, it begets competence. Imagine a SOX auditor auditing a finance department, but who does not possess the skill to balance a checkbook. Now, imagine an information security auditor who does not understand firewalls; or the difference between FTP and SFTP; or what an SSL certificate is; or who cannot understand how HeartBleed works in less than a day. That's why information security people need to understand more than the legal definition of PII, PHI, etc.
|
# ? Apr 16, 2014 04:59 |
|
MC Fruit Stripe posted:This is a misconception that needs to stop. It's not as much of a misconception for the huge number of people here who are either the sole person responsible for their setup or on a very small team with very limited overlap. In my current position, there's literally no one else to call that can fix poo poo. The point is more that people should seek compensation for even the chance that they may be called, even when the hiring people tell them OH IT NEVER HAPPENS. The opportunity to call you at their whim is worth money.
|
# ? Apr 16, 2014 07:22 |
|
AlternateAccount posted:It's not as much of a misconception for the huge number of people here who are either the sole person responsible for their setup or on a very small team with very limited overlap. In my current position, there's literally no one else to call that can fix poo poo. Generally if an employer says you are on call disregard anything afterwards about it being a rare occasion and assume the worst case scenario.
|
# ? Apr 16, 2014 09:14 |
|
A buddy of mine is rostered to be oncall every other thursday night. He is paid for the time he is 'on call' and if he is actually called, overtime penalty rates apply. Pays for his date nights and babysitter ever time.
|
# ? Apr 16, 2014 12:26 |
|
Char posted:Nope. Run SCANPST.EXE on it if it keeps locking up during a migration.
|
# ? Apr 16, 2014 13:16 |
|
dennyk posted:Yep, more or less, though we can do the monitoring from our laptops while at home at least. Still makes for a long week, though. Especially this week, since I get to do monitoring plus rebooting servers for kernel updates until 5 or 6AM this coming Sunday morning. What the gently caress is wrong with you?
|
# ? Apr 16, 2014 15:15 |
|
A call from Robert Half came in, I think it was going okay until the measure of compensation coming in "My range is dependent entirely upon the responsibilities and duties required as well as other mitigating factors, I'd have to weigh those before I can put a price on my services." "Let me put this in perspective for you, people in your area w/ your bracket of experience are making 15 to 18.5 an hour" I politely told him to get hosed. Even if that is "Market rate" (Which it isn't) I'm not inclined to work with an rear end in a top hat who talks down to me regardless if he finds me a magical unicorn (Which with my experiences with RHT, won't happen)
|
# ? Apr 16, 2014 15:23 |
|
QuiteEasilyDone posted:A call from Robert Half came in, I think it was going okay until the measure of compensation coming in I generally feel free to poo poo on recruiting companies who bullshit me like that. We're at the point now where I can see the average pay in my area for people with my skillset in about two to three mouse clicks.
|
# ? Apr 16, 2014 15:30 |
|
Our HR department was recently gutted and when they brought new people in they decided to change every existing HR policy, without bothered to communicate those changes to anyone. The change that impacted us the most was making managers notify IT anytime someone has been hired, fired, or had their title changed. Which is really really stupid. And a bunch of managers didn't actually know they were supposed to be doing this. Cue two days worth of back and forth emails with HR regarding their policy, culminating in : I feel this policy needs to be better communicated to the managers. HR Lady : Ok, so do you want to send out an email about that? Or should I? YOU ARE HR. IT IS AN HR POLICY. argghhhhghghhhh
|
# ? Apr 16, 2014 15:53 |
|
Ynglaur posted:I disagree. If InfoSec reports in to the IT department, then sure: maybe it's a conflict of interest. Simply having a skillset relevant for assessing the effectiveness of something doesn't inherently result in a conflict of interest, however. On the contrary, it begets competence. Imagine a SOX auditor auditing a finance department, but who does not possess the skill to balance a checkbook. Now, imagine an information security auditor who does not understand firewalls; or the difference between FTP and SFTP; or what an SSL certificate is; or who cannot understand how HeartBleed works in less than a day. QuiteEasilyDone posted:A call from Robert Half came in, I think it was going okay until the measure of compensation coming in Vulture Culture fucked around with this message at 16:10 on Apr 16, 2014 |
# ? Apr 16, 2014 16:07 |
|
Sirotan posted:Our HR department was recently gutted and when they brought new people in they decided to change every existing HR policy, without bothered to communicate those changes to anyone. The change that impacted us the most was making managers notify IT anytime someone has been hired, fired, or had their title changed. Which is really really stupid. And a bunch of managers didn't actually know they were supposed to be doing this. Cue two days worth of back and forth emails with HR regarding their policy, culminating in HR is where secretaries go when they grow up. Nothing about her response should shock or surprise you. The disappointment should flow naturally.
