Computerworld - In my previous column ["Enough! I Quit!" QuickLink 51579], I explained how I left my position to seek more amicable pastures. I am now working for a manager who is not only amicable, but also reasonable, intelligent, kind and mature. How did I find such a catch? I know the guy. I worked with him many years ago, and I always stay in touch with friends, ex-bosses and former co-workers. Rule No. 1 in this industry is to keep your network alive, keep your contacts list up to date and be willing to do a good turn for a colleague. It always comes back to you. When my new boss found out I was looking for a job, he recalled the weekends that I had helped him out on a critical project and immediately offered me a position.
It's a public-sector job, so I had a few mental adjustments to make. I'm working for a division within a very large government bureaucracy, and how I do my job will be very different from the way I operated in the private sector. For one thing, budget cycles are very long, so long-range planning is critical to getting funds allocated to specific projects.
Security managers always have endless to-do lists, but my position isn't well funded, the division isn't well funded, and there's no money to even hope to address the to-do list within three years.
When beginning a new job, I always identify the quick-hit list, problems that can be solved within the first 30 days of employment. I want to prove my worth, but upper management tends not to see security tasks -- tightening firewall rules, fine-tuning virtual private network performance, making sure the latest operating system patches are installed -- as critical. I needed to identify some issues that I could address and that management would think were worth tackling.
Within the first week, I performed a network scan, reviewed documentation and interviewed my direct reports to get a feel for the network and security architecture. I found that our division was attached to the larger government network, so our security was dependent on a vast array of network devices outside of our control. And the larger organization controlled our endpoints (that is, the routers). I realized I'd have to network diligently within the larger organization if I was going to make any headway in improving our division's security without making enemies. I needed to spend time understanding the political climate; no charging in and demanding change. As the
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
