Monday, November 4, 2013

No reciprocal knowledge

I literally just got off the phone with someone from the IT department at my gig, who was looking to get some information on the portfolio of web applications for which I am responsible. I don’t consider providing such information to be an onerous extension of my nominal duties as webmaster, so I was perfectly happy to talk to the guy. In fact, when he mentioned that part of the purpose of his call was to establish certain baseline info before subjecting those sites to a routine security assessment, I figured I’d throw him a bone and let him have some potentially helpful info: one of the applications in the portfolio, the one which was the center of my Big Annoying Project and was moved from the unclassified to the classified network, had just been through a security assessment as part of the whole battery of internal processes which comprised the bulk of the Big Annoying Project. (I did not call it the Big Annoying Project to the guy on the phone.) My point being, maybe the site did not need another assessment already, maybe the previous one would suffice for whatever box the guy needed to tick on his tasker list.

Honestly, it should not have come as a surprise to me when the guy responded immediately by asking if I could forward the security assessment results to him. Again, just to clarify the situation here: the guy from the IT department informed me that my application needs a security review, I point out to him that the review has already been done by his department fairly recently, and rather than use his own departmental resources to access those review results, he asks me to provide the results. I know he, personally, did not perform the assessment but still, this seems like the worst kind of left hand not knowing what the right is doing, and I get to be the weird middle/third hand.

You guys, this is what I’m talking about when I say my current job has certain shortcomings. I grow wearier and wearier of being the tech person on a contract where the overarching tech support is more like a kind of institutionalized tech denial. I think on some primal monolithic level the DoD wishes that computers had never entered the office space at all and everything was still done via phonecalls and typewritten carbon copies. Since that’s not going to happen, they simply devote huge reserves of technical resources to making the internal computer networks, and all the business processes that come in contact with them, as cumbersome and limited as possible. If it gets to the point where IT performs security assessments and the results are either immediately discarded or tracked in such an impenetrably arcane way that it’s actually easier to ask the customer for their copy than to backtrack to the source, then everything wobbles on the precipice of madness.

I would really like to work someplace where everyone is reading from the same playbook and playing the same game for the same team. I understand there are some places out there which match that description! Now I just need to go out and find them and make an appealing pitch for myself and my services.

No comments:

Post a Comment