I hear all time from the old guard of IT that today's system administrators aren't qualified to do security administration. They say the new breed is lazy and will take shortcuts instead of doing things by the book.
But how can we match the work ethic of the mainframe age? Compared to 25 years ago, the breadth of systems, the advances in technology and the workloads are exponentially higher. And things aren't slowing down. Complicating matters further is the lack of time or money to do the things we want, much less the things we need in terms of training and professional development.
It's not an excuse; it's a fact of life. I admit that I do a lot of things the hard way, but only because I don't have the time to figure out a better way (or the right way). I'd never be able to keep up with my workload if I did things by the book. I use what I know works, and then move on to the next task. (I realize that learning "the book method" will save me time, but I don't have that luxury.)
In my position at the Texas Credit Union Department, a state regulatory agency, I examine financial institutions' computer systems, ensuring they are "safe, sound and secure" per the Gramm-Leach-Bliley Act. Sounds simple enough, but it's not. You have to dig for information to make an appropriate assessment.
I'm also responsible for administering the agency's domain, Web and firewall servers; providing technical support for our 10 employees; evaluating and purchasing hardware and software (a daunting job, especially when dealing with government purchasing guidelines); and acting as the liaison with my state's Department of Information Resources.
In short, I'm a jack-of-all-trades, which means I have to dig up the answers for stuff that I really haven't acquired through in-depth training.
What have I done to educate myself? I've installed Linux at least 30 times over the last six years and tried to use it. (I've gotten really good at doing installs.) I've read Unix in a Nutshell, but that doesn't mean I understood it. I started reading Linux for Dummies and Unix for Dummies until I got sidetracked. Essentially, my *nix learning has been through osmosis -- I listen to people, and eventually it sinks in.
I'm starting to work toward becoming a CISSP, since my position is heavily security-oriented. I'm planning to take the exam in about two years. Why so far out? Because I know that I'll need that much time to get through the prep material and feel comfortable with it. There's no other way I will make it.
It's no secret that government IT departments are understaffed. I want to do a good job -- my personal ethics demand no less -- but the overwhelming workload holds me back. I do my best learning hands-on, but I have little free time for experimentation.
And let's not even go into my personal life. If you're married, you know what I mean ("You never spend time with me..."). Since I'm traveling more than 60 percent of the time, guess who gets priority when I get home? And I don't even have kids yet!
I would gladly forgo a pay raise just to squeeze in a little time for training. Training would help me be more efficient and keep my stress level down. But time is only part of the problem. I can get away, but my agency doesn't have the budget to send me to the proper (expensive) training classes.
I'm no dummy. I've got a B.S. in computer science, more than seven years of experience under my belt and a couple of Microsoft certifications. Lacking the time for real continuing education, I have to learn by interacting with experienced people. I see the same problem throughout the IT world, and it isn't going away anytime soon.
I'd love to go back to just learning, but who would pay the bills, do the laundry, feed the cats, cook the meals, do the dishes and pay the mortgage? And when would I have time to spend with my significant other and have a social life?
We, the new IT generation, aren't lazy; we're just running to stay in place.
About the author: Tom Ray is an IT examiner with the Texas Credit Union Department.