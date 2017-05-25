83 Percent Of Security Staff Waste Time Fixing Other IT Problems (betanews.com) 29
An anonymous reader shares a report: A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems. The study by security management company FireMon shows a further 80 percent say this is taking up more than an hour of their working week, which in a year could equate to more than $88,000. For organizations, eight percent of professionals surveyed helping colleagues out five hours a week or more could be costing over $400,000. Organizations are potentially paying qualified security professionals salaries upwards of $100,000 a year and seeing up to 12.5 percent of that investment being spent on non-security related activities.
Actually, they are not "sloppy" and "lazy". They are the cheapest "coders" the MBA-morons in charge could find. They could do a better job if their life depended on it. Alternatively, coders that do have it and can do it (a minority) are not given enough time to clean up and fix remaining issues, because said MBA-morons think "it works". I have learned to not give them anything that has the complete functionality before all other aspects are fine. Otherwise they declare the prototype "ready for production"
83% of security staff are not full-time "security", but are employed to do a rather more wide-ranging job, because let's face it, for at least 83% of them there's no way "security" alone could fill a full-time job.
Is that so terrible?
"IT personnel are usually the helpful, go-to people for sorting out issues"?
If people are calling system security to help with computer issues that should be handled by the IT help desk then it's probably because:
1. The issues being reported appear to be security problems.
2. The IT helpdesk consists of condescending asshats which most employees avoid at all costs (based on my work experience, I bet this is the big reason).
More seriously, if security staff are only being called in on inappropriate calls that take up less time in a given week than they spend choosing what to put in their coffee; you've got a pretty efficient IT setup with very little to worry about.
Or you haven't gotten a clue as to what's going on and the North Koreans are actually running your business.
. . . the loose nut behind the keyboard.
"I didn't change anything on my configuration, but my computer is not working any more, so it must be some automatic security restriction that happened automatically . . . "
"Not only are modern IT security professionals faced with a growing complexity and skills gap and keeping up with technology investments and advancements, but they are also expected by colleagues to help them sort out their personal computing woes," says Michael Callahan, CMO of FireMon. "IT personnel are usually the helpful, go-to people for sorting out issues, but it's only when you start to cost it out that you realize how much money it equates to."
Do they mean work colleagues come to them with problems instead of the "normal" IT staff? Or that other, non-security, IT staff are coming to them with problem they can't figure out on their own?
In the first case why don't the security people direct the questions to the correct staff members? In the second case, either the company isn't spending enough on hiring and training and the "savings" there is coming back to bite them in the ass, or this is perfectly normal collaboration between colleagues. If ((
Yup, which is why a lot of places based work day estimates on 6 hour days, even though staff work for 8 hours.
There's toilet breaks, there's staff meetings, there's coffee breaks, there's chatting to co-workers, there's posting on slashdot.
Staff meetings are not work? Wait... nevermind.
Do you mean guys with guns on their hips? Or at least ones who place their hand thusly, giving the appearance they are armed?
It's not all wasted money (Score:2)
How much extra time would a less qualified (lower paid) person be taking to do the same work?
If they get paid 20% less but take twice as long, there is savings, not waste.
That time is not wasted (Score:2)
It serves to establish and maintain closer relationships between users and IT security people, so that, you know, if a user has a suspicion of a security problem, they feel more confident and approach IT security staff earlier. But that idea flays wayyyyy above the heads of MBA morons.
I wouldn't mind earning $88K for working one hour a week.
1) The help desk won't tell the user they don't know how to do their job (and usually the user is so bad at describing the issue they probably haven't had a chance to figure out it's a PEBKAC issue) so they dispatch desktop support.
2) Desktop support doesn't understand what's happening and doesn't communicate well with the user to get the details required to figure it out, so they blame network (security/policy/site connectivity/whatever).
3) The network tech stops what they're doing to prove it's a desktop issue so they can push the job back down the chain.
4) The desktop guys figure out the user is improperly trained - sometimes they're just clueless, sometimes there's a change and their department didn't do the training... or even a simple notification.
That describes 80% of the tickets I am aware of in our organization. Sometimes it bounces back and forth between steps 2 and 3 a couple of times, to the user's frustration and the discredit of the IT department. The important thing is that I am neither tier 1 support nor a network guy, so I can mostly sit to the side and look down disdainfully at the whole farce without actually having to do something about it.
