All I kept thinking was how they needed to spend some time learning about simple things like logging on on their systems, centralized log management and regular log review. Learning more about the built-in firewall functionality in the different operating systems they used and how it could be used to layer the protection offered by their network firewall. And, so many more things that aren't rocket science.
The issue seems to be that they had settled down into their comfort zone and liked it there. Each person had their own specialty and very little effort was made to cross-train on the different job duties so their was adequate support when one of them was out of the office. The only time change occurred was when it was forced from above and it became inevitable; never because it was self-motivated.
If you find yourself never stepping outside your zone, it's time for a kick in the butt. IT is an ever-changing field, but specifically IT security is an area that requires constant attention, learning and a broad range of abilities that often include things like writing reports or making presentations.
As the author stated, "the main goal here is to push yourself and find new ways of thinking about problems you see in your daily work life." I like that. Now, if we can only instill this into other people we deal with on a daily basis...
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.