Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Are IT Security Professionals Less Happy?

timothy posted about 6 years ago | from the less-ignorance-less-bliss dept.

Security 363

zentanu writes "It's said that if you want to be happy, be a gardener. What about IT security professionals? Having worked as an IT security consultant for several years, I now wonder if my job has a negative influence on my happiness, because it constantly teaches me to focus on the negative side of life: I always have to think about risks and identify all sorts of things that could go wrong. As an auditor I search for errors that others have made and haughtily tell them. As a penetration tester I break systems that system engineers and administrators have laboriously built. I assume inside threats and have to be professionally suspicious. The security mindset surely helps me in my job, but is it good for me on the long run? What kind of influence has being an IT security professional had on your general attitude towards life? What helps you stay out of pessimism and cynicism? Is protecting existing things really as good as building new ones?"

cancel ×


Sorry! There are no comments related to the filter you selected.

I'd reply but I'm worried someone will be watching (1, Interesting)

Anonymous Coward | about 6 years ago | (#24727839)

Who watches the watchmen? Being a security wonk is going to be our version of being a member of the secret police. Check out how they went historically in terms of happiness.


Re:I'd reply but I'm worried someone will be watch (4, Interesting)

jdray (645332) | about 6 years ago | (#24728367)

I know a guy in IT security. He's generally a happy person, with a good family life to keep him busy. He plays horn with a band, with practice keeping him busy several times a week. He says that's what keeps him sane.

Re:I'd reply but I'm worried someone will be watch (3, Insightful)

mabhatter654 (561290) | about 6 years ago | (#24728541)

good IT security is not about following anybody's agenda but about securing the property. It's like being the night watchman responsible to lock the doors, close the windows, and be on look out for strangers. IT security is not "policing", nor should it be. In my company our guys work hard to keep their jobs non-political. They'll provide facts but not run around snooping on people for the boss. There's a big difference in the two.

First (-1, Offtopic)

Anonymous Coward | about 6 years ago | (#24727847)


Re:First (-1, Offtopic)

extirpater (132500) | about 6 years ago | (#24727875)

Epic Fail !

Nah (1)

ozamosi (615254) | about 6 years ago | (#24727851)

I hate doing security work (why can't ve just assume that all users are friendly people who would never rockroll or goatse anyone?), but I still don't like life. ;)

Short Answer (1, Insightful)

AndGodSed (968378) | about 6 years ago | (#24727857)


Real Question: WHY?

Re:Short Answer (5, Insightful)

dsginter (104154) | about 6 years ago | (#24728039)

Real Question: WHY?

In "traditional" security, people can ascertain the threats on their own - so they are happy to allow the "security" department to interrupt their life (e.g. - using keys to open locks).

In IT security, people just want to download cool screen savers. Most simply don't see the risk. As such, the job of an IT security professional is much more difficult (e.g. - "why can't my password just be the name of my dog?").

So, most people who work in IT security are made out to be Mordac [] - "Preventer of information services".

re: "traditional security" vs. I.T. security (5, Insightful)

King_TJ (85913) | about 6 years ago | (#24728389)

I don't know. In many ways, "security" is never anything more than putting up deterrents to crime. The more of them you implement, the more you create inconveniences for YOURSELF, in the process. It never really ensures the PREVENTION of a crime.

In "traditional" security scenarios, I think people have found a balance they're content with in most cases. (EG. If I want to secure my house against a break-in, I can stick with the "staple items" we universally employ, such as door and window locks. We've pretty much all established that having to find the proper key for one's door to get inside is a minor hassle, vs. the level of crime deterrence it provides. Optionally, people wanting more can buy an alarm system. Much more hassle, expense and inconvenience, but an added layer of protection everyone understands and can opt for or against with a good sense of the pros and cons.)

"Computer security" is largely considered "of little real value" by the public because they (usually CORRECTLY) come to the conclusion that it creates too many impediments to being productive with the computer tools given. I.T. security nazis that demand those "tough to guess" passwords that have to be changed regularly only cause people to have too much trouble signing THEMSELVES in. So to work around this? They start writing the passwords down on things they can easily look at. Problem solved, but security measure largely bypassed.

By the same token, your business can spend thousands and thousands on firewalls and other "network appliances" that all promise to improve security from hackers and outside threats. But one employee can circumvent it ALL with a $50 wireless access point concealed someplace in a drop ceiling, and letting his buddies know they can now get on the LAN from a portable sitting in the parking lot.

I think many people in charge of spending (whether management or other I.T. workers) are realizing that the basics like merely having SOME kind of password required to log in, a basic NAT firewall in place, some anti-virus/spyware package on the workstations, and maybe a spam filtering service on their email is ALL they realistically need. MOST companies just don't have that much on their network that outside hackers even care to access. The most "sensitive" information is usually just of interest to EMPLOYEES of the company (like salary histories of different people?). So let the one dept. that has to handle that data (H.R.) put extra security measures on it, and keep them from inconveniencing everybody else.....

Re: "traditional security" vs. I.T. security (4, Interesting)

mabhatter654 (561290) | about 6 years ago | (#24728639)

no, there is quite a bit of liability involved in IT now. Not properly protecting salary and HR files can be a criminal offense to the company owners.. you have to do it. But you are correct, security is not really about "preventing" wrongdoing, because somebody that wants to get you will. On the other hand one part is to make enough noise that the honest people know you're watching and aren't lead astray. The other part is logging and auditing what's going on... just like a physical security guard, to know who belongs and who doesn't, then able to prove that in court if you need to.

Good security also keeps people from accidentally messing up your data, and that's the most common and disastrous thing that happens. To only give people the minimum they need, then when 2 months of TPS reports are missing you have a short list of who had access rather than entire departments, and find out the boss deleted them not "some hacker". You also keep unqualified people from screwing things up.

Re:Short Answer (5, Interesting)

ChadAmberg (460099) | about 6 years ago | (#24728465)

OK, so you can either be a security dick and "haughtily" tell people of their errors, etc, or you can actually help the sysadmins. And I don't mean help by slapping your polished report on the managers desk and think you're helping by listing all the things they've done wrong.
No, get down in the trenches. Build a relationship with the engineers and sysadmins, so that you work together. They'll start coming to you before they make mistakes asking you to help them double check their work. I worked at one shop where the security team was just like this. We'd work with them on what we did, and prevented tons of mistakes before there was ever an issue and things moved to production.
Then you have the security team I work with now, who we simply call "Team No." They're pretty useless, everyone hates ever having to deal with them. They're the type that when you ask for help designing a secure system will respond its not their job. When you question them they'll haughtily respond "I know what I'm doing, I'm a CISSP!!!" Big freakin' deal, I respond, so am I. But the net result is without cooperation, they'll never truly be able to secure our systems.

