Re: security not a big priority?



I was once in a situation like this and to be honest you have to weigh
the situation. No where you go will security ever be where you want nor
at the level of priority that you would like. However weigh multiple
options such as;

1 - is this place where I can learn,
2- is this a place I can learn how to build security from the ground
up, regardless of how hard it may seem in the beginning.
3 - Can I make a difference in the long term 2-3 years

just a few things to think about,

oh by the way what did I do in the same situation, I toughed it out for
2 years, learning how to start security from nothing and develop a
position that had never existed. These where great learning experiences,
during this period I slowly tried to not only address technology and
policy issues but most importantly culture and perception towards
security, especially with management, but this also includes the Admins
and end-users. Learn how to connect/align security with operations in a
way that it supports operations and goals and learn how to explain it to
your boss in this way to help get more support. Of course this always
doesn't work but hey its a golden opportunity to learn. At the end of 2
years I made some ground but learned a tremendous amount of very
valuable skills. Also after I figured out I couldn't learn much more or
make much a difference;

I got the hell out of dodge, let them figure it out and eventually I
moved on and up



On Wed, 2007-02-14 at 15:32 -0600, Francois Yang wrote:
So I have a problem and like to know what you guys think.
I'm a Security Analyst at an Education institute. A community college
to be more precise.
So I was brought on board to address security issues and work on
making this place a better place. Now the problem is.
1. I'm in the network operation team. no security group.
2. My boss doesn't seem to know much about security.
3. My boss doesn't seem to think highly of security since all my
projects seems to be of low priority.
4. I have a long list of things that needs to be done and they are all
waiting for the engineers to work on it. But again they have better
things to do.
So what am I suppose to do? look for another job? :)
anyone run into this problem before?
I'm at the point where I'm not sure what to do.


Thanks.


--
Sincerely

Jason P. Rusch, CISA/CISSP/N+
Information Security Manager
Wesley Chapel, FL 33543
saltynetguru@xxxxxxxxxxxxxxxxx
www.infosec-rusch.com


"There is no patch for stupidity"

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer.



Relevant Pages

  • Re: security not a big priority?
    ... I was once in a situation like this and to be honest you have to weigh ... No where you go will security ever be where you want nor ... My boss doesn't seem to know much about security. ... entities other than the intended recipient is prohibited. ...
    (Security-Basics)
  • Re: Perhaps the most OBVIOUS question you will ever see.
    ... Pocket PC wireless or SQL Server security. ... You and your boss are not suited for a working relationship. ... If you're a network admin or have another related ... >I work at a place where we have a myriad of wireless access points and NO, ...
    (microsoft.public.security)
  • Re: Perhaps the most OBVIOUS question you will ever see.
    ... Pocket PC wireless or SQL Server security. ... You and your boss are not suited for a working relationship. ... If you're a network admin or have another related ... >I work at a place where we have a myriad of wireless access points and NO, ...
    (alt.computer.security)
  • RE: RE: Value of certifications
    ... entities other than the intended recipient is prohibited. ... Security' that may be interesting. ... My employer will not pay for certifications, ... you're in is a very good place from which to build your skills. ...
    (Security-Basics)
  • Re: Manifest Files & VS2005
    ... I'm fairly new to .NET app security and manifests. ... confused - if the manifest file is embedded into the assembly, ... If I choose "This is a partial trust application" and then include some ... Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee or agent of a system responsible for delivering the message to the intended recipient, is prohibited. ...
    (microsoft.public.dotnet.languages.csharp)