we have to make mistakes

Security and IT are tough these days. While we keep getting an influx of people with their MCSE and A+ certs that can do fun things with desktop support, it is all those other more specific areas of IT that still are not getting the love they should be getting. Maybe it is because they’re a layer or two out of the eyes of most normal users (and managers). Too often, us techs can do a lot of good things, but sometimes don’t get a chance to try things out when we’re already swamped with an overload of work, not enough money, and too many fires to put out.

Mark Curphey has been posting his experiences with his new start-up lately. While a lot of the content is not terribly pertinent to me at this point, I do enjoy reading him. Tech-to-tech, this paragraph really caught my eye:

Did I really transfer the domain to my account or was this someone snarfing my domain and my religious spam rules means I missed a very important mail? Alex was sat at his desk dreaming in code but saw I was panicking. We look at it and pulled up the whois records. Holy bull-shitake batman, some bastardo has snarfed my domain and the records show dummy, dummy, dummy as the new owner. We googled and others had been conned by the same trick. How could this happen? How could Gandi let someone transfer a domain without positive acknowledgement. Oh cricky, I really screwed up by being strict on spam.

Considering the theme of this post, I think it might be obvious what caught my attention. You can make an entire job out of being a spam admin or even a DNS/SSL/domain admin, even at smaller companies. But chances are, those tasks are only a very small part (a disturbingly tiny) part of our jobs. How can you get to be a spam surgeon? Do you have time to pick through what gets caught in the filters? Do you have time to even tune up the filters at all while maintaining high functionality for possibly critical emails? Just how are you tracking all your DNS and SSL purchases and expirations?

That’s tough, and I think unless you can acquire these skills somewhere or have a job that lets you have a lot of bandwidth to research and tinker with such things, outsourcing to a company that can focus on just that one thing is still a big IT need. That or understanding what techs need to ultimately be successful. Can you really maintain a spam filter effectively, or would it be more efficient to outsource to a company that specializes in spam filtering?

That is one area I think still needs work in the “business and IT must work better together” agenda. We don’t know everything in IT and we really do have to make mistakes. I’ve learned that you learn the most about technology during the troubleshooting stage as opposed to when everything is going right. Business is not terribly forgiving about such things, even if they are small but visible incidents in the whole scheme of things. Business wants to make a request, have it implemented perfectly, and then run unattended for 25 years without any further investment. IT knows better and that any new technology not only must be learned, monitored, and administered, but at some point does need to be evaluated for security, efficiency, and proper improvement.