Please be the kind of security guy that is a help not a hindrance. And then I'm sure you'll start going home at the end of the day feeling much better about yourself.

haughtily (5, Funny)

Anonymous Coward | about 6 years ago | (#24727887)

"As an auditor I search for errors that others have made and haughtily tell them."

You must be very popular.

Re:haughtily (1)

jollyreaper (513215) | about 6 years ago | (#24728537)

"As an auditor I search for errors that others have made and haughtily tell them."

You must be very popular.

It's all in the tone of voice, haughty but nice.

Good times and Bad times in any job (4, Insightful)

RotateLeftByte (797477) | about 6 years ago | (#24727893)

I'm an IT consultant with over 30 years experience since I graduated. There are good times and bad times.
The good times for me were in the mid 1990's when I worked in the old Soviet Block. There, I could see the work I was doing making a difference.
The bad times were when the company I worked for got taken over and the whole job changed. Suddenly we were supposed to apply production line metrics to consulting assignments.
Luckily I got out and started on my own.

However in your job, it does weem that you are predominantly occupied looking at the down side of IT. Keeping those pesky hackers at bay is not a job I'd want to do.
I'm a fairly creative person. So I have concentrated in spending more time doing things outside of IT.
I've just signed a deal to get my first novel published. Not a huge amount of money. But I can concentrate on the positive for at least part of the day.

Perhaps you do really need to take a long hard look at your work life balance.

Re:Good times and Bad times in any job (1)

Ceriel Nosforit (682174) | about 6 years ago | (#24728563)

Just be glad you're not doing outsourcing. That job is truly shitty.

I work as a guard now. Less stress. Hehe.

my 2c (5, Interesting)

thermian (1267986) | about 6 years ago | (#24727895)

I have never *ever* used my job when considering my own self worth.

Jobs are the means to make money. Sure if you enjoy them, great, but if you don't, and you judge your self worth by them, well then you're fucked.

Its better to have other measures, other means to judge how well you are doing in life. For me its my open source coding, and my amateur science efforts, as well as being a dad. Any job I do is only, and will only ever be, the means to provide the necessitaties of life, like savings, a home, money for my kid and such.

Ok, that's important, but its not a thing upon which your self image should be based. At least that's how I feel.

Re:my 2c (1)

LighterShadeOfBlack (1011407) | about 6 years ago | (#24728147)

Umm.. the question was nothing to do with whether IT security professionals feel good about themselves because of the job they do. He's asking if the mindset required to do the job negatively affects their attitude in other aspects of their life.

Re:my 2c (-1, Troll)

Anonymous Coward | about 6 years ago | (#24728297)

Return to Digg, asshole.

Could be a coincidence (0)

Anonymous Coward | about 6 years ago | (#24727903)

I myself am a it security professional, and i am deeply depressed, and have asked myself the exact same thing. Ive tried all kinds of SSRIÂs and SNRIÂs, 5-htp and herb crap.... Nothing helps besides benzos and alchohol.....

If this mindset is a general thing amongst us, is this profession chosen by sceptical depressed cynics, or do the work make us that?

Re:Could be a coincidence (4, Insightful)

cbreaker (561297) | about 6 years ago | (#24728353)

I'd love to see your security documentation.

"i am a it security professional w/10 yrs exp and i recommend bgr passwds."

I'm guessing you're either full of shit, or have the worst security documentation EVER because you can't use capital letters and you can't write decent English.

Security is more than downloading and installing anti-virus software, you know.

Actuary (3, Interesting)

magarity (164372) | about 6 years ago | (#24727917)

I can think of a few jobs that are a lot less happiness inducing, like insurance actuary... placing bets on how long people have to live must be a downer.
OTOH, if you can learn to leave work behind when you go on vacation then IT security pays a decent salary and you should be able to afford a relaxing and distracting trip to whereever entertains you, especially in nature settings.

Re:Actuary (1)

poopdeville (841677) | about 6 years ago | (#24728231)


poppa needs a new pair of shoes.

happiness... (3, Insightful)

laktech (998064) | about 6 years ago | (#24727919)

It's all about your attitude. Is the glass half empty or half full? Injurious suffering or ardent happiness is a choice.

Re:happiness... (0)

Anonymous Coward | about 6 years ago | (#24728041)

It's all about your attitude. Is the glass half empty or half full?

Neither - it's too damn big.

Re:happiness... (4, Funny)

OriginalArlen (726444) | about 6 years ago | (#24728417)

Either way, itsh time for a top-up. Cheersh!

Oh yes it does! (1)

ZonkerWilliam (953437) | about 6 years ago | (#24727921)

I had one of the misfortunes to assist the DJJ to stop a guy who was contacting underage kids using IM. Sadly we did find him and the guy committed suicide a week later!! So yes I completely understand what your saying.

Re:Oh yes it does! (1)

Blobule (913778) | about 6 years ago | (#24728529)

Why is it sad that you found him? I would be joyous at having found and stopped such a person. That he committed suicide is his own doing and really shouldn't bear on your own happiness. In fact, when such people commit suicide, deep down I feel happy that they didn't drag their victims through the legal system nor waste even more of society's resources and time.

Re:Oh yes it does! (2, Insightful)

mabhatter654 (561290) | about 6 years ago | (#24728701)

that's why many IT departments block as much crap as possible, because THEY don't want to be that in that kind of investigation, so they cut off outside email, IM, myspace, etc so people can't make those mistakes with THEIR toys. Sure people will try, but then you have policies in place long before their actions become "illegal" and police get involved.

Re:Oh yes it does! (1)

ZonkerWilliam (953437) | about 6 years ago | (#24728819)

True, but this is a State agency, we can't block traffic to other agencies, just keep an eye open, as much as possible. In State Government we are damned if we do and damned if we don't. We have tried to enforce the statewide security policy, but without luck. The agency ISO's, I believe, do not have the ball's to enforce it.

I thought system admins were gardeners (5, Insightful)

davidwr (791652) | about 6 years ago | (#24727945)

Why do you think they call them server farms?

Seriously, being a system admin is like being a commercial-grade landscaper or farmer.

If a system admin has a good job, he'll have the authority to decide what to plant/what equipment to install, what to feed it and how often to water it/what scheduled hardware and software maintenance is necessary, etc.

He will also tend the garden/maintain the system and reap and share the rewards for his efforts/get paid and have happy customers or bosses.

Re:I thought system admins were gardeners (3, Funny)

Anonymous Coward | about 6 years ago | (#24728393)

And neither ever seems to have enough ladybugs to make their lives easier. :-(

Be careful of the root rot!

Re:I thought system admins were gardeners (0, Flamebait)

cbreaker (561297) | about 6 years ago | (#24728395)

1) Make another comparison of IT to another profession
2) Believe you've come up with something new and whitty

Most jobs tend to have the same basic principals, if you break it down enough.

