Is your IT/security team largely firefighting? If not, I’d love to know!
This rumination was prompted by a blog comment I read, and I was kinda dumb-founded. Are there IT shops that are *not* firefighting? Pray tell, where are they?
I conjecture that top-down, and outside-in we have this tendency to think IT/security is better than it really is.
I also conjecture that the only shops that are not firefighting are the ones so large that all those things that would be “firefighted” in small shops end up falling into the black holes of processes and separated teams. “Oh, I know that’s a problem, but that’s for the virtualization team,” or “That’s not something my manager wants me to touch, that’s a code issue for dev team 83,” or “I’m just the consultant/security advisor, it’s up to the desktop team to figure out how to properly implement that DLP.” It’s not that they’re getting done, as much as being buried in a field full of freshly dug holes.
We’re sort of not. Before I hired our second sysadmin, yes, I spent most of my time fighting fires and not being able to make significant headway on projects. Every once in a while, I could scrape together a few hours to focus on something, but it was quite rare.
When I brought in the new guy, I put him on projects right away, and am acting as his abstraction layer. No one is allowed to bring issues to him unless I am unavailable. This has worked wonders, as he has been able to spend the past several months working on some serious projects that are doing some awesome things for us.
I deal with the fires and day-to-day bs, and he gets to play with all of the cool stuff 😉
It is funny, though, as I never really thought it would end up this way when I was a kid.