Becoming a better security officer
Computer security as a special field is still fairly new. It's likely that you did not major in System i computer security in college or specialize in it at a technical school. In fact, as I look back on my career I can recall many people working in various segments of IT who came from some disparate backgrounds.
One guy I worked with was a pitcher for the Pittsburgh Pirates, followed by a long career as a chemical plant manager. Another first went to college to be a psychiatrist. Personally, I never went to college, but got started in IT right out of high school working as an input/output control clerk. I suspect that we are all "accidental" System i security officers.
So how do you become an effective security officer when your training and education probably didn't prepare you for it? A few months ago, I published an article about how to learn the security officer position, which would be a good place to start. You may also want to read my article about using System i security consultant services, which teaches administrative skills in computer security. I encourage you to check out these two articles as a starting point.
But before setting out to become a better security officer, consider what you did prepare for in your career. For example, if you studied to become a programmer, you probably don't need to concentrate on the programming aspects of the security officer function. In fact, there is a tendency to stick with tasks that are most familiar. People tend to go where they are appreciated and where they can demonstrate competency. So, if you find yourself staying where you already know how things work, it is time to move out.
To become an effective security officer, you need to catch up on the knowledge you never learned in the first place. For example, I started out as an application programmer. When I got to the area of security, it was a new arena for me, and I found that communications and networking were my weakest spots.
I still don't have a full understanding of TCP/IP and how to implement foolproof security. Even worse, the people who do know how TCP/IP works all appear to speak a foreign language that is liberally peppered with three- and four-character acronyms that I'm supposed to understand.
Expand your System i security knowledge
Once you've identified gaps in your expertise, identify resources that can help you understand concepts and strengthen your security consciousness. Begin by finding a peer or an associate who can offer guidance and recommend reading materials, Web sites and other useful publications.
I also have to confess that I am still a reader of technical manuals and IBM Redbooks. Having them all online is a real benefit. When I have spare time, I often browse the manuals library to find what's new and read things that I haven't seen before. The manuals can be pretty dry reading, but they contain the manufacturer's explanation of how things are supposed to work.
I'd love to hear from you if anything here strikes a chord with you. Do you have an unusual story of how you ended up as an accidental security officer? Send it in. You can reach me at firstname.lastname@example.org, All email messages will be answered as quickly as possible.
ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.