"IT is like flipping burgers. The burgers represent data, and the customers are the users. You have to find the best way to provide burders (data) to the customers (users) for the lowest cost!"

Reframe it (0)

Anonymous Coward | about 6 years ago | (#24727955)

Reframe it if you're unhappy or get out. Consider that you could be a Police Officer or a Pediatric Oncologist.

But at the same time, you can approach your work as challenges to overcome, and ever revel in the cleverness of the attacks, as many are quite clever -- thus the attraction for many. Yea, if a client gets hacked it sucks, but that's the game you play.

Enjoy the hunt, enjoy the chase, enjoy the race to keep them out before they get in. Otherwise, find another line of work.

Oy vay (5, Insightful)

PingXao (153057) | about 6 years ago | (#24727965)

Come on. Get over yourself. Cops, laywers, doctors, nurses, paramedics, military people... these walks of life deal with human misery, pain and suffering every day. If you're so worried about offending your sunny disposition maybe you should join a convent.

Listen, in any field if you can't take enjoyment out of what you're doing then (a) you should change your profession, or (b) realize if you can't do (a) you're in the same boat with about 80% of the rest of the population.

As a member of the IT world, security-related or otherwise, you have intellectual challenges and brain-teasers to deal with on a constant basis. Testing your knowledge and skill, forcing you to re-evaluate whether you're as good as you think you are every step of the way. And yet, even in such a position you're bound to go through times when you find yourself working for some real asshole(s). They're no fun, either, but you have to keep plugging away.

Either that or apply for a job at the factory where they make those "Have A Nice Day!" bumper stickers. Oh wait ... that's in China. Never mind.

Re:Oy vay (5, Insightful)

Nezer (92629) | about 6 years ago | (#24728285)

Come on. Get over yourself. Cops, laywers, doctors, nurses, paramedics, military people... these walks of life deal with human misery, pain and suffering every day.

Are you saying that because other people can do it then the he/she should too? If so I can't help but ask who are you to tell someone what they can and cannot do? This is known as "minimization" and can be a very ineffective, not to mention damaging, way to communicate with someone.

If you're so worried about offending your sunny disposition maybe you should join a convent.

Can you sense the hostility?

Listen, in any field if you can't take enjoyment out of what you're doing then (a) you should change your profession, or (b) realize if you can't do (a) you're in the same boat with about 80% of the rest of the population.

That 80% of the population you claim has the same capability to make choices about their life that the other 20% do. People choose what they do for their own reasons, not for yours or mine.

but you have to keep plugging away.

*YOU* might have to keep plugging away but the OP doesn't. That's for him/her to decide. Besides that, 80% of statistics are made up 20% of the time.

You make some good points but I sense a lot of underlying hostility in your comments that, if I saw in myself (and, believe me I have) would eventually force me to take an inventory about where I am in life.

The OP asked a very good question and you have seemingly interpreted it as him griping about his job. Maybe that is the subtext that spawned the question but it is not how the question is presented.

I believe very unhappy (1)

axlr8or (889713) | about 6 years ago | (#24727977)

Very, very negative people. And your peers are constantly jibing you. Any differences in opinion are made fun of. People at work are 50 50. Some think your really smart, and understand business and tech would be nowhere without computers. But then there are the others, who think your like the CEO, and getting paid for nothing (future IT professionals). But the worst thing, as an IT pro, is that you mostly work with Windows, and that's always a bummer.

I work with lots of IA people (5, Interesting)

idiotnot (302133) | about 6 years ago | (#24727987)

A good number of them would be checking bags on the way out of BestBuy if they didn't know how to boot a PC.

My experience lately is that security people, generally, are:
a) not intellectually curious,
b) fearful of change,
c) often suspicious of others' motives because they, themselves, have malevolent intentions, and
d) powertrippers, because they've been given power to second-guess solutions they weren't technically-savvy enough to come up with themselves.

It's fun to discuss something like IPv6 with an IA weenie. He doesn't understand it, so it must be a threat!

BTW, I work for a large federal organization, where these people are everywhere.

Security Drama Majors (1)

argent (18001) | about 6 years ago | (#24728065)

Those don't sound like security professionals... I've run into people like that, they're the ones who applaud "security theatre" solutions like Vista's UAC, but I wouldn't call them "IT Security Professionals". They sound more like the mob over in QA pushing ISO9000.

Re:Security Drama Majors (1)

idiotnot (302133) | about 6 years ago | (#24728151)

No, Vista is new, and they haven't bought themselves a PC with it installed, and everyone they've talked to say it's bad, so it's insecure!

And, yes, they do have some resemblance to the QA weenies. My last company I joked that after they instituted ISO, I needed to fill out three forms to go drop a deuce during work hours.

Sounds fun! (2, Funny)

BitterOldGUy (1330491) | about 6 years ago | (#24728215)

I've run into people like that, they're the ones who applaud "security theatre" solutions like Vista's UAC, but I wouldn't call them "IT Security Professionals".

Security Theater. Is that anything like Dinner Theater? It sounds fun!

Re:I work with lots of IA people (0)

Anonymous Coward | about 6 years ago | (#24728533)

Those, my friend, are what we call "shit security people". Some of us have clue, honestly. Sadly it's a little bit like 1996 all over again; people who can do the security equivalent of "program in HTML" (anyone else remember those ads?) are getting swept up in the dragnet of the "ohmigod 911 cyber hacker terrorists!!!" industry machine and spat out as mindless drone security bot types who wouldn't let Bruce Schneier in the building because his beard makes him look suspicious. Some of the very smartest, most creative, inventive, imaginative and downright fucking clever people I know of in computing are working in security at the moment. Go read the presentations from any decent recent sec conference - Blackhat/Defcom, CanSecWest/East, CCC, Hackinthebox,.. etc, etc. Read Schneier, Bellovin, Beijtlich, Aitel, Halvar, Kaminsky, on and on and on. Dozens and dozens of 'em. (And there's n3td3v, too, for lulz ;) )

Re:I work with lots of IA people (1)

rjhubs (929158) | about 6 years ago | (#24728715)

I get your point, but I wouldn't let Bruce Schneier into my building even if he shaved his beard. I don't need my security flaws made public!

Try developing (0)

Anonymous Coward | about 6 years ago | (#24728017)

Just think about what a cop or a detective has to deal with.

Being a "security" expert doesn't make you special in anyway. As a developer i not only have to do that end i have to tell people around me their code is shit, their setup is bad for more reasons than just security, then i have to help fix it. Your just catching what the worst of us might miss, more of a QA job by that point.

Its a job you can't deal with it i'd say its a personal problem, i go home have a beer smoke a joint get ready for the next days battle.

