“Oh, the farmer and the cowman should be friends” – Rogers & Hammerstein, “Oklahoma!”
The modern office environment has its fair share of rivalries, competitions, and friction. In some companies, interdepartmental politics abound, project teams put “frenemies” in direct contact with each other, or a heated exchange can impact an entire career. This affects IT Professionals as much as any other career area (some would say more).
There’s one IT rivalry I have seen consistently in almost every organization, and that’s between the team responsible for security (InfoSec) and the team in charge of network monitoring and operations (NetOps). In many companies, the dynamic is almost co-predatory, with each side attempting to completely obliterate the efficacy and credibility of the other.
The classic characterization is that
1) the Monitoring team wants/needs complete access to all systems in order to pull reliable and accurate metrics;
2) While the InfoSec team wants to lock everyone out of all systems in the name of keeping things “secure”
But it’s patently not true. At ThwackCamp 2015, security industry powerhouse Charisse Castagnoli (c1ph3r_qu33n here on Thwack) and I sat down for a frank talk about the pressures of our respective roles, and then brainstormed ways to get InfoSec and NetOps/Monitoring working together rather than in opposition.
One of the things we hit on was the good old lunch-and-learn. A lot of the friction between security and monitoring comes from a good old communication disconnect. Not knowing about the current pressures, priorities, and projects on the other side of the cube wall typically leads to frustration and loathing. The solution is to regularly sit down to hash it out, and find ways to augment, rather than short-circuit, each other’s efforts.
During our talk Charisse and I challenged viewers to set a table, along with a meeting request, and record notes of how the conversation went (You had a food fight? We want to see pics or it never happened!). Post those notes (and pictures) below, and we’ll select some of the best ones to receive 500 thwack points.
So this is what you get when you put someone from InfoSec, NetOps, and CoreOps in the same general area. Watch out for flying foam darts.. For the most part we work together, it is just when we have conflicting…
These teams should work hand in hand since they both utilize some of the same data.
I know the infosec teams tend to have a superiority complex, well some do. In some shops they don't play by the same…
Jfrazier Yeah, I have seen how SecOps running against NetOps can cause some issues. For me I started out NetOps and later became SecOps. It helps to have an understanding of both sides of the coin. I also…