I have a Compliance Analyst working for me that I lured away from my old team at the hitherto unnamed financial services company. She spends much of her time trying to run down the data squirreled away across our sprawling current employer so we can create some semblance of risk reporting. I think, from a recent conversation, that she is just a bit worried by the big, shiny, new host scanning tool we are implementing. We all get into a groove where once we have become comfortable with the expectations of our role, we can just shift into Drive and head down the road, dealing episodically with the inevitable traffic jams and fender-benders.
I hope I assuaged her concerns when I observed that she is actually more valuable to the company, and harder to replace, when she no longer has to spend her time hunting down data. The experience from doing that grinding work, along with better analysis tools, her knowledge of security and the company means she is now the person who can manage our enterprise compliance relationships and provide management with a qualitative assessment of what all those noisy data points mean.
But, after reading Sam Dekay’s recent article on this site, I wonder what you do as a network security specialist once some vendor invents a way to manage and monitor firewalls without needing your expertise? Granted, vendors often cannot get out of the way of their own marketing departments who are so busy ensuring the tool is so laden with gee-whiz buzzword features that just downloading the firewall rules to a text file dims the lights. However, I have run across a few people, like Steve Slater of Security Compliance Corporation, http://www.securitycompliancecorp.com/ who are not traditional security practitioners, but who seem to understand the business need to do reasonable security at a manageable cost.
Popularity: 1%
One Trackback
[...] the whole article here. [...]