O yeah and creating is much better than destroying someone elses work :)

Probably... (1)

Boogaroo (604901) | about 6 years ago | (#24728055)

After all, the IT security people know what it takes to make things secure, BUT they aren't allowed to make it secure.
Why? Because that would make it too much of a hassle for the end users, or some bean counter says it'll cost too much.

IT sucks (1, Interesting)

Anonymous Coward | about 6 years ago | (#24728057)

I get less pay working in IT than i do working in McDonalds as a manager.

Less Happy? How About More Happy! (5, Insightful)

Anonymous Coward | about 6 years ago | (#24728061)

I used to be a software developer for many years and am not in IT security. For me, IT security is actually more satisfying. I'd much rather be the person responsible for finding security weaknesses and assessing risk than the person responsible for getting high quality systems built under tight deadlines.

When you present your security assessment findings to the developers/engineers, there's no need to be haughty about it. Nobody's perfect and every system is going to have some bugs and weaknesses in it. Just present the risks in a matter of fact way so that the people in charge will understand and can make informed decisions on what to fix and how quickly.

Also, when you do security assessments / pen tests, why not also include a section in your report where you tell the developers what they're doing well from a security standpoint? I always do this, which helps to balance out the negative aspects of a pen test makes the developers feel good before I show them what they need to improve on.

You want answers? (5, Funny)

ScrewMaster (602015) | about 6 years ago | (#24728093)

The security mindset surely helps me in my job, but is it good for me on the long run?


What kind of influence has being an IT security professional had on your general attitude towards life?

I beat my wife.

What helps you stay out of pessimism and cynicism?


Is protecting existing things really as good as building new ones?

No, not really.

Sorry, am I being too negative here?

Re:You want answers? (1, Redundant)

zmooc (33175) | about 6 years ago | (#24728355)

Yes, you are. I suggest smoking more weed and drinking less beer^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H. It helps.

You sir are correct. (5, Funny)

BitterOldGUy (1330491) | about 6 years ago | (#24728813)

Yes, you are. I suggest smoking more weed and drinking less beer^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H. It helps.

You're absolutely correct sir!

You see, one of the side effects of weed is paranoia. And I can't think of anything better than increasing paranoia in a security professional.

Weed for IT security folks should be a job requirement - paid for by the company!

Re:You want answers? (0)

Anonymous Coward | about 6 years ago | (#24728777)

5 years as a sysadmin and 1 year in support (doing about the same things as a sysadmin):

No, you are not being too negative

The answer (5, Funny)

Anonymous Coward | about 6 years ago | (#24728117)

ah: number of happy IT Security Professionals
au: number of unhappy IT Security Professionals
bh: number of happy non-IT-Security Professionals
bu: number of unhappy non-IT-Security Professionals

The answer is yes if au/(au+ah) > bu/(bu+bh)

Love What You Do (1)

WamBam (1275048) | about 6 years ago | (#24728121)

You're performing a vital function for your job that's just as important as building something from scratch. Rather then seeing yourself as someone who points out your coworkers' mistakes, see your role as one in which you make your coworkers' better. Maybe you don't feel like you're part of a creative process but by investigating flaws and improving the product, you have a lot of positive influence. It sounds corny but if you're good at what you do, then there's no reason to feel bad.

Re:Love What You Do (1)

mk2mark (1144731) | about 6 years ago | (#24728773)

I'm guessing your co-workers really love you! The only thing more annoying than someone who is good what they do is someone who loves doing it.

At least infosec is less likely to be offshored (1)

walterbyrd (182728) | about 6 years ago | (#24728135)

Infosec is also less likely to be taken over by offshore guest workers. Or, at least, I would think so.

So, unlike every other US IT worker, you won't be training your replacement within two years. I guess that's something to be happy about.

You would be amazed (1)

OneIfByLan (1341287) | about 6 years ago | (#24728443)

US Customs just outsourced their IT infrastructure design and maintenance to a shop where only 15% of the employees are US citizens.

I keep getting called a racist and a "jingoist" when I point this out, which is hilarious considering half my family are not US citizens, nor by the old Southern rules would I be considered white.

It seems that we are more afraid of paying a living wage than handing the keys to our house over to strangers.

Correlation vs Causation (5, Insightful)

Rorschach1 (174480) | about 6 years ago | (#24728137)

Hasn't it been fairly well established that more intelligent people are less likely to be happy in general? Being good at IT security (and not just an appliance operator, trained to run a few tools and read the generated reports) requires a fair amount of creative thinking and intelligence. I've worked in the field in the past, and I don't think it's specifically the adversarial mindset that causes unhappiness. I actually had a lot of fun doing that stuff - at least, when my work was appreciated by those I was advising and I wasn't seen as an interloper. That depends more on people skills, both on the working level and in management.

On the other hand, for the last few years I've worked on projects that are ostensibly for the public good, ensuring safe water supplies and such, but I've been rather unhappy with it. Why? Because the company I was working for was far better at securing grants and government contracts than at building anything useful and actually putting it to use beyond carefully controlled tests and demos. I came to realize that nothing I ever did there would ever really matter.

Since then I've been self-employed, doing ten times as much work but I'm happier.

Re:Correlation vs Causation (1)

jollyreaper (513215) | about 6 years ago | (#24728609)

On the other hand, for the last few years I've worked on projects that are ostensibly for the public good, ensuring safe water supplies and such, but I've been rather unhappy with it. Why? Because the company I was working for was far better at securing grants and government contracts than at building anything useful and actually putting it to use beyond carefully controlled tests and demos. I came to realize that nothing I ever did there would ever really matter.


Thankless job (4, Insightful)

EvilMonkeySlayer (826044) | about 6 years ago | (#24728143)

It's a thankless job.

Think about it, you have to constantly deal with user mistakes or quite often the mistakes of others and correct them. By correcting someone's mistake you are showing them their faults, not generally a good idea if you want people to be nice to you.

Therefore you end up with user aggression towards the people who provide their computer support.

And when it's the fault of faulty hardware they blame you, you can't win.

Balance (0)

Anonymous Coward | about 6 years ago | (#24728145)

I believe the answer was posed in the question itself - that anyone in the security field should spend equal amounts of time protecting and building systems. It may not always be possible, but being able to create something beneficial to all parties involved really helped to alleviate the stigma of "the network security G-Man."

Wouldn't this threory apply elsewhere? (4, Interesting)

phulegart (997083) | about 6 years ago | (#24728159)

Wouldn't cops and military personnel also be extremely unhappy as well, based on this?

Wouldn't people who work in demolitions, tearing down buildings, be very unhappy?

Wouldn't this mean that anyone working in a job that had a potential negative impact on others, also be very unhappy? I mean with gas prices what they are, isn't the guy working at the gas station feeling miserable, because people hate paying as much as they are for gas, and he is the front-line representative seeing these reactions?

