Monday, September 17, 2007

A Possible Future

I doubt that my group will likely survive past December of next year at best, and may be this December at worst. Senior management was sold a bill of goods by the senior manager responsible for our group so that he could keep his job and status. Instead of providing actual internal IT security for our firm, we are basically just a policy enforcement arm of HR. We terrorize the average employee for downloading mp3s and catch the occasional child porn offender while executives and administrative staff are allowed to accept and send credit card, wire transfers, business plans and other sensitive information to and from clients, vendors and service providers via unencrypted email. I couldn't get a keylogger ticket accepted because I couldn't prove that the person downloaded the software. I can only prove intent in those cases. So, in other words, we are only allowed to catch idiots, and we are not allowed to change fatally insecure business practices. As our fellow employees realize that their actions are being monitored and they modify their behavior, or are fired for it, our ability to generate the same number of tickets will decrease over time, a decreasing series converging to some number or limit approaching close to, but not equal to, zero. The fact that almost all worms have keylogger activity, are professionally made for criminal enterprises now, and are coded to evade almost all anti-virus scanning software means that sooner or later my firm will experience a major loss since we are a Windows shop. My unit's inability to affect real IT security policy coupled with our inability to maintain performance levels due to our successes and other factors will likely spell my unit's demise. My managers believe otherwise.


Humans are notoriously bad at caring about the big picture -- or even seeing it. Nice that you can.

I wish you well on your job; it sounds like an interesting field. Perhaps the senior manager responsible for your group will leave. If not, at least you have a good guess as to what's coming and can start looking elsewhere for employment, when you feel it's appropriate.
I agree with Night Sky's useful advice John.

On the bright side you write a good blog so I've linked up with it.


(from Oz)

Leave while you can. Become a consultant. Sell your services to your (now former) company.
Post a Comment

Links to this post:

Create a Link

<< Home

This page is powered by Blogger. Isn't yours?