But how much time do you think he gets to work on those things? The current approximation is about five hours or less a week. It turns out his Unix admin skills have proved to be more valuable to management because he now manages the Unix-based virtual server environment, Linux-based network and host monitoring system, and a few Linux servers that the sysadmins weren't knowledgeable enough to properly manage themselves.
Every time I talk to him and hear his war stories, I'm disappointed. For those of you managers out there, stop making your security guys double as sysadmins, network administrators, and help desk technicians. I can name about a half-dozen people in a similar boat, both in the private sector and academia. It's not a particular industry that is indicative of the problem.
From speaking to my friends, the real issue seems to be about a lack of respect for information security. The organizations they work like saying they have an IS department, even though the individuals in those positions have little power and do very little security. If you're one of these managers, show a little love and respect for IT security. The guys in those jobs might just save your company from a humiliating data breach -- or worse.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.