[talk] "death of IT"
James E Keenan
jkeenan at pobox.com
Sun Mar 29 15:05:32 EDT 2020
On 3/29/20 2:59 PM, jpb wrote:
> On Sun, 29 Mar 2020 12:15:00 -0400
> James E Keenan <jkeenan at pobox.com> wrote:
>> On 3/29/20 10:16 AM, Brian Callahan wrote:
>>>> Futher, per ISO 27002 who will:
>>>> - create and enforce segregation of duties?
>>>> - create, deliver, and track information security awareness and
>>>> - track assets?
>>>> - manage access rights?
>>>> - ensure cryptographic keys are competently managed?
>>>> - enforce secure disposal or re-use of equipment?
>>>> - manage installation of software on operational systems?
>>>> - create, monitor, and enforce network controls?
>>>> - perform system acceptance testing?
>>>> - monitor supplier relationships?
>>>> - assess, respond, and remediate information security
>>>> - create, test, and actually perform business continuity in the
>>>> event of a disaster (or a pandemic)?
>>>> - ensure the protection of your privacy and personal information?
>>> Wish my Infosec students were on this list--we covered ISO 27002 on
>>> Thursday! Great stuff Jim.
>>> I often end up teaching a lot of these skills indirectly in my
>>> programming courses because they are so crucial.
>> One of the limitations of being almost completely self-taught as a
>> programmer is that I never learned any of the stuff on that list.
> Perhaps, but if you've worked in the corporate world for any length of
> time, you see them all the time. Pretty much everything on that list is
> a job for somebody, but hopefully not all the same person!
> Jim B.
Well, I *did* work in the corporate (ad tech) world for 10 years ... but
always at places that were large enough when I started that sysadmin and
software dev roles were strictly separate. I suspect that if I had
worked at a start-up of 10 people where everyone was wearing multiple
hats, I would have absorbed all that sysadmin stuff by admosis. As it
happened, most of what little I learned came from sitting next to Brian
More information about the talk