Post reply

Pride and Security

  • December 20, 2011 at 12:12 am

    #150753

    Comments posted to this topic are about the item Pride and Security

    Follow me on Twitter: http://www.twitter.com/way0utwest
    Forum Etiquette: How to post data/code on a forum to get the best help
    My Blog: www.voiceofthedba.com

  • December 20, 2011 at 5:41 am

    #1423575

    I couldn't agree more. I've had jobs over the whole spectrum of work environments, from outright aggression and paranoia right up to total trust and love. (Well, it was a non-profit). At the jobs where individuals were respected and empowered, I found I became far more proactive in finding ways to benefit the enterprise. Guess what? Granny was right; you get more flies with honey than with vinegar. Buzzzz.

    Sigerson

    "No pressure, no diamonds." - Thomas Carlyle

  • December 20, 2011 at 5:48 am

    #1423578

    I agree of course.

    However, it's interesting that one hears these stories every now and then and one often has their own stories as well... It's interesting how there can be so many companies with so bad chiefs, I believe family and friend politics is often a reason together with bad judgment and incompetence. I've seen companies with somewhat a culture of fear and incompetence as well. Oracle is one company that comes to mind and some consultant companies.

  • December 20, 2011 at 7:01 am

    #1423621

    I believe all organizations should get to know the people who handle their sensitive data and make sure they are happy. If they are not worth paying well or knowing, then get rid of them and hire someone who is. Database management is not a commodity that you can farm out to the lowest bidder.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • December 20, 2011 at 7:17 am

    #1423634

    Another issue for technical types is that we sometimes have to deal with managers who don't fully (or even partially) understand what we do or what we're even talking about, but will do anything to avoid admitting their ignorance in front of their workers. I've observed that managers who lack IT expertise, and can't manage IT workers from the basis of shared knowledge of the work at hand, will often posture more aggressively

    Sigerson

    "No pressure, no diamonds." - Thomas Carlyle

  • December 20, 2011 at 9:26 am

    #1423752

    Capt. Sigerson (12/20/2011)

    Another issue for technical types is that we sometimes have to deal with managers who don't fully (or even partially) understand what we do or what we're even talking about, but will do anything to avoid admitting their ignorance in front of their workers. I've observed that managers who lack IT expertise, and can't manage IT workers from the basis of shared knowledge of the work at hand, will often posture more aggressively

    That's a bad manager. I would always admit when I didn't understand something from my group, but make them explain it and ensure that it made sense to everyone else. That often uncovers flaws in one person's logic.

    Follow me on Twitter: http://www.twitter.com/way0utwest
    Forum Etiquette: How to post data/code on a forum to get the best help
    My Blog: www.voiceofthedba.com

  • December 20, 2011 at 11:33 am

    #1423843

    Perfect topic for the day. I had similar feelings as I was writing and scheduling my blog [/url]that went out today.

    Jason...AKA CirqueDeSQLeil
    _______________________________________________
    I have given a name to my pain...MCM SQL Server, MVP
    SQL RNNR
    Posting Performance Based Questions - Gail Shaw[/url]
    Learn Extended Events

  • December 20, 2011 at 12:50 pm

    #1423891

    If you want to read about real world applications of social engineering, read Ghost in the Wires by Kevin Mitnick. This guy would be considered the SUPREME social engineer. It also gives good insight into how these kinds of attacks work.. For a little company they aren't so useful, as soon as you get bigger though and have people spread around and don't know everybody, you are definitely ripe for the attack. And I agree, once you get past the short wall of natural suspicion people are very willing and happy to help.

    I would also suggest the book Deception by the same author which is more of a self-help book for security..

    CEWII

  • December 20, 2011 at 1:03 pm

    #1423894

    Elliott Whitlow (12/20/2011)

    If you want to read about real world applications of social engineering, read Ghost in the Wires by Kevin Mitnick. This guy would be considered the SUPREME social engineer. I would also suggest the book Deception by the same author which is more of a self-help book for security..

    CEWII

    Second vote. Those are good books

    Follow me on Twitter: http://www.twitter.com/way0utwest
    Forum Etiquette: How to post data/code on a forum to get the best help
    My Blog: www.voiceofthedba.com

  • December 20, 2011 at 1:09 pm

    #1423899

    Elliott Whitlow (12/20/2011)

    If you want to read about real world applications of social engineering, read Ghost in the Wires by Kevin Mitnick. This guy would be considered the SUPREME social engineer. It also gives good insight into how these kinds of attacks work.. For a little company they aren't so useful, as soon as you get bigger though and have people spread around and don't know everybody, you are definitely ripe for the attack. And I agree, once you get past the short wall of natural suspicion people are very willing and happy to help.

