A quick look through my inbox.
Just a quick list of the kinds of things I tackle on a daily basis as an IT security manager:
- Email, phone calls and/or personal visits from unhappy users who feel oppressed by security policies.
- Organizing trainings on arguably security-related software.
- Contract negotiations.
- Press releases. (Yes, really.)
- Software architecture discussions, ranging from the abstract to the concrete.
- Submitting, reviewing, prioritizing and signing off on software change requests.
- Looking at rack and cabling diagrams.
- Tweaking legal wording in policies and other places.
- Diagnosing production problems (and having to prove that they’re not being caused by security).
- Dealing with staffing logistics (such as making sure new hires have a desk, a phone, a computer, and a projectile launcher).
- Cooking up security metrics and status reports for my management.
- Answering the same complaints about spam and phishing over and over and OVER again.
- Reviewing project plans and RFOs.
- Reviewing and discussing random product descriptions and security articles that my boss asks me about.
- Reviewing reports on antivirus and patch levels.
Did I mention that another thing I have to do is clean out my inbox because it’s over its size limit?
“I thought we put in a device that stopped all spam, why am I still getting some?!?“
D’oh!