Re:Wouldn't this threory apply elsewhere? (0)

Anonymous Coward | about 6 years ago | (#24728267)

Yes. Unhappiness is strongly correlated with education [] in the public security industry.

Too busy (5, Funny)

uberjoe (726765) | about 6 years ago | (#24728167)

*sob* Can't post, sobbing. *sob*

Have you considered the opposite? (1)

Scott Kevill (1080991) | about 6 years ago | (#24728183)

Perhaps you had an inherently cynical and pessimistic nature to begin with, and that is what attracted you to your profession?

Sometimes it can be subtle. Try digging for clues earlier in your life.

If it floats your boat (5, Insightful)

cmacb (547347) | about 6 years ago | (#24728195)

If you say you're happy, then why question that?

All I know is that when I worked with mainframes there was no such job classification as "security professional" unless you count the people in charge of guarding the building.

When one mainframe needed to communicate with another we did so over leased lines, and the notion of receiving an executable from another mainframe and running it automatically I don't think would have ever occurred to anyone.

While you might conclude that having a powerful computer on everyone's desktop makes the security exposures we have today inevitable, I don't think it necessarily follows from that that enterprise computing should be as vulnerable as it has gotten. Obviously the "PC revolution" has not resulted in economies of scale, quite the opposite. How many orders of magnitude has growth in enterprise IT gone through? I guarantee you right here an Slashdot there are people who see no problem in downloading large chunks of sensitive data to a machine (even a laptop) outside the data center, for either temporary fiddling, local cache, or whatever and then (if the machine hasn't gotten lost or broken) uploading it to the corporate database overlaying intermediate transactions.

I talk to people working in these environments quite frequently who just don't have a clue. Someone in your job has to not only constantly try and stay a jump ahead of crackers (not hackers!) but also fight with people who are supposed to be on your side about how rules you impose keep them from getting their job done (or so they think). Our profession has been considerably dumbed down in my opinion by the advent of desktop computing. There is no solution in sight. That's why I would find a job like yours unappealing.

Re:If it floats your boat (2, Insightful)

datajack (17285) | about 6 years ago | (#24728461)

<blockquote>When one mainframe needed to communicate with another we did so over leased lines, and the notion of receiving an executable from another mainframe and running it automatically I don't think would have ever occurred to anyone.</blockquote>

That's true, but it could be argued that similar security holes still exist. When exploiting buffer overflows and the like, you are not asking the system to run an executable automatically, you are 'confusing' it to such an extent that it can't think of anything else to do.

While not quite mainframe, I have accidentally made an AS/400 system inaccessible (and stopped the portion of the company that was relying on it) during a pen-test before. 'Big iron' is just as likely to have problems as distributed systems (often more as distributed systems are usually programmed with at least an awareness of security and defensiveness).

I know how you feel (1)

6Yankee (597075) | about 6 years ago | (#24728211)

It breaks my heart when I have to tell a penetration tester that he's mistyped "penetration". ;)

We adapt our lives according to what we need to do (1)

darkheart22 (909279) | about 6 years ago | (#24728213)

We adapt our lives according to what we need to do for living. We train our brains and our bodies for the profession we have chosen. For example a mathematician will evolve his logic part of the brain and a model will evolve the muscles of his body...

Good or bad (4, Insightful)

jav1231 (539129) | about 6 years ago | (#24728233)

Sometimes the 'security mindest' gets silly. I often find our security team thinks they're being paranoid for the good of the company when the truth is they're being a roadblock for the sake of being a roadblock. Or more frightening, to cover up their ignorance or to short-cut understanding the application they're trying to secure.

In this regard, they likely are miserable people but frankly, you should have people in your security department that are jazzed about IT and security. Not someone who flipped a quarter between CPA and IT professional.

If you need to ask the question (0)

Anonymous Coward | about 6 years ago | (#24728253)

you need to get a different job

Forget gardening. (1)

russotto (537200) | about 6 years ago | (#24728259)

Gardening is hot, sweaty, sometimes backbreaking work. If you've got any allergies, you'll be sneezing and/or blistered all the time. If you slack off a bit, your work for a season or more is wasted. And you've still got security threats, in the form of rodents, ruminants, insects, and the slower but more tenacious weeds.

IMO, the security mindset as described in that article won't hurt you. What will hurt you is trying to counter the threats that mindset helps you find. By locking everything down and distrusting everyone, you make your co-workers your enemy. You also stop them from getting work done, making management (except for whoever security's patron on the board is) your enemy too. Who wants to do a job which makes everyone hate you, and for good reason? Leave it to the less competent. Or find a place where that level of security is both appropriate and understood by all, like a bank or the IRS or developing country's nuclear weapons pro... err, skip that last

Not only with IT jobs (1)

ilovesymbian (1341639) | about 6 years ago | (#24728263)

Every job involves looking at positive and negative sides, not only IT professionals.

If you look at a cop's job, the bad thing is he/she has to sometimes think like a criminal in order to catch one.

If a boxer wants, he has to look at his opponent and examine the negative points in order to capitalize on them. Same goes with other sports people and professions.

Nobody is less or more happy. Move an IT professional to a different career path and he'll be complaining about that as well (yeah, my former IT colleagues cry about their new jobs ALL THE TIME).

Part of it comes form PHB who don't get it and for (2, Interesting)

Joe The Dragon (967727) | about 6 years ago | (#24728287)

Part of it comes form PHB's who don't get it and force non working software and security rules on you.

you don't get it (1)

speedtux (1307149) | about 6 years ago | (#24728841)

Part of it comes form PHB's who don't get it and force non working software and security rules on you.

Those same PHBs have software and rules forced on them by their PHBs and they are tasked with implementing them. It's your job to help them. Either you do it with no questions asked, or you need to convince them that some alternative is better. If you can't do either, you aren't doing your job.

For me (0)

Anonymous Coward | about 6 years ago | (#24728291)

I am the security lead within a well-known (but not mega-hyped) dotcom with a couple of other very current buzzwords thrown in. We'll book in the range $150-$200m revenue this year. I am solely responsible for security requirements at the start of a new system design, security review of the completed specs, writing test cases, running due diligence on suppliers and business partners, responding to customer and pre-sales interrogations about our internal security practices (we have some large financial customers... 'nuff said), vulnerability management, internal pentests, organising external tests, supporting our ISO 27001 cert, planning for various other standards and certs we may adopt in future, malware response, writing policies, work w/ internal and external auditors,. and, well, everything else. Our "Security Department" is me.

I totally concur with the poster - I often point out to people (before being rude about the security blunders in their system designs) that my input often seems negative and unconstructive, but that's because whilst everyone else in the company is thinking about how to make stuff work it's my job to figure out how it can be broken. I should add that this is outside the US and in theory I get five weeks' paid holiday a year; in practice they tend to be "catch up on the literature" study breaks. But the biggest single source of stress is being perfectly well aware that there are dozens of catastrophic security-related events that could happen which would cost us lots of customers, lots of revenue, and make me the most unpopular person in the company, but there's nothing much I can do about it, except make sure I put my warnings and concerns on the record, and keep an encrypted offsite backup.

Despite all that, though, I actually really enjoy my job - partly because virtually everything I do is making a significant difference (starting from a low base, see...) I can also pick and choose, to some extent, because there's far too much to do it all so - why not do the low-hanging fruit stuff first?

There are ways to turn it around (1)

datajack (17285) | about 6 years ago | (#24728319)

It sounds like we have very similar jobs and my mindset is also as distrusting and cynical as you describe and that causes me to get a bit down at times. It's different from a lot of other (certainly IT) jobs as you are dealing with the downside and worst-case scenarios all of the time.

The trick is to turn it around, concentrate on the benefits of what you are doing and the way it affects other people. The first thing you must do is set up a good relationship with your client so that they understand that you are not there to judge them, but to help them improve and protect themselves as much as possible. We've all struggled for hours over a problem something (system design, sysadmin stuff, coding etc.) and when someone uninvolved comes along and spots the problem straight away. You are that someone else, that other perspective. Some sysadmins regard their systems as though they are their baby. You are the doctor giving the baby a checkup and spotting the early symptoms of a disease that is easily treatable.
Once you get the client in that mindset, having to point out multiple significant problems becomes easier for both parties.
Sometimes you do have to do a demolition job on something that someone has spent many hard hours on, or you accidentally bring a large portion of a network to a stand-still (etc. etc.) it's not a nice thing to do, until you realise that the client will be ecstatic in comparison to how they would be feeling if a black-hat did the same thing maliciously.
You have to deal with worst-case situations, so the client can be fully prepared for what is coming, you go through all the shit so that they don't get worse later on. It's usually a thankless task, but I can at least feel good that someone is far less likely to get hit because of the work I am doing.

And that's not even touching on the really great parts of the job, the real intellectual challenges therein and the fact that no other field requires such a breadth of knowledge and experience - absolutely everything is relevant in the security field as you don't know what risks are there until you've looked.

Anecdotally, I see this a lot (0)

Anonymous Coward | about 6 years ago | (#24728321)

I work in a large IT department (5000+), and our Security area has the hardest time keeping good people of any area in the department. Most people that have transitioned to another area have told me that they were "sick of being assholes" or feeling forced to hold back opinions that differed from the tenant that most employees are intentionally trying to hack internal systems and implement non-secure code.

I have no statistical basis for this of course, and the state in my company could simply be due to overbearing pricks managing the security area. But professionals in other fields in which people have a duty to seek out others based on suspicious activity -- police officers, IRS agents, etc. -- often convey similar thoughts.

To oversimplify: focusing on the bad in everyone will slowly wear you down.

I'm Happy (1)

cachimaster (127194) | about 6 years ago | (#24728361)

Even if I'm very underpaid. But I know that this profession is not a good future investment. You mind got somewhat tainted: Some ex-coworkers have been fired from programming works because they can't stop pointing at security bugs in people's work.
You would think that they will be glad that you are helping, but in fact, people get mad at you.

the bigger answer: (2, Interesting)

nurb432 (527695) | about 6 years ago | (#24728369)

If you are in IT at all you tend to be less happy.

Get a wife/girlfriend (4, Funny)

failedlogic (627314) | about 6 years ago | (#24728371)

This is Slashdot, so my comments won't be popular here:

Get a wife or a girlfriend and be *her* penetration tester. You might find a new joy in bringing your work home!

Re:Get a wife/girlfriend (0, Troll)

Z34107 (925136) | about 6 years ago | (#24728739)

This is Slashdot, so my comments won't be popular here: Get a wife or a girlfriend and be *her* penetration tester. You might find a new joy in bringing your work home!

Since when is "find a fuck buddy to be happy" insightful. Not just on Slashdot, but, well, anywhere? If you're happy with so little in life, good for you; my cats are satisfied with the plastic caps from gallons of 2%.

Now, if you can make a fulfilling career out of either of those, come back and let us know.

Re:Get a wife/girlfriend (1)

failedlogic (627314) | about 6 years ago | (#24728833)

Wow, just wow! It was a freaking joke! I was just spinning the word "penetration tester" since it was part of the original question.

Haven't you seen other posts, with have wife/girlfriend .... you must be new here that are all moderated as funny? Guess not. Someone might just have modded wrong. Innocent mistake.

alt.sysadmin.recovery FAQ (2, Funny)

lobiusmoop (305328) | about 6 years ago | (#24728373)

The mention of gardening brought to mind section 5 of the alt.sysadmin.recovery FAQ [] . Well worth a read.

Hidden causes (3, Funny)

rhizome (115711) | about 6 years ago | (#24728379)

As an auditor I search for errors that others have made and haughtily tell them.

It's possible InfoSec is not the thing making you unhappy; maybe you're just a dick.

Re:Hidden causes (1)

KermodeBear (738243) | about 6 years ago | (#24728731)

I thought about that bit as well.

Where I work, we do peer review of all the code that has been written before it can even be committed into our source control. When we find an error in someone else's code, we don't "haughtily" tell them. We just say, "Hey, check line Foo again, it doesn't look quite right."

There's no need to be a dick when pointing out mistakes. There are lots of ways to go about doing so, and explaining the consequences of those mistakes, without being a jerk.

One of the last things you want to be known as around the office is "that asshole that jumps on other people all the time." It will impede your ability to effectively enforce security policies (Oh, he's a jerk, I don't care what he says), which means you won't be able to do your job as effectively.

I'm not saying that there is never a time to bitch at someone - but that should be saved as a last resort measure. Otherwise it loses its effectiveness. (Oh, he's yelling like he always does, whatever)

Besides - if there are set security policies, and someone is consistently not following them, then your argument isn't with that person. It is with that person's boss.

Maybe you need to find a new line of work (1)

Alcoholist (160427) | about 6 years ago | (#24728383)

As a security pro, it is your job to protect existing computing assets, but the question of personal happiness is not an unreasonable thing to ask in regards to your overall career.

Computer security seems almost hopeless some days. Viruses, bots, hacks and the like... Helplessly watch as some assholes overseas rally up a monster botnet in less than a month because regular folks are too dumb to not to click on the latest meme? It's like watching lemmings go off a cliff. Security researcher has to be one of the worst jobs in IT. Most people don't even know what they do, let alone why what they do is so important.

