[NBLUG/talk] acceptable risk

Steve S. northbaygeek at gmail.com
Wed Nov 20 09:18:36 PST 2013 

I've got to agree with Mr. Blick:
   "... not your job... stuck their neck out... not welcome... even if
you... end up on the security team... you'll be frustrated ..."
As he notes, security can be a "non-visible" thing (as can other areas
of IT)... it can appear to the naive executive eye as an infinite
black-hole of money-suck, which needs to be firmly reined-in (often to
the degree that it's almost a pointless exercise to put ANY resources
into...).

The possible exceptions I see:
 1. There's already been a serious security breach, and the company's
reputation/clients/products/etc are at-risk; they HAVE to do this, and
they have to do it RIGHT (not just pro-forma), probably because there
will be external audit/scrutiny.
 2. There's a REALLY ardent security-minded "organizational champion"
-- someone with a LOT of clout (probably bearing a title like
"Director" or "VP" or the like) -- pushing this as their top (or one
of the top-3) priority-items, and not willing to settle for
half-assed.


Best of luck!

On Wed, Nov 20, 2013 at 9:03 AM, Bob Blick <bobblick at ftml.net> wrote:
> On Wed, Nov 20, 2013, at 08:13 AM, Kendall Shaw wrote:
>
>> I am employed as a computer programmer. Security polices are being
>> developed where I work. It is not my job to deal with the issue, but it
>> is going to affect my ability to do work. One major concern that I have
>> is that it doesn't appear to me that people understand the concept that
>> you can never be 100% secure.
>
>> Do you have any advice?
>
> Hi Kendall,
>
> Just my two cents, I'd advise learning about the situation as much as
> possible, but since you say it's not your job, I'd really advise keeping
> out of the way. That's just me speaking from the standpoint of someone
> who has stuck their neck out before. It's usually not welcome, and if
> you like your job otherwise, keep it or else look for another job.
> Because even if you try to help in a constructive way and end up on the
> security team, most companies don't want to invest a lot of resources in
> non-visible things, and you'll be frustrated when you are asked to help
> develop a system they don't want to do right. Or maybe they are just not
> super smart, in which case, look for another job anyway, because it's
> much more fun working with smart people.
>
> Friendly regards, Bob
>
> --
> http://www.fastmail.fm - The way an email service should be
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk



-- 
"When I became a man I put away childish things, including the fear of
childishness and the desire to be very grown up."      -CS Lewis

More information about the talk mailing list