Put Up or Shut Up
I’ll have to say, moving from an organization that pushes back on change and external recommendations to one that embraces, analyzes, and implements recommendations and initiatives has certainly challenged me mentally. It is definitely time for me to “Put Up or Shut Up” when it comes to implementing a enterprise level security framework that integrates with the processes and procedures of the IT and development departments. Lucky for me the Department of Defense already recognizes the importance of information security and they have mandated many aspects of ISO 17799:2005. It is documenting the procedures and bringing them together so that each aspect augments the other that has proven an interesting, but so far not difficult, challenge.
For the last two months I have been working every minute at work. My blog reading has really suffered and it definitely makes me feel “out of the loop” on a lot of issues. Part of it is because by the time I get home I am done looking at a computer and ready to unwind. The most I usually bring myself to do is catch up on my emails to see if any of the other projects I am working on require attention. And even those projects have suffered a bit as you can see from my one month blog hiatus.
It is also a little difficult for me to break down what I want to write about. I have often started thinking about writing a post only to realize that after time a picture of security within my organization could be built by bits and pieces of my posts. The software we are using, steps we are taking, methods we have employed. Although initially seemingly innocuous could lead to “the death of a thousand cuts.” Another problem has been the fact that most of what I do is management. I provide leadership and guidance, get the ball rolling in certain directions, collect all of the information to try to find trends and determine cost, and act as the “face of security.” I even broke down last night and purchased a copy of Security Metrics which just reminded me that I have not been reading my feed list as I completely forgot about the SecurityMetrics blog.
All in all I just wanted to get something out there to let you all know that my one month blogging vacation is over. I am going to make a concerted effort to weed out the things I feel comfortable speaking about. This probably means that I’ll be moving away from some of my technical stuff and more towards developing and implementing processes and metrics. Such is my life.
Go forth and do good things,
Don C. Weber
security, metrics, process, Security Ripcord, Security Metrics, ISO 17799:2005
Help support my training and travel to security conferences. Get your SANS Training and GIAC Certifications through the Security Ripcord.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
January 23rd, 2008 at 12:57 pm
Cutaway, I went through the same thing when I changed job focus and had to be more careful about what I wrote about. Plus I wasn’t sure how to take the stuff I could write about and make it something that others would want to read. Hopefully I have broken that barrier. I look forward to you getting back into the thick of things. Drop in the silc channel when you can. Talk to you later.
Andy
April 18th, 2008 at 4:24 am
[...] posts have been a little sparce recently. I did address that a little bit by explaining that my new job had a higher risk when it comes to talking about issues, situations, [...]