I work as a professional desktop technician so I spend a fair bit of time dealing with security problems, viruses, patches, malware, etc... I rely on security pros to do my job. Some days are trying. There are these days, after wiping off the X-badmofo.worm.32.whatever of the week you get to asking yourself, "Why do it? Why go on? It's only one computer. It will be the same next week."

So then you tell yourself that you have to, you _must_ do it, you're the front line, your skillz are great and if you don't do it, who the hell else will? A few belts of whiskey and some video games make the doubts go away in the evening.

But the next day it's still the same. Some jerk is infected with a trojan, someone else has a pop-up storm, "I'm getting so many spams!". OH NOES NOT THE SPAM!!! The deal is the same and it never gets better. You might as well be working in a factory making cars, what for all the repetition.

If that is how your IT job is making you feel, then it is time to get a new job. Not everyone is wired to endure the kind of crap that computer people have to deal with day to day.

There is no shame in wanting to be gardener. At least they don't get spam.

I totally identify with this... (5, Interesting)

flithm (756019) | about 6 years ago | (#24728387)

The security mindset can definitely do long term harm, in my opinion, assuming you're not careful that is. In order to be really good at it you need to be thinking about new potential exploits all the time, and it's really easy to let that rub off in your ordinary life.

I started seeing trivial security holes everywhere... everything from what's wrong with security labels, and tabs, on food products, and "tamper-proof" pharmacy jars to flaws in ATM vestibule security... you name it.

Honestly I kind of started developing mini-phobias or something about things like, take the security labels on food items. Let's look at a plastic mustard dispenser. Underneath the screw on top it comes with a little tab that you rip off, and somehow this keeps it safe from tampering during the period between when the manufacturer creates the product and when you purchase it.

It's absolute nonsense, and does NOTHING to stop anyone from doing anything to the contents of the mustard dispenser. Should someone want to insert a harmful substance into the bottle it could still be done with a very thin needle. It's really there just to appease the masses into thinking the product is somehow made "safe" by the introduction of that little security tab.

So I think about that, then I start to think... oh man, even my mustard's not safe, what if someone did something to it!?!?

It's ridiculous, and completely irrational. I don't think in the history of the modern food distribution system has anything ever happened to anyone's mustard. We all hear horror stories about Halloween candy, and over the counter medicine but I think in large part that stuff is all urban legend.

I think absolutely, yes the security mindset can cause mental health problems, in minor ways for some, and for others who are more prone to thinking negative thoughts perhaps in major ways.

The key, I think, with the security profession is that in order to stay on top of the game you need to always be thinking about how the next attack could arrive. Criminals are creative, and so must be the security people as well. In training your mind to think this way I can see how people would find it easy to become unhappy in other areas of life too.

I no longer do security work, but it's not because of finding it difficult to keep that work / life balance alive (I just got another better opportunity in a different sector). Still to this day I have some lingering security thoughts about things, but all I can do is try to think logically about them.

Just because something is insecure that doesn't mean it's worth worrying about. There's a big incentive for criminals to find any way possible to gain access to a sensitive or desirable computer system, but there's very little gain in tampering with a bottle of mustard ;).

As you stated in your question, it sounds more like you're starting to see the pessemistic side of things everywhere. Everyone's a potential threat. I think no matter what it is it's a similar expression of the same issue: security people get paid to do nothing but worry.

It's not a totally correct analogy, but I think it serves well enough. Now that I'm out of the security business I am pretty thankful. I never realized how much of a burden it was until it was gone. The less time I spend thinking about potential security holes the better I feel in general :). I think it's safe to say security pro just isn't the job for me... perhaps others are made for it.

Seriously though I don't know how people do it. How DO you do that job and not immediately size up threats? How do you not instantly look for the gaping security hole in the access panel on the ATM you're using? How do police men not become jaded and see the potential crime in every situation?

I think some people don't... they do become jaded. But others, the ones who stay happy, they just fight through it. I honestly think it's a choice. You are in control of your mind, and you choose what you let yourself think (to some degree anyway). If you let yourself worry about mustard bottles you will. If you stop and think about and don't let worrisome or depressing thoughts change your behavior they won't, and they won't keep happening.

The mind is a funny thing, and just like any complicated system, it needs maintanence too. Take the time to take care of yourself, and I have a feeling your job will work out just fine.

But what about me? (1)

NeedMyFix (819119) | about 6 years ago | (#24728421)

I am a software developer for a large defense contractor and to be honest, our IT security makes my job harder and adds more stress to my life. For instance all urls with the letter sequence 'mail' anywhere in it is blocked. All IM is blocked. I understand the need for security but it sucks. So - you make me less happy.

Anger Managment (3, Funny)

jmoo (67040) | about 6 years ago | (#24728445)

I used to be constantly unhappy on my job until I found a way to vent. Typically I randomly reset someone's passwords, shutdown a server for no reason, or throttle down the internet bandwidth. When asked what going on I just blame a Microsoft patch. Trust me this is much better way to get the anger out than trying to horsewhip a user (I tried it, wouldn't recommend it)

More seriously, if the job is getting you down look to change the environment. If another job isn't possible look to transfer to at least another position in the company. Never do something that makes you miserable.

I don't think so. I love my job. (0)

Anonymous Coward | about 6 years ago | (#24728477)

I even keep doing it in my spare time [] .

Difficulty of measurement (0)

Anonymous Coward | about 6 years ago | (#24728487)

The question is, as someone else points out above, is how you can prove that IT _causes_ depression, or simply whether it _attracts_ people who are inclined to be depressed.

There's a correlation between intelligence and depression as far as I know, so you would really expect in any case a batch of IT professionals (if measured to be more intelligent) to be less happy than a group of construction workers (if measured to be less intelligent).

The only way to really measure this is find a significant group of people who _would have become IT professionals_, and were pretty much on their way to become so, but for freak reasons did not, and rather became gardeners. This is naturally incredibly difficult to find any significant number of, and so the question is also very difficult to answer.

Another way of looking at it, however, would be in terms of working conditions: It might be possible to find some form of correlation between different physical environments and varying degrees of happiness. Someone e.g. working outside, or doing physical work, may on average be happier than someone not doing it, I could suspect (but not prove).

You might also want to consider taking a considerable holiday (in US terms, a week and a half maybe). This might be time enough for your brain to switch out of "work" mode, and feel a bit what life is when you are not like that.

IT is never done. (1)

miffo.swe (547642) | about 6 years ago | (#24728497)

It is one of those proffesions where youre never done with your job. The industry is inherently uninterested in real security from the get go. Band-aid solutions to things the vendors doesnt give a crap about isnt a viable solution. Its an endless treadmill that goes nowhere. Some people can get a bit down because of that and the only thing i can think of is for you to change career. Either that or become that grumpy guy who people almost hide from or twitch when he speak.

I would suggest a job where you can feel that by the end of the day you made some difference. Avoid service and try to get into manufacturing.

