Threat Level: green Handler on Duty: Tom Webb

SANS ISC: The life of an IT Manager - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The life of an IT Manager

It is true, I am back after a 2 year hiatus from my duties as a Handler at the Internet Storm Center.  Some may be wondering why.  So here it is.

It all started with my new job. I was hired by a company 2 years ago to help move their IT Department forward.  The owner told me it would be a challenge but I accepted the challenge.  They have 6 remote locations plus the corporate office and I would be the 2nd employee in the IT department taking care of all of the locations. That is where the story begins and a challenge it was.  My first week on the job I learned that they did not have successful backup jobs running for the 22 Windows servers.  Several of the servers were standalone devices that ranged in age from 4 years to 14 years old. They were a mess and the group policies, DNS, DHCP and Active Directory were a disaster. No backups in place for their critical desktop computers and no anti-virus solution company wide. They had no firewalls, no IPS, no spam filter, Windows updates were hit and miss depending on whether the employee took the time to install them.  There were a number of issues with the MPLS between the branches and a hodge podge of phone systems.  They had no security in place, no Disaster Recovery Plans. Our mail server was blacklisted twice in the first 3 months of my employment so I had some work to do there as well.  They are self-insured so had HIPAA requirements to deal with which weren’t happening.  So as you can see it was definitely a challenge.

As of today we have made great progress.  We have replaced the old servers with new servers but instead of individual boxes we have migrated to virtual machines. We now have 6 physical boxes that are hosting all of the servers. All of the servers are being backed up to a recovery server that is on site as well as to a recovery server that is at one of our remote locations. All of our workstations are being backed up using a 3rd party off-site backup program. We have installed firewalls/IPS, a spam filter, cleaned up our AD (still a lot of work to do), installed Microsoft WSUS, a managed anti-virus/anti-malware solution, moved all phone systems at all locations to the same platform and have begun standardizing hardware and software throughout the organization. Our mailserver has not been blacklisted since I completed the changes to our mail records for compliance and our network lockdown was completed. We are rolling out perimeter security with a digital camera system inside and outside of the facilities at each location and we are in the process of reviewing going from copper to fiber for our MPLS network.

I have completed the initial HIPAA compliance requirements and have started working on the Disaster Recovery. I have monitoring and reporting setup for all aspects of the network infrastructure to attempt to ensure that our network remains safe and secure. Great progress has been made but we have a lot of work yet to do.  I am now the IT Manager and Security and Compliance Officer for the organization. We had a ransomware attempt a few months ago and thankfully it was unsuccessful because of the precautions and preventative measures that have been implemented.

I am sure that I am not the only IT person that has walked into this type of situation and I am sure I won’t be the last.  IT is so fluid and continuously changing and the threats to the environment have changed too.  One of my IT friends said it is like shooting fish in a barrel and I have to agree.

Deb Hale

Deborah

272 Posts
ISC Handler
I can see why you were on a hiatus as a handler! It sounds like it was a ton of work with a bit to go. One thing I have found with these types of organizations is a lack of effective succession planning for small IT/IS staffs.

When a key person leaves the organization (hopefully not the preverbal hit by a bus), their vision goes with them. Good procedures, documentation and continuity planning can help along with candid discussions with ownership about your replacement.
Rick

3 Posts Posts
Indeed it is. But on this side of the business the fish shoot back and sometimes they shoot first.
Anonymous

Posts
You are correct Rick. That is definitely one of the things that is a must. I am big on documentation and have completed a lot of it so far. We have a complete network layout for all of the branches now and I am nagging the "team" to update the documentation if changes are made. Good documentation is a big part of DRP. Without documentation a "small disaster" may be catastrophic. Thanks for the input.
Deborah

272 Posts Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!