Security's Everyman

Security's Everyman

Sunday, May 20, 2007

My new gig

I'm excited to start my new job tomorrow. Not just because it brings in a pay check again, but because it will be interesting to see things from a different perspective. This will be my first purely security job. No more network admin responsibilities and no more trying to piece together free technologies to make a make something work as I want it to. I'll be working in an enterprise environment for the first time also. No more "small shop blues". I will finally have others at work that I can bounce ideas off of and talk to about concerns regarding security. I can get feedback from real live people instead of via email, posts and forums. I will get to experience what it's like to be in an environment where they have real tools to use. Where security is (at least in perception) taking seriously.

I read this post which pointed me to this post and it got me to thinking about my last job and how things would be different at my new job. Or will there be and difference? I sure hope so, but you never know.

When I left I had been preparing for this for about a week. I knew that this was a highly likely possibility that I would be laid off. Then as I wrote in my post about being laid off the morning that I was laid off I knew it just as soon as I walked in the door that day. I had spent the week getting things in order. I had ensured that I had backups of all data on my laptop that I needed. Not company data but personal things. I could have easily taken copies of ALL data on the network if I so desired. I had the access rights to EVERYTHING and if something had been set up so that I couldn't access it casually with my admin level rights I had the account info to get access to it. Obviously I had access that only myself and one other person had, but there wasn't any "real" protections in place to prevent the average user from taking anything that he/she had access to. It wasn't because we didn't want or have a need for it, but because we didn't have the money or staff to implement it.

Now that I am going into an enterprise environment it will be interesting to see what kinds of data protection they have in place. Will it be just as easy for someone to walk out the door with what they want or will there be things in place to either prevent it or at least make it VERY difficult. Unfortunately these are things that I probably won't be able to blog about. I'd love to be able to tell the story, but by doing so I will be giving away too much info that could be used against us. I'll have to see what I can do, but don't count on hearing much about it.


6 comments:

rybolov said...

So are you changing your name to "Andy, SecurityGuy"??? =)

And oh yeah, welcome to the dark side.

Andy, ITGuy said...

I thought about Andy, SecurityGuy but it just doesn't have the same ring to it. :)

Michael R. Farnum said...

Congrats, Andy!

Allen Baranov, CISSP said...

Hi Andy,

Well done on your new job. If you are going to be Andy, SecurityGuy then you may need this:
New Suit and Tie

Andy, ITGuy said...

Not exactly the same security, but i'm sure it would get attention the first day on the job. :)

Anonymous said...

Would be interested to hear what role (if any) having the blog played in finding the new position. And if you can tell us - what the position is?
Congrats!

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.