bonehead writes: So... For a while now I've been pondering this question.
At my current job I work with a team of 6 other sysadmins. They're all very talented, and all have several years of seniority over me.
One guy, in particular, has taken a very strong interest security lately. And he's been working very, very hard to harden the security on our servers.
He's a very honest, and seemingly religious guy (religious in the "golden rule" way, not the "jihad" way. His "good, honest guy" credentials are unimpeachable). While his heart is definitely in the right place, his approach is not. Every measure he takes simply makes things more inconvenient for legit users, and will, unfortunately, do nothing to deter a real attacker. My efforts to argue the point with him fall on deaf ears. (He's also very talented, and as many talented geeks are, hesitant to consider that he might be wrong....)
Me, on the other hand, well, let's just say I've never been an angel. About 15 years ago I decided that being on the straight-and-narrow was the way to go. Not out of any moral sense of duty, mostly as a result of having a personality that is incompatible with incarceration. But when I was young and dumb, well, like I said, not an angel.
What I've noticed is that when news of a new exploit becomes known, my fellow admins jump right into thinking "we should firewall that port" or "maybe we should shut down that service". In other words, extreme answers. Myself, on the other hand, my first thought is "ok, how could I exploit that", followed up by "if I tried, what would trip me up"? Invariably, my answer would prevent attacks while minimizing inconvenience to legit users, but I get outvoted, on grounds of seniority, by admins who favor solutions that cause much more inconvenience for legit users, while not actually hindering the bad guys.
Moving ssh to a non-standard port? Eh, not necessarily a "bad" idea, but if I'm determined to get into your network there are a couple things that come to mind. First, I'll find that port anyway. Tripwire won't save you. Second, ssh probably wouldn't be the attack vector I'd choose. So, it's both ineffective and inconveniences legit users. (I won't even get started on the fact that we ban ssh keys on public facing servers, and require passwords instead.... )
So, after that long-winded mess, my question is this: "Can you really defend yourself against the bad guys if you're not capable of thinking like they do?"
bonehead writes: First, a little background. I've been working for the same small company for about 12 years as a one-man IT department. I took this job after becoming completely burned out with the corporate politics that seem to infect all large companies, and it's been a great job. My salary is a bit less than what I could make elsewhere, but I consider that to be a fair trade due to the relaxed atmosphere and fairly stress-free environment I've enjoyed over these years.
The problem is that our core business is part of an industry which, as a whole (i.e. not just my company) is now becoming obsolete due to advances in technology. My pleas to expand into other areas 5 years ago went unheard, and now that the situation is clear to the owner, the revenue just isn't there anymore to do much expanding. My personal prognosis is that we have about 2 years left before we're forced to turn out the lights and shut the doors for good.
I find myself in a bit of a bad situation when I consider future job prospects. Being a one-man IT department, I've become something of a jack of all trades, master of none (well, maybe a few). I've had opportunities to do a wide variety of work, and have done it all well. System administration, e-mail servers, file servers, backup systems, networking (mostly Cisco equipment), VOIP implementation, and programming (C++ and Java mainly), and a bit of network security, just to name a few. I've also done a bit of web development, and while I can crank out the PHP code for the backend, aesthetics aren't really my thing. The problem is that I've done such a wide variety of work, that I can't really walk into a job interview and honestly call myself an "expert" at any of those things.
Not a pleasant place to be at 38 years of age.
Given that I have a year or two before I need to move on, I feel that I have time to pick an area, acquire the necessary expertise, and salvage my situation. My question for the Slashdot community is, in the current IT job market, which skill set should I focus on? My original goal when I went to college was to be a programmer, and if I choose that route, what language would make me most marketable? Or would I be better off to pursue Cisco certifications and focus on networking? Or something else?