Site icon Liquidmatrix Security Digest

Don’t quit your day job…

It’s yet another Friday, and I find myself finally getting to my (theoretically) weekly posting.

It’s not been a kind week.

It’s actually been one of those weeks where it seems that nothing is going properly.

It’s been the kind of week where:

  1. a “network security specialist” explained to me that a point-to-point link from BT Radianz was a secured line.
  2. I took my time and informed the people in the meeting that we were already utilizing BT Radianz for another purpose and we would be sharing one end of the infrastructure and therefore I knew that it wouldn’t be a point-to-point line. And that all “cloud” based technologies are currently insecure.
  3. the specialist tried to argue with me – talking over the BT Radianz staff on the con call who were trying to agree with me.
  4. I didn’t leap through the polycom to strangle him.
  5. a Solaris 8 server spontaneously rebooted (no kernel panic) during the “stop” operation of the new HIDS being installed.
  6. the technician assigned to us by the HIDS vendor said “reboots happen all the time”
  7. I didn’t leap through the polycom to strangle him
  8. one of my proteges had a very productive week and wrote some cool scripts that get the attention of a “blinkin lights and shiny things” guy like me.
  9. I had a whole bunch of high level strategy work to do that I couldn’t get to due to low-level tactical firefighting
  10. I didn’t gnash my teeth in rage and stomp around like a petulant 3 year old.

Can anyone identify the thing that I did completely wrong?

Yup.

I should’ve been able to pass off the technical, tactical *minutia* to a competent lieutenant.

I am overqualified to argue with a network technician who doesn’t understand networking.

I am overqualified to do troubleshooting on an IDS implementation project.

My job as CISO is not to be a technical wizard.

My job is to work through strategic direction issues and manage the risk profile of the organization.

I spent 5 long working days this week as an utter failure.

I should be furious with myself.

If I was my boss, I’d be furious with me.

I had a long discussion this afternoon with the CIO (in our organization, the CISO is a direct report of the CIO) and outlined to him my failures of the week.

As part of the mentoring that he provides me – he explained that he often finds himself in the same place — taking over the technical stuff because that’s where he came from and he’s more competent than many of his lieutenants. He also explained that what I need to do is to block time to spend solely on the higher level stuff.

And then he told me to find a new lieutenant.

I think I will.

But first, I’m going to take a few minutes on a Friday night to write down my top three NON-TECHNICAL priorities for Monday morning.

I’m not quitting my job yet. Have you had a week that deserved to be better? Share with us in the comments – there’s lots more readers than we’ve ever had before and I’m certain that a few of you are willing to share.

See you next week.

[tags]security management, ciso, strategy, technical minutia, time management[/tags]

Exit mobile version