1 / 22

Leading IT & IA Organizations in the “Real World”

Leading IT & IA Organizations in the “Real World”. (Well, at least my real world) 17 Oct 07. What I Want to Cover. Perspective on IT and IA – advancements as I’ve experienced them Things I’ve learned and want to share War stories along the way to relate it in real world examples *

yorick
Download Presentation

Leading IT & IA Organizations in the “Real World”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Leading IT & IA Organizations in the “Real World” (Well, at least my real world) 17 Oct 07

  2. What I Want to Cover • Perspective on IT and IA – advancements as I’ve experienced them • Things I’ve learned and want to share • War stories along the way to relate it in real world examples * • What I look for when hiring IA help • Types of experience, certificates and degrees

  3. A Bit About Where I Come From • Military Communications and Networks • Telecom, Computers, Networks and SATCOM • Wild, Wild, West • Enterprise Network Defense • Post-Military -- Net Defense Consultant

  4. Building IT Organizational Credibility in the Mid 90s • Issue: Taming the Wild West • NT, Novell, Banyan Vines • PeachText, WordStar, Word, WordPerfect • Internet…friend or foe? What’s this Mosaic? • “Hobby Shops”

  5. Building IT Organizational Credibility in the Mid 90s (cont.) • Credibility needed to enable central management of IT and IA company-wide • Obstacles: Budget, Technology, Talent, Experience, Culture, Competing Agendas • OK for mainframes and data centers

  6. Progress in the late 90s • Budgets and technology start to catch up • Consolidate to Scalable Apps (NT, Office) • First successful (that is they did more good than harm) firewall and IDS use • However, still problems with attitudes (IT * and users), credibility, competing agendas • Hobby Shops fighting to the finish *

  7. Progress in the late 90s (cont.) • Not a matter of could it be done, but should it be done and can we trust the IT department geeks • Focus on “customer responsiveness” * Users should come to you NOT because they have to, but because they want to

  8. Enterprise Network Defense

  9. Enterprise Network Defense • Joint Task Force – Global Network Operations (JTF-GNO): Responsible for joint network ops and network defense • AF Network Operations and Security Center (AFNOSC) Network Security Division: Responsible for AF network defense • IDS Ops here in San Antonio (Computer Emergency Response Team (CERT))

  10. IA versus Net DefenseUSAF Definitions • IA: “measures to protect and defend info and info services by ensuring availability, integrity, authentication, confidentiality and non-repudiation” • Net Defense: “Employment of network-based capabilities to defend friendly info in or transiting our nets against enemy efforts to destroy, disrupt, corrupt, or usurp it” • Said another way, response to a maneuvering enemy on our nets vice IA commercial best practices

  11. Enterprise Network DefenseLegal Justification • Electronic Communications Privacy Act (ECPA) service provider exception: “(2) (a) (i) It shall not be unlawful under this chapter [18 USCS §§ 2510 et seq.] for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.”

  12. Enterprise Network Defense • ECPA, a wiretapping law, allows us to do network defense • “we can drive a truck through the hole opened by the service provider exception”

  13. Enterprise Network Defense • AF Ops organized into 4 focus areas • Prevent, Detect, Respond, Sustain • Prevent: Anti-virus, Blue Team scans, Red Team, Network Orders, Patch Mgt • Detect: IDS, traffic analysis • Respond: Incident Response Team, port scans, intel, law enforcement • Sustain: Maintenance, planning/budget, training, Q/A (“stan/eval”)

  14. Enterprise Network Defense • Operations conducted following “Find, Fix, Track, Target, Engage, Assess” process • Same F2T2EA process as AF air strike operations in Iraq or Afganistan • Intelligence actions v/s law enforcement * • Intel – Foreign nationals or companies • LE – US citizens and companies • If we don’t or can’t catch the hack, we can catch the follow on activity

  15. Enterprise Network Defense • Boiling Frog Syndrome • Culture, attitudes and cooperation continue to play a part in success and failures

  16. Unsolicited Advice • Since you are here, assume you aspire to leadership roles, so here goes…. • It’s the Organization’s Missions and Goals, not the latest IT craze • Know how your company makes money • Know how IT and IA contribute to that • Know how to articulate it to non-geek leadership • Budget savings *

  17. Unsolicited Advice • Focus on the people (users), resist urge to focus on technology • The relationships you build will play heavily into your success * • A concept beyond “networking” • Find a mentor in your company • “Never underestimate the power of being kind” *

  18. Unsolicited Advice • Work your boss’s problems • Not an IT-specific thing, but understand his/her goals and challenges…and help • Arrive early, stay late…even if it’s just minutes • Learn to write and speak well • You’d be amazed what a differentiator this is • Take speech or composition as an elective • We have active Toastmasters

  19. Insight From Recent Hiring's • Timing counts *…match skills with opening • Expect your current employer to be contacted * • Certifications are a positive differentiator now…eventually they’ll be an ante just to play the game (negative if you don’t have) • Requirement for military, civ and contractors

  20. Recent Hiring's

  21. Recent Hiring's (cont) • Master’s Degree: start when you’re young, possible market salary adjustments • My boss always asks…“How fungible are they” (consultancy) • In other words…how many different problems can they help us solve…”thoroughbred or a one trick pony”. • Identify all talents you have that may apply to opening

  22. Questions? "There are but two powers in the world, the sword and the mind. In the long run, the sword is always beaten by the mind." -- Napoleon Bonaparte • Feel free to email me at rydell_mark@bah.com

More Related