If It’s Worth Doing, It’s Worth Doing Right

Have you ever hired someone to work on your house and felt you could have done a better job yourself?  Was the handyman unskilled, lazy, or both?  Maybe he was just going too fast.  Or maybe he just simply didn’t know any better.

This is an all too common scenario in the profession of information technology.  Administrators may learn the bare minimum required to implement a system but never reach the level of expertise required to do it properly.  What companies are left with is unreliable and unsecured systems that are slapped together quickly by poorly trained administrators.

Training must be a top priority for security in any company.  An IT staff of highly trained administrators greatly increases the likelihood that systems will be implemented securely from day-one.

Training from cbtnuggets.com or pluralsight.com is a great start.  IT Staff should also attend live classroom training and become certified in each technology they manage.  In addition to specific technical training, a general security training course such as CompTIA’s Security+ should be mandatory for all IT staff from help desk to senior engineers.

When implementing a new technology such as a new operating system or a new backups system, consider the steps below in order to maximize reliability, performance, and security.

  1. Train staff immediately before implementation, not during or after implementation.
  2. Implement the new system with the assistance of an expert in this technology.  No single training event can prepare someone for the challenge of designing and implementing a complex system.  Allow in-house staff to learn from the design and implementation process.
  3. Perform a security assessment on the new system to validate both the technical implementation and the procedures for administration, maintenance, and logging.
  4. Continue to provide ongoing training on the new system.