On Security (part the first)
How it was told to me, by the late Bonnie Parr: The Maryland Institute, College of Art, had established a student run security force sometime in the late 70s. The campus, a collection of loosely connected buildings, straddles a main road in the north and slightly west part of downtown Baltimore.
There had been a few incidents of theft in various buildings. So a few students went to schools administration and asked them to buy a couple radios (read walkie talkies) and set up some old desks near the entrance of each building. The administration complied and thus a security force was born.
Over the years the security grew to meet the demands of a climbing crime rate around the school. I’m guessing it was 10, maybe 15 years old when I joined the force. It was a meager salary for a relatively quiet gig, but was a bit more money then "work-study".
The security force was like a big clique among the small school population, or at least as it was perceived by the students who weren’t "guards".
Some years later I was upgraded to security supervisor of the "Main" building. This was the showcase building that housed the schools administration as well as large art studios. Rising to the rank of a supervisor put me in charge of roughly 45 part-time employees covering shifts 24/7.
I have a good mind-set for security, we’re meant to be helpful receptionists, but mainly there to protect the students, faculty, staff and property. This was my community and, of course, I wanted them to be safe and secure.
At school we would get a few students that no matter what the security force did, we were considered fascists and oppressors of freedom. These students would make their displeasure known in a variety of ways. Sometimes attempting to skirt the rules because they would not be subjected to the police force of evil. This unfortunate description is also a similar relationship between some end-users and the IT staff.
Security is the most important part of an IT managers or Security specialist job (if your company is big enough to afford someone dedicated to this subject). But it’s also the main reason you get into trouble with end-users. The fundamental thing about security is that it protects you, but gets in your way. As luck would have it often times it gets in your way at the peak moments of frustration. Whether you’re tying to get a presentation printed or a product out the door.
Many employees think the of the stereotype members of the IT staff are a bunch of unsocial jerks. With more affinity toward technology then their fellow humans. But the opposite is more true. Troubleshooting computers, especially at the workstation level, is a lot about understanding how people interact with technology. Beyond the books and immense amount of information we must devour intellectually, there is "theory" or the way the manufacturer claims something will work. Then there is "practice" the way something actually works. End-user interaction is a big part of figuring out the best implementation of a given technology. We’re really not trying to get the the way of you doing your job.
Ultimately IT professionals are here to make everyone’s lives easier and better. Security in these cases is the major handicap. There are instances where you need to bear the pain of a process or application, because there’s either no other way to do it or a better way just doesn’t work in a particular instance or it’s just safer for everyone that way.
Keep in mind the main part of the job is examining and re-examining these applications/business processes for a better way. Maybe that means "more efficient" maybe that means "cost less" or maybe "it’s more secure", you have to run a balance.
IT administrators also have to balance "need" versus "want" for the whole company. Not only that we have to navigate the personal choices that the company has deemed important. There’s no question that if a client company wants your company to install something, there’s little you can do about it. You make the appropriate report about what changes need to take place to company administration and well as appropriate managers. With the realization the reasoning behind this implementation is likely to cause some friction with employees.
This is part of the job. We’re not out to lock you down as thugs of Technology.
Probably the biggest challenge for me as an IT manager is getting people to see beyond the immediate problem quick fix and looking at a long term solution. Be sure this isn’t a problem limited to IT. It also happened at college, though at the time I was probably a bigger fan of the quick fix.
PS: Happy Holidays.
