I'm "borrowing" the title of John Hodgeman's book, because that's what popped into my head when trying to come up with a title for this post, which is just to sort of set the initial direction for this blog. I started out my IT career right after graduating with my undergrad business degree. Like a lot of kids starting school, I had no idea what I wanted to do when I grew up. I sort of defaulted to the generalist degree of Business Administration, and I've been a bit of a generalist ever since. The downside to that is that I'm not an expert in any one field, but the upside is that I have varying degrees of expertise in lots of areas. And these days, a Google search can help me solve problems I couldn't otherwise address.
I kind of naturally gravitated toward Systems Administration, and it kind of stuck. I've been SysAdmin for lots of different types of systems. I started out with NetWare 3.11 and DOS/Windows. I was able to stay on the the NetWare/Windows train through version 6.5 and Windows 2003. At that point, I was a US Defense contractor, and our government oversight folks didn't like the fact that the DoD didn't produce security guides for NetWare. So I migrated the file/print aspects of our network services to SuSE Linux, since Novell had just ported all of their stuff (eDirectory, NSS, etc.) over to Linux. I had used Linux previously for personal projects like MythTV, OSSIM, file services, etc., but hadn't had much opportunity to use it in a production environment. The migration of production services from NetWare to Linux was a fun challenge, and I've maintained a focus on Linux since. The place I just came from still had one NetWare-based network, but it had long since stabilized to the point that I very rarely had to do anything to it.
In the midst of all of this SysAdmin stuff, I was asked by our IT Director to become the manager of the IT Security team to address some open issues. I did that for two years, and if I had to summarize what I took away from there, I would say the discipline of IT Security (or Information Assurance, or whatever you want to call it) should revolve around the risk management. A quick Google search on the CISSP Domain of Information Security Governance and Risk Management will give you the background on this, as well has how to calculate the financial risks to the business. And that's how the decisions should really come down -- are the security measures we're contemplating really worth it? That can be difficult to quantify, but that's where the expertise comes in.
After those two years, I became the manager of the infrastructure team, which basically covered everything in the data center, including servers and associated OSes, databases and core network infrastructure. So I was back to being an IT generalist, only in a management capacity. That was interesting, but really stressful, especially where I was. After almost 10 years at one place, I decided I needed a change, and I wanted to take a break from management.
So here I am, and have been for the last year, a SysAdmin. I primarily support Linux and HP-UX, but I also help out with our Windows, VMware, AIX and Solaris systems, and various networking components, including switches, routers and firewalls. I'm having a great time, and I'm hoping to share stuff with you as I go.
No comments:
Post a Comment