Looking forward to this week's instalment of "Who, Me?" where Joe, who works for an aerospace company that cannot be named, decides to do a last minute upgrade of newly released switch firmware.
And I raise my beer to "The Red Team" engineers.
16 publicly visible posts • joined 24 Jan 2013
Many technology purchasing decisions are going to be retrospectively wrong, usually just partially wrong, at some point during the short/medium term after implementation. That's just a fact of life as your own use case/business case/roadmap and the vendor's own road map diverge over time. If it's a long evaluation or a long implementation process from the time you sign your life away, then the regret perhaps comes a bit sooner into the working life of whatever you bought.
The best you can do is make sure it's fit for purpose, polish up your crystal ball, make sure others do the same if they're making the decision and realise it's often part of the lifecycle of whatever you're doing.
And don't purchase anything on the basis of business breakfast presentations. Just because someone fed you pastries and bad filter coffee and battery acid juice, slagged off the other vendors in the space, showed you some gartner charts, and peddled their wares (whilst glossing over any hidden costs), it doesn't mean that it's fit for purpose, or that you owe them anything.
Remote working has increased the attack surface.
So has the move in recent years to move various things to various cloud services, which in turn has added various other attack surfaces...
...as well as a number of other moving parts to tie it all together, which require extra time and expertise to configure and maintain ...and which often present their own attack surfaces.
The CFO in the meantime wants to know why the time spent on updates and patching isn't making their computer faster. And is questioning the increasing number of $x per user/month services that are on the bills each month, having patted themselves on the back for the reduced capex that came with moving things to the cloud.
The CFO's 2IC has recently built a hackintosh at home and is now a security expert, thinks all the after hours patching work is fake, and has been deducting regular annual leave hours for IT staff time-in-lieu requests and hoping they don't notice.
Line Manager X doesn't work in IT, but is very much up to date on various security advisories and uses this to justify their long-standing lack of effort/usage for any given system. Today, perhaps understandably, they will no longer use Confluence despite the fact their inability to either write (or read) documentation in any form (even a word document) has been longstanding.
The CEO, also very much up to date on various security advisories, uses this to constantly decree that we shouldn't use various vendors. Which at this point means we should theoretically be using pen and paper. Also refuses to use MFA despite their email account being under attack on an almost hourly basis. Is also against most forms of email security after a smoking red-hot email exchange with their partner once triggered the worst possible category of email content alerts.
So, yep, a bit stressful.
Our front line staff fortunately navigate any security related potential inconveniences like MFA, computer updates and other measures with ease.
Yep - L2TP VPN's in particular. Recreating the VPN (as has sometimes been necessary after updates) doesn't work so KB5009543 needs to be uninstalled.
Fortunately we stagger the update timing so it's not yet a widespread problem for us.
Also, fortunately it's not as if our entire workforce is working remotely and needs VPN access...
Yep - any web based access for Outlook ("Outlook Live" or other flavours) is currently down, or at least degraded, here in the Antipodes. Apparently due to a recent configuration change, and they're throwing extra resources at it before everyone in Europe wakes up. It's been like this for about 6 hours. There's some collateral damage to on-prem Exchange too (I'm assuming for those that route via o365).
... where the freight trains run down the middle of the main street.
(There's probably an analogy there with some tech companies)
I've spent a fair bit of time there over the years; not the world's most exciting place other than the train line and the mountain. The new bakery is good though.