InfoSec vs NetOps: Is Datacenter Detent Possible?

“Oh, the farmer and the cowman should be friends” – Rogers & Hammerstein, “Oklahoma!”

The modern office environment has its fair share of rivalries, competitions, and friction. In some companies, interdepartmental politics abound,  project teams put “frenemies” in direct contact with each other, or a heated exchange can impact an entire career. This affects IT Professionals as much as any other career area (some would say more).

There’s one IT rivalry I have seen consistently in almost every organization, and that’s between the team responsible for security (InfoSec) and the team in charge of network monitoring and operations (NetOps). In many companies, the dynamic is almost co-predatory, with each side attempting to completely obliterate the efficacy and credibility of the other.

The classic characterization is that

1) the Monitoring team wants/needs complete access to all systems in order to pull reliable and accurate metrics;

2) While the InfoSec team wants to lock everyone out of all systems in the name of keeping things “secure”

But it’s patently not true. At ThwackCamp 2015, security industry powerhouse Charisse Castagnoli (c1ph3r_qu33n here on Thwack) and I sat down for a frank talk about the pressures of our respective roles, and then brainstormed ways to get InfoSec and NetOps/Monitoring working together rather than in opposition.

One of the things we hit on was the good old lunch-and-learn. A lot of the friction between security and monitoring comes from a good old communication disconnect. Not knowing about the current pressures, priorities, and projects on the other side of the cube wall typically leads to frustration and loathing. The solution is to regularly sit down to hash it out, and find ways to augment, rather than short-circuit, each other’s efforts.

During our talk Charisse and I challenged viewers to set a table, along with a meeting request, and record notes of how the conversation went (You had a food fight? We want to see pics or it never happened!). Post those notes (and pictures) below, and we’ll select some of the best ones to receive 500 thwack points.

Anonymous
  • Yes, you can't have either without the other.  Infosec and NetOps MUST be friends.  How else will they survive?

    Infosec and NetOps should be friends,

    Oh, Infosec and NetOps should be friends.

    One sure likes to surf the Net, the other tries to hedge their bet.

    But that's no reason why they cain't be friends.


    IT folks need data flowing

    Info flows through all locales

    NetOps' traffic's everywhere

    Security is the rationale.

    I'd like to say a word for the firewall

    Security came and made a lot of changes

    They locked it down built a lot of fences,

    And built 'em right acrost our IP ranges!

    NetOps can be good and thrifty users,

    No matter what Security said or swore.

    You seldom see them hacking 'round the firewall

    Unless it's time to watch the Final Four!

    Infosec and NetOps should be friends,

    Oh, Infosec and NetOps should be friends.

    One team keeps the bad guys out

    The other finds a different route

    But that's no reason why they cain't be friends

    IT folks need data flowing

    Info flows through all locales

    NetOps' traffic's everywhere

    Security is the rationale.

    I'd like to say a word for the web page,

    The Info Highway's difficult and greasy.

    He codes for days on end with just a PC for a friend,

    I sure am feelin' sorry fer the PC!

    NetOps should be sociable with security,

    If they stop by and ask for coffee water,

    Don't treat 'em like a Rube, make 'em welcome in yer cube

    But check yer code to prove they are the author!

    I'd like to teach you all a little sayin'

    And learn the words by heart the way you should

    I don't say I'm no better than anybody else,

    But I'll be damned if I ain't jist as good!

    I don't say I'm no better than anybody else,

    But I'll be damned if I ain't jist as good!

    IT folks need data flowing

    Info flows through all locales

    NetOps' traffic's everywhere

    Security is the rationale.

  • Unfortunately I can't sit down with the security team as they are in another state but previously they had always been difficult to work with. It was like they were better than us. A few years back, I needed to get stuff done on the firewall to which they were reluctant to do. So I happen to be in their state so I marched up to them sat down and talked to them about my requirements etc. They made the changes I needed and ever since then, we've had an excellent working relationship. They will help me when I need changes and in return I help them when they need help with network issues etc.

    So I agree, sitting down and talking is the best approach to get stuff done.

    Unfortunately I have no photos of that memorable meeting but I found this one of a food fight on the web just for fun emoticons_grin.png

    foodfight_club_by_quest007.jpg

  • To get past the roadblocks, it usually requires a little more one on one meetings between the different group managers and individuals, in the form of I'll scratch your back if you scratch mine type compromises. It is one way to get out of the silo mode that we sometimes get into when project deadlines start creeping closer. If all groups are all working and coordinating together we can usually meet reasonable project deadlines with a little time to spare.

  • FAN-FREAKING-TASTIC!

    How do you normally get past those roadblocks (besides a 3-way cage match?)

  • So this is what you get when you put someone from InfoSec, NetOps, and CoreOps in the same general area. Watch out for flying foam darts.. For the most part we work together, it is just when we have conflicting projects when we run into each others road blocks.

    SW.jpg