|
# ? Apr 16, 2014 16:38 |
|
dennyk posted:Yep, more or less, though we can do the monitoring from our laptops while at home at least. Still makes for a long week, though. Especially this week, since I get to do monitoring plus rebooting servers for kernel updates until 5 or 6AM this coming Sunday morning. It's not enough
|
# ? Apr 16, 2014 16:44 |
|
Rhymenoserous posted:HR is where secretaries go when they grow up. Nothing about her response should shock or surprise you. The disappointment should flow naturally. I see you've never had experience with a functional HR department.
|
# ? Apr 16, 2014 17:11 |
|
Ynglaur posted:I see you've never had experience with a functional HR department. If you have, please enlighten us as to what working with such a beast is like. Most of us will never even see this mythical creature, let alone work with one. Does it look like this?
|
# ? Apr 16, 2014 17:28 |
|
It is a thing of wonder. If you have an HR question, you can ask someone, and receive an intelligible answer. Your recruiters pass along candidates such that when they ask me to interview someone, it's rarely a waste of my time (even if we end up deciding to say "no thank you"). Even cooler, I call the same phone number for the IT Help Desk and the HR Help Desk. I go through exactly one prompt, and it routes me to the right department. It's a little surreal, to be honest, having seen other HR departments at work.
|
# ? Apr 16, 2014 18:04 |
|
Yeah, to follow up on this, competent HR departments are like competent IT departments, or really any other department. We have all had experience with incompetent IT departments, or some in this thread have (or still do) worked in them. That doesn't meant that people in IT are all glorified computer janitors. Compare Dick Trauma to Tony. My current HR department isn't named HR, and they do some pretty magical things which I'm not even sure I can share. It gets better
|
# ? Apr 16, 2014 18:55 |
|
Why is there not more awareness that every lovely Coupon Saver / Free Coupon Downloader / Coupon Printer / %Coupon% program contains a torrent of malware that will gently caress your computer up? I have yet to see 1 legit coupon program, yet EVERYBODY thinks it's OK to install them. Problem: "Something is wrong with my computer it's acting weird and I can't get to google.com!" Step 1: remove coupon program that's GUARANTEED to be there Step 2: reboot Step 3: beg permission from client's owner to revoke admin privileges Step 4: get denied revocation and add that coupon program to universal blacklist Step 5: repeat a month later when a different coupon program is installed.
|
# ? Apr 16, 2014 19:24 |
|
It's like toolbars or Chrome. Most users are just so used to clicking next/next/next that they don't read anything and don't realize they're installing some bundled poo poo. This is why I've been trying to get my users to learn that: 1.) They aren't administrators and shouldn't be installing software. That's our job. 2.) They shouldn't be installing software because we need to either verify that it's free or if we need to purchase a license. 3.) We also need to make sure it's nothing malicious 4.) If they're a "power user" (they've been granted local admin rights) and have been trusted to install something themselves, they need to make sure they pay attention to what is going on, not just blindly clicking next.
