Re: analysis paralysis
Yes they're paid to find and manage because if they also get involved in fixing theres a massive conflict of interest.
Let's flip the whole thing round from your perspective. I'm assuming you're a sysadmin or engineer.
Let's say 6 months ago you finished upgrading the network and you've been continually patching and monitoring ever since to the best of your ability.
Your boss has asked you, the sysadmin, to perform a vulnerability assessment on the network. It's all going well until...whoops, you find a bunch of vulnerabilities and threats you didn't realise were there and frustratingly some of them exist because of decisions you made when you performed the upgrade.
How do you report this to your boss without lying.
Do you come clean and admit to the fuck up and come off as an incompetent sysadmin?
Do you secretly fix the problems and report that there were no problems found and hope that no problems will be found in the future to highlight your poor upgrade management?
The idea is to keep things objective and continually improve processes, policies and practices.
Biting the hand that feeds IT
