Comments on: One of the reasons I am getting out of security management… http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/ Commentary on the State of Information Security Sun, 10 Jan 2010 16:13:08 -0700 http://wordpress.org/?v=2.9.2 hourly 1 By: An Information Security Place » Blog Archive » Karn says we should all get out http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/comment-page-1/#comment-813 An Information Security Place » Blog Archive » Karn says we should all get out Thu, 14 Sep 2006 21:26:42 +0000 http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/#comment-813 [...] Karn Griffen over at the the Information Security Gurus blog mentions my post about getting out of security management.  He has a good post today about how we should all be getting out of the front lines when there are so many possibilities with outsourcing.  He also commented on that same post, where he said the following: If I can turn on secure networking services, complete with IPS, Virus, Spam filtering, etc. and the company I outsource this to will provide me an SLA that guarantees the service parameters I’m looking for, why would I bother with a full-time person (or more) to do these things. [...] [...] Karn Griffen over at the the Information Security Gurus blog mentions my post about getting out of security management.  He has a good post today about how we should all be getting out of the front lines when there are so many possibilities with outsourcing.  He also commented on that same post, where he said the following: If I can turn on secure networking services, complete with IPS, Virus, Spam filtering, etc. and the company I outsource this to will provide me an SLA that guarantees the service parameters I’m looking for, why would I bother with a full-time person (or more) to do these things. [...]

]]> By: Michael Farnum http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/comment-page-1/#comment-721 Michael Farnum Fri, 08 Sep 2006 20:32:01 +0000 http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/#comment-721 Karn, Thanks for reading. I have researched outsourcing as a possibility, and I proposed several solutions in my tenure here. The issue with my current employer is that it is hard for a SMB to justify a full-time security manager along with outsourcing costs. Basically, they question why they have a security manager in the first place. They just don't understand the full amount of work that is involved in keeping a network secure. And even if they did, it does not guarantee that they would do anything to alleviate the burden. Hey, I'm salary. They pay me the same no matter if I work 40 hours a week or 60. By the way, now that I am leaving, outsourcing is on its way in here big time. That just proves my above point. Michael Karn,

Thanks for reading. I have researched outsourcing as a possibility, and I proposed several solutions in my tenure here. The issue with my current employer is that it is hard for a SMB to justify a full-time security manager along with outsourcing costs. Basically, they question why they have a security manager in the first place. They just don’t understand the full amount of work that is involved in keeping a network secure. And even if they did, it does not guarantee that they would do anything to alleviate the burden. Hey, I’m salary. They pay me the same no matter if I work 40 hours a week or 60.

By the way, now that I am leaving, outsourcing is on its way in here big time. That just proves my above point.

Michael

]]> By: Karn Griffen http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/comment-page-1/#comment-719 Karn Griffen Fri, 08 Sep 2006 19:02:19 +0000 http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/#comment-719 Michael, I just found your blog today, and have added it to my reading list (and my list of links on my blog). I went back and read your list of daily functions. No wonder you are frustrated! In reading the list, it occured to me that most of the items you listed have now become fully outsourced products, or managed services offerings. It seems that someone of your technical talent, experience, and industry knowledge should be doing something other than updating IPS signatures and delivering blocked emails! The truth is that us network geeks are getting pushed out of the building. If I can turn on secure networking services, complete with IPS, Virus, Spam filtering, etc. and the company I outsource this to will provide me an SLA that guarantees the service parameters I'm looking for, why would I bother with a full-time person (or more) to do these things. There is a company here in Los Angeles advertising on the big radio stations that offers SMBs that very option. They drop thin client machines on every desktop, and just turn on services, Word, Excel, Quickbooks, whatever is needed. There are no servers, no gateways, no VPNs, no IPS, to anti-virus mess, no patching to worry about. Just show up and use your tools. Maybe one day we will just buy our computers in a blister pack at WalMart, and get all of our services from (gasp!) AT&T. Nice blog, keep up the fight! Karn http://security-gurus.blogspot.com Michael,

I just found your blog today, and have added it to my reading list (and my list of links on my blog). I went back and read your list of daily functions. No wonder you are frustrated! In reading the list, it occured to me that most of the items you listed have now become fully outsourced products, or managed services offerings.

It seems that someone of your technical talent, experience, and industry knowledge should be doing something other than updating IPS signatures and delivering blocked emails! The truth is that us network geeks are getting pushed out of the building. If I can turn on secure networking services, complete with IPS, Virus, Spam filtering, etc. and the company I outsource this to will provide me an SLA that guarantees the service parameters I’m looking for, why would I bother with a full-time person (or more) to do these things.

There is a company here in Los Angeles advertising on the big radio stations that offers SMBs that very option. They drop thin client machines on every desktop, and just turn on services, Word, Excel, Quickbooks, whatever is needed. There are no servers, no gateways, no VPNs, no IPS, to anti-virus mess, no patching to worry about. Just show up and use your tools. Maybe one day we will just buy our computers in a blister pack at WalMart, and get all of our services from (gasp!) AT&T.

Nice blog, keep up the fight!
Karn
http://security-gurus.blogspot.com

]]> By: Anton Chuvakin http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/comment-page-1/#comment-708 Anton Chuvakin Wed, 06 Sep 2006 22:47:47 +0000 http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/#comment-708 OF COURSE, you are making the right move SINCE you are moving from being a Security Manager (aka "All the responsibility and none of the power") to a noble vendor role!!! OF COURSE, you are making the right move SINCE you are moving from being a Security Manager
(aka “All the responsibility and none of the power”) to a noble vendor role!!!

]]> By: Christofer Hoff http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/comment-page-1/#comment-695 Christofer Hoff Wed, 06 Sep 2006 14:04:35 +0000 http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/#comment-695 Welcome to the darkside, baby! Been there, done that, bought the T-Shirt! ;) Hoff Welcome to the darkside, baby!

Been there, done that, bought the T-Shirt! ;)

Hoff

]]> By: Security Incite: Analysis on Information Security http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/comment-page-1/#comment-693 Security Incite: Analysis on Information Security Wed, 06 Sep 2006 11:46:31 +0000 http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/#comment-693 <strong>The Daily Incite - September 6, 2006...</strong> September 6, 2006 - #110 Good Morning: Greetings from Beantown. Flew up yesterday (yes, flying is still miserable) for The Security Standard show at the Hynes. If any of you are going to be there, check out my session at 3:20 this afternoon on st... The Daily Incite – September 6, 2006…

September 6, 2006 – #110 Good Morning: Greetings from Beantown. Flew up yesterday (yes, flying is still miserable) for The Security Standard show at the Hynes. If any of you are going to be there, check out my session at 3:20 this afternoon on st…

]]> By: Alan Shimel http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/comment-page-1/#comment-686 Alan Shimel Wed, 06 Sep 2006 05:01:17 +0000 http://infosecplace.com/blog/2006/09/05/one-of-the-reasons-i-am-getting-out-of-security-management/#comment-686 Michael - don't be discouraged. You fought a better battle than most I have seen. Take your new job for a while and grow with it. There may still come a time when you are back on the "front lines", but maybe this time leading the troops and plotting the strategy. Good Luck with the new gig and keep your chin up, you are still fighting the good fight ;-) Michael – don’t be discouraged. You fought a better battle than most I have seen. Take your new job for a while and grow with it. There may still come a time when you are back on the “front lines”, but maybe this time leading the troops and plotting the strategy. Good Luck with the new gig and keep your chin up, you are still fighting the good fight ;-)

]]>