    I would also suggest the book Deception by the same author which is more of a self-help book for security..

    CEWII

    Very good recommendations.

    Jason...AKA CirqueDeSQLeil
    _______________________________________________
    I have given a name to my pain...MCM SQL Server, MVP
    SQL RNNR
    Posting Performance Based Questions - Gail Shaw[/url]
    Learn Extended Events

  • December 20, 2011 at 10:02 pm

    #1423993

    Absolutely wonderful article, Steve.

    Concerning the question in the article...

    If you had more pride in your employer, wouldn't you be a little more careful in caring for the company and its assets?

    No. I'm a professional and I know it sounds a bit corny, but I have a job to do and data to protect. I'm also a caring person and there are people working for the company other than "the employer" who could be hurt by my actions or even my inactions. Even if I have a deep rooted hate for the employer or, more likely, the manager(s) that I work for, I make sure the people working there are well equiped to carry on without me whether I stay or not.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.
    "Change is inevitable... change for the better is not".
    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)
    Intro to Tally Tables and Functions

  • December 21, 2011 at 9:03 am

    #1424309

    Jeff Moden (12/20/2011)

    Absolutely wonderful article, Steve.

    Concerning the question in the article...

    If you had more pride in your employer, wouldn't you be a little more careful in caring for the company and its assets?

    No. I'm a professional and I know it sounds a bit corny, but I have a job to do and data to protect. I'm also a caring person and there are people working for the company other than "the employer" who could be hurt by my actions or even my inactions. Even if I have a deep rooted hate for the employer or, more likely, the manager(s) that I work for, I make sure the people working there are well equiped to carry on without me whether I stay or not.

    I don't know Jeff, I think if you really care you put just a little bit more into it, beyond just being a professional. And that little bit more is what I am reading into that. Even if you hate the company you work for as a professional you are still going to try and do the right things but if your heart isn't in it.. I have worked at places where the company, not so good, but the people, great people.. Will you go further because of the people? Perhaps if you are close with them.. Theres professional and then theres above and beyond. I'd like to believe most of us are shooting for (well) above and beyond.

    CEWII

  • December 21, 2011 at 9:34 am

    #1424335

    Elliott Whitlow (12/21/2011)

    Jeff Moden (12/20/2011)

    Absolutely wonderful article, Steve.

    Concerning the question in the article...

    If you had more pride in your employer, wouldn't you be a little more careful in caring for the company and its assets?

    No. I'm a professional and I know it sounds a bit corny, but I have a job to do and data to protect. I'm also a caring person and there are people working for the company other than "the employer" who could be hurt by my actions or even my inactions. Even if I have a deep rooted hate for the employer or, more likely, the manager(s) that I work for, I make sure the people working there are well equiped to carry on without me whether I stay or not.

    I don't know Jeff, I think if you really care you put just a little bit more into it, beyond just being a professional. And that little bit more is what I am reading into that. Even if you hate the company you work for as a professional you are still going to try and do the right things but if your heart isn't in it.. I have worked at places where the company, not so good, but the people, great people.. Will you go further because of the people? Perhaps if you are close with them.. Theres professional and then theres above and beyond. I'd like to believe most of us are shooting for (well) above and beyond.

    CEWII

    If I'm developing a database from beginning and have exclusive or lead input into the design, then there are specific patterns I follow (like role based security or paramaterized dynamic sql), which I would implement for any employer or client regardless. What's troublesome is when a developer or DBA steps into an existing project where there are obvious design issues and the organization is more or less receptive to input outside the scope of why one was hired. To what extent does one assert the matter? Obviously if the organization is open and receptive to input, then one will feel more inclined to weigh in with observations and suggestions.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • December 22, 2011 at 12:09 pm

    #1424921

    "If you had more pride in your employer, wouldn't you be a little more careful in caring for the company and its assets?"

    I would whether I did or not, but I can't speak for everyone, and I try not to "generalize" people's response anymore. I have learned over the years that most people are just not predictable as much anymore. I have seen some crazy stuff in this business over the last 25 years. 😀

    "Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"

  • January 5, 2012 at 10:05 am

    #1429169

    small beer, but

    for "Employees probably know more about each other, and problem recognize a larger percentage of the company."

    read

    "Employees probably know more about each other, and probably recognize a larger percentage of the company."

    makes a change from discussing New Year resolutions anyway, but I wonder how many or those responding expect to be with the same employer in 12-months' time ?

    Stay if you like the company and people and can get to fix the inevitable [legacy] problems, but don't stay too long. I commend the "Everybody is free (sunscreen)" track (NY vs CA) on

    http://www.youtube.com/watch?v=OojsLDYr7RY

Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic. Login to reply