I have learned so much this year and am so grateful for how things have worked out.
Learning is fun for me and I have had the opportunity to learn many great new things this year. Going back to consulting has allowed me to experience new environments and solve new problems. What I have learned is that security is the new #1 priority in IT, as it always should have been.
I have spoken before about companies I have worked with and their issues with security. It is unfortunately common for companies I have worked for to have major security issues before, during, and after I worked for them. Surprisingly some companies don’t take security seriously until they have a problem, and then they are ready to spend money. Or not.
I have worked with companies that have been hacked and they sometimes feel that if they just do a few changes they will be ok. Security is such a critical part of the infrastructure that you can’t leave it to an outside company to handle. Certainly, they can help, but ultimately you have to take the reigns and reevaluate every day if what you are doing is working.
The biggest problem I see with security with companies is that they don’t have someone who is dedicated to making things more secure each day. Hackers are constantly working on better ways to try to hack companies. This unwillingness on companies’ part makes them sure to be hacked in different ways.
When companies have security issues ultimately it is because of the lack of skill of the IT staff, and the lack of resources spend on securing the infrastructure. Some managers hide criminal activity under the rug. I have worked at companies where the IT manager doesn’t tell the management they were hacked. That to me is criminal. If they don’t know what is going on, they will never give the resources that are needed to combat it.
If you fail to work on security, expect hackers to make your day most unpleasant.