|
# ? Apr 16, 2014 19:33 |
|
Judge Schnoopy posted:Problem: "Something is wrong with my computer it's acting weird and I can't get to google.com!" Step 3: User reinstalls, and bitches to your boss that you left their computer messed up and it's also still slow/weird/whatever.
|
# ? Apr 16, 2014 19:50 |
|
Pissing me off today: Java. gently caress Java. gently caress Java forever. Browsers are locked to a single version of a Java add-on/helper object/whatever. Your application needs one, specific JRE. Other applications require other, equally specific JREs. None of them can launch via Java Web Start, because they all want to be "web applications".
|
# ? Apr 16, 2014 20:23 |
|
Misogynist posted:Infosec in most larger organizations belongs to risk management, not IT. It's not inherently a technical profession, and the ability to understand the priorities of the business -- this often includes complex regulatory requirements like SOX -- is much more important than being literate with the implementation details. Adam Shostack's The New School of Information Security is a pretty great book about how having technical requirements drive information security is a huge waste of time, because most of the information within a company's network is completely worthless. This is probably the version of InfoSec we have. When I said non-technical if I gave him a server and said set that up as a DHCP/DNS server it would be a bad idea, but he would know what DHCP/DNS is it's the end of the world. In relation to my earlier contractor dilemma I emailed my IT boss and he raised the issue with the consultant directly, he said in his email other people had raised concerns but I think he might have done that to protect the names of the innocent (me) as I can't think who else might have raised it. I also happened to come across project owner in the car park so had an informal chat and he took the consultant to one side and said something... he gave me a wink and said we will catch up tomorrow so I expect feedback then. I think it was the right move.
|
# ? Apr 16, 2014 20:41 |
|
I an kind of baffled why my coworker needs the formating for how or tickets print out to be perfect. I really can't think of a good reason as to why he would need to print tickets and he can't give me one.
|
# ? Apr 16, 2014 20:58 |
|
TWBalls posted:It's like toolbars or Chrome. Most users are just so used to clicking next/next/next that they don't read anything and don't realize they're installing some bundled poo poo. But it's so much worse than toolbars. Toolbars I get because they're bundled and easy to miss if you're not paying attention. Toolbars usually don't do much damage either besides being annoying. Coupon software is actively sought out by users. They want it, they NEED it, and they download 7 different programs to save $1 on a 24 pack of Sprite. They have no idea how badly they're screwing over their computer or how much company data they're putting at risk, which is why it's so absolutely bizarre there isn't better awareness of the epidemic. You want coupons? You got em, plus DefaultTab, Conduit, BrowserSafeSearch, BetterSurf, 3 other proxy services, 2 spyware tools, and a rootkit to bring it all back if you uninstall! For free!!!
|
# ? Apr 16, 2014 21:11 |
|
jim truds posted:I an kind of baffled why my coworker needs the formating for how or tickets print out to be perfect. I really can't think of a good reason as to why he would need to print tickets and he can't give me one.
|
# ? Apr 16, 2014 21:14 |
|
Volmarias posted:Yeah, to follow up on this, competent HR departments are like competent IT departments, or really any other department. We have all had experience with incompetent IT departments, or some in this thread have (or still do) worked in them. That doesn't meant that people in IT are all glorified computer janitors. Compare Dick Trauma to Tony. My last company had a do-nothing HR department. Except for one woman, the benefits coordinator. She's an angel. She would go out of her way to help you if you had a problem, didn't understand a policy or a benefit or what insurance covered/didn't cover, et cetera. When I was first there I missed the open enrollment meeting for signing up for my 401k. Because I didn't open my goddamn mail like a dumbass, until the exact day after the meeting. So, kicking myself, I sent an email to her telling her that I done hosed up and missed the deadline, and when was the very earliest next time that I could sign up for my 401k please so that I wouldn't gently caress up again? She replied back with a pdf attached and said that she still had a stack of forms on her desk to process and that if I would like to fill this one out and just drop it off at her office by 1:00 she'd be happy to just add it to the pile. So I did, and didn't lose out on a significant amount of money. She didn't have to do that. I missed the mandatory meeting, the deadline, and it was entirely my fault. But she cared about her job and how she affected the other people working at that company, which let me tell you was absolutely NOT the prevailing attitude among the directorate. She's too good for them. So there, my "HR has good people sometimes" story.
|
# ? Apr 16, 2014 21:45 |
|
Volmarias posted:Yeah, to follow up on this, competent HR departments are like competent IT departments, or really any other department. We have all had experience with incompetent IT departments, or some in this thread have (or still do) worked in them. That doesn't meant that people in IT are all glorified computer janitors. Compare Dick Trauma to Tony. Ours is actually pretty good, they're not very needy, notifies us of terminations right away, seems concerned that the application side of the IT department is looking grim (long, boring story, doesn't affect me all that much), and I've been able to call any of them up and get an answer on something if I need it almost straight away. Plus the one guy who interviewed me was awesome and told the CIO "if I was you, I would hire him right now" after my first round of interviews. I'm more than willing to do favors for him if he asks and he's more than willing to give me locally-made chocolate bars in return
|
# ? Apr 16, 2014 21:58 |
|
Ynglaur posted:Pissing me off today: Java. gently caress Java. gently caress Java forever. Browsers are locked to a single version of a Java add-on/helper object/whatever. Your application needs one, specific JRE. Other applications require other, equally specific JREs. None of them can launch via Java Web Start, because they all want to be "web applications". If your Java application is requiring some specific JRE version, it is usually a sign that it is a terribly coded application. I would describe it analogous to all the applications that require a specific version of IE.
|
# ? Apr 16, 2014 23:00 |
|
E: ^^^^^^^^^^^^^^^^^^^^^^ Ahaha my company has this issue with their software We're a market leader somehow. sfwarlock posted:Step 3: User reinstalls, and bitches to your boss that you left their computer messed up and it's also still slow/weird/whatever. Step 4: Point at your work logs and laugh. Get back to doing your work. The amount of times i've had to do this in this job so far (its almost 8 months of getting paid for doing IT poo poo now! ) is loving astounding. People are assholes.
|
# ? Apr 16, 2014 23:12 |
|
dogstile posted:Step 4: Point at your work logs and laugh. Get back to doing your work. Log files? That sounds like entrapment, mister.
|
# ? Apr 16, 2014 23:15 |
|
Ynglaur posted:Java. gently caress Java. gently caress Java forever.
|
# ? Apr 16, 2014 23:18 |
|
Java rules. And I say this as an IT worker who is looking to get out of IT and into Java development But seriously though, every time the Air Force pushes Java updates it breaks Java for maybe 50% of our users. And most of those people only ever use it to submit timesheets. 2PM on the Friday after a Java update is always fun
|
# ? Apr 16, 2014 23:28 |
|
Java the language is okay I guess. Java Runtime is a piece of poo poo that someone should loving hang for.
|
# ? Apr 16, 2014 23:53 |
|
I once worked on a machine for somebody that had seven different versions of java installed in parallel Seven versions of java in the appwiz, seven different java icons in the control panel They had been updating by downloading the newest version from java.com and not allowing java to uninstall older versions somehow If you want some REAL bullshit, work with a hotel that uses unupgraded Opera PMS for their day to day business use. Micros is the devil
|
# ? Apr 17, 2014 01:25 |
|
|
# ? May 25, 2024 04:08 |
|
Collateral Damage posted:What are you getting paid for giving up your social life? Definitely not enough, even though I'm more or less a hermit by choice anyway. There are a lot of good points about the job (pay is decent, commute is awesome, and the people I work with are great), but I really am starting to feel a bit burned out by all the extra hours.
|
# ? Apr 17, 2014 01:51 |