The job chooses you (0)

Anonymous Coward | about 6 years ago | (#24728515)

It probably isn't the mellowest career, but I think you're mistaking the effect for the cause. The mindset makes the security professional, not the other way around. You can't unlearn this stuff. You've taken a bite from the apple of security consciousness and you've been damned to recognize vulnerabilities where other people see working systems. Most other jobs require a fix-it-when-someone-breaks-it attitude. You couldn't do those jobs. You would either get fired for constantly pointing out risks which your coworkers and bosses are willing and indeed required to ignore or you would develop the familiar disdain for the sloppiness of IT system architects. Might as well get paid for it.

Read this book.... (0)

Anonymous Coward | about 6 years ago | (#24728517)

There is a book called Learned Optimism written by a PhD and based on experimental data that talks about how pessimism tends to lead to depression.

However, it also talks about how certain jobs require you to be a pessimist to be good at them (and your kind of IT qualifies). It just means that you need to be a pessimist in your work, but more of an optimist in your life.

It's a good read. I like it because all of the guy's conclusions come from actual experimental data and not namby-pamby new age navel gazing.

Security (1)

tacarat (696339) | about 6 years ago | (#24728525)

If it's something you like doing, then you're probably ok. But you asking the question implies you're not. A lot of folks have mentioned keeping a balance between work and other things to improve things. Good advice. For me, situations came up where I couldn't do that as a lowly sysad. I ended up leaving IT and have been doing completely different jobs for half to a third of the pay I could been getting. Not a great trade off, but the money I've saved in booze, cigs and probably BP meds has been significant. I'm looking at what's needed to start my own business. Even if it's not tech related, I know I can save some money initially by handling my own IT issues.

If that was true... (1)

Timosch (1212482) | about 6 years ago | (#24728535)

...then policemen, soldiers, security guards, bodyguards - hell, even doctors - would all be sad people [i]per definitionem[/i], as they all protect people from negative influences.

Happiness is what you make it (2, Interesting)

jcrousedotcom (999175) | about 6 years ago | (#24728547)

I think some folks are going to always be naturally suspicious. In addition to my full time work as a network administrator / engineer for a state agency, I've also worked in the past as a FT Police Officer and now am working as a Reserve Deputy in the county where I reside.

I have always been suspicious. I always notice everything. I enjoyed my FT time as a cop and I enjoy my time on the SO. I enjoy what I do at the state agency I work for. I don't think that my contact with the negative part of society (at the SO) or dealing with idiot users (which sometimes is more difficult that the folks I get to take to jail) spills over into my time away from work.

I think you make your own happiness. I can focus on the negative I do or deal with or when I am away from work or I can find things that I enjoy or relax me. That doesn't mean you're not aware, we all should be aware no matter what we do its more that you don't let the frustrating or negative part of your job overwhelm you. I think that holds true no matter what you do, be it IT, LE, retail, customer service. Every career has negative points in it, it is a matter of what we do in our down time to unwind and blow off steam.

Having said all of that, if you're finding your job is making your personal life unhappy and decompression time / activities are not making that better, you may need to find a different area to work in (not necessarily out of IT, maybe just a different sub-set).

Just my thoughts.

I love my job (1)

stryde.hax (1350419) | about 6 years ago | (#24728617)

I think if you have passion for something then you're among the lucky, and certainly the lines blur between my work and my hobbies. Of course, sometimes that can have unexpected results [] !

To be a happy IT professional... (1)

Zarf (5735) | about 6 years ago | (#24728665)

Treat your IT job as gardening. Instead of thinking how to prevent the attack think of preventing all but legitimate use. The attack vectors possible for a malicious agent are far more numerable than the legitimate uses. Encourage the growth of legitimate uses, prune illegitimate uses, and weed out malicious attacks. Allow your mind to shift freely between attacker and user and do not dwell any one place too long.

Gardeners have stress too. It's just over a much longer term. They have cycles of nurturing and cycles of reaping. A gardener and a farmer knows they cannot control nature, she has a mind of her own, instead the gardener trys to coax nature in the right direction.

It's an issue of attitude in control and the illusions of control. The gardener knows better than to assume that they control the garden. The security professional should be like-wise. Having plans, and backup plans. Cuttings and transplant beds. All in preparation for the inevitable blight or crop failure. I'm sure gardeners spend time "thinking" like snakes to be sure that they don't get a predator in their garden.

It's false to assume nature is understood or controlled better than the wild server room. Instead, see that server rooms and gardens are the same wild forests of emergent chaos brought under tentative control.

The gardener and the farmer do battle with aphids, ants, mole crickets and other pests just as the security professional does battle with attacks by worms and viruses. Both professions have their malicious vermin and the gardener of a public garden has to deal with users just as a security professional does. I'd say the professions are ironically similar.

I'm sure the gardener of a private garden is far less stressed than the gardener of a public garden. I'm sure an IT security professional guarding over a small server farm has less stress than the one watching over a large and heavily traveled network. The problems multiply with the size of the network or garden.

The happy gardener is probably wiser and has given up the illusion of control where appropriate, knows how to deal with failures, learns from mistakes, and focuses on the positive results of a blooming garden. It's sad that most IT professionals only get the spotlight when things go horribly wrong. There should be a change in the culture of businesses that instead celebrate the competent professional, not the one that cleverly gets out of being caught with their pants down.

Find ways for yourself to take pride in a flourishing network with more and more users having positive and safe experiences in your server garden. No snakes here. Find ways to show your manager blooming trees of files growing in beds of NAS servers. Help them to stop and smell the Rational Rose, or the Blooming Alfresco server.

If a snake got in, plug the hole, learn from it, and realize even the best gardeners occasionally get a snake or two in their garden. When that happens have a cursed apple for the blighter to bite down on... or a honey pot for them to fall into. It's all a matter of attitude. Nobody has the market cornered on bliss.

They Are Unhappy For a Very Good Reason (1)

b4upoo (166390) | about 6 years ago | (#24728705)

What we are beginning to understand is that high levels of concentration-learning are not what the brain is designed to do. The very reason that we see teens and others fighting learning is that it causes a certain type of brain disability. That built in limit is something that schools and others try to teach us to ignore.
          The proof is in savants that are aided by modern medicine. As their disabilities are cured their extraordinary abilities start to vanish.
          You can make out the loss of functions in the typical "sophomoric" young person who becomes a social basket case as they struggle to learn in college.

doesn't even work for security (0, Troll)

speedtux (1307149) | about 6 years ago | (#24728807)

The funny thing about the "security mindset" common among IT people is that it doesn't even work. IT security managers are like fundamentalist Christians, dividing the world into "bad" and "good" and trying to stamp out all the "bad" stuff. What they should be doing instead is think about harm reduction and communications.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>