I was once in a situation like this and to be honest you have to weigh
the situation. No where you go will security ever be where you want nor
at the level of priority that you would like. However weigh multiple
options such as;
1 - is this place where I can learn,
2- is this a place I can learn how to build security from the ground
up, regardless of how hard it may seem in the beginning.
3 - Can I make a difference in the long term 2-3 years
just a few things to think about,
oh by the way what did I do in the same situation, I toughed it out for
2 years, learning how to start security from nothing and develop a
position that had never existed. These where great learning experiences,
during this period I slowly tried to not only address technology and
policy issues but most importantly culture and perception towards
security, especially with management, but this also includes the Admins
and end-users. Learn how to connect/align security with operations in a
way that it supports operations and goals and learn how to explain it to
your boss in this way to help get more support. Of course this always
doesn't work but hey its a golden opportunity to learn. At the end of 2
years I made some ground but learned a tremendous amount of very
valuable skills. Also after I figured out I couldn't learn much more or
make much a difference;
I got the hell out of dodge, let them figure it out and eventually I
moved on and up
On Wed, 2007-02-14 at 15:32 -0600, Francois Yang wrote:
So I have a problem and like to know what you guys think.
I'm a Security Analyst at an Education institute. A community college
to be more precise.
So I was brought on board to address security issues and work on
making this place a better place. Now the problem is.
1. I'm in the network operation team. no security group.
2. My boss doesn't seem to know much about security.
3. My boss doesn't seem to think highly of security since all my
projects seems to be of low priority.
4. I have a long list of things that needs to be done and they are all
waiting for the engineers to work on it. But again they have better
things to do.
So what am I suppose to do? look for another job? :)
anyone run into this problem before?
I'm at the point where I'm not sure what to do.
Thanks.
--
Sincerely
Jason P. Rusch, CISA/CISSP/N+
Information Security Manager
Wesley Chapel, FL 33543
saltynetguru@infosec-rusch.com
www.infosec-rusch.com
"There is no patch for stupidity"
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer.
