[talk] "death of IT"

James E Keenan jkeenan at pobox.com
Sun Mar 29 15:05:32 EDT 2020

On 3/29/20 2:59 PM, jpb wrote:
> On Sun, 29 Mar 2020 12:15:00 -0400
> James E Keenan <jkeenan at pobox.com> wrote:
>> On 3/29/20 10:16 AM, Brian Callahan wrote:
>> [snip]
>>>> Futher, per ISO 27002 who will:
>>>>    - create and enforce segregation of duties?
>>>>    - create, deliver, and track information security awareness and
>>>>      training?
>>>>    - track assets?
>>>>    - manage access rights?
>>>>    - ensure cryptographic keys are competently managed?
>>>>    - enforce secure disposal or re-use of equipment?
>>>>    - manage installation of software on operational systems?
>>>>    - create, monitor, and enforce network controls?
>>>>    - perform system acceptance testing?
>>>>    - monitor supplier relationships?
>>>>    - assess, respond, and remediate information security
>>>> vulnerabilities?
>>>>    - create, test, and actually perform business continuity in the
>>>> event of a disaster (or a pandemic)?
>>>>    - ensure the protection of your privacy and personal information?
>>> Wish my Infosec students were on this list--we covered ISO 27002 on
>>> Thursday! Great stuff Jim.
>>> I often end up teaching a lot of these skills indirectly in my
>>> programming courses because they are so crucial.
>> One of the limitations of being almost completely self-taught as a
>> programmer is that I never learned any of the stuff on that list.
>> jimk
> Perhaps, but if you've worked in the corporate world for any length of
> time, you see them all the time.  Pretty much everything on that list is
> a job for somebody, but hopefully not all the same person!
> Cheers,
> Jim B.

Well, I *did* work in the corporate (ad tech) world for 10 years ... but 
always at places that were large enough when I started that sysadmin and 
software dev roles were strictly separate.  I suspect that if I had 
worked at a start-up of 10 people where everyone was wearing multiple 
hats, I would have absorbed all that sysadmin stuff by admosis.  As it 
happened, most of what little I learned came from sitting next to Brian 


More information about the talk mailing list