CSO

I have a secret identity that I hide all day long at work.  I'm a very competent Linux administrator and I have been for over 10 years.  Why do I hide it?  Well, let me elaborate.

At work, I manage security and security risks--basic CSO/CISO skills.  That's what I do all day long.  Some of that is customer care.  Some of that is vulnerability assessments and mitigation.  Some of that is basic project management.  I really need to know how to be a system administrator at a managerial level.

Since my business unit is an operations facility, we have a very small team of Linux and Unix administrators that are responsible for maintaining the Linux servers.  I usually don't touch any equipment.  Except when we have a shortage in the Linux team and people find out I can engineer Linux solutions.

That's when I get the call to come in during the weekend to build an Oracle cluster, like I did in September.  I came in and built a 5-way RAC cluster.  Yes it was fun, except for the weekend part.

Last summer I helped out the Linux team by helping them harden apache.  After about a month of twice-weekly calls where the admins were complaining that they needed external support to harden apache, I finally got tired of it, walked down to the data center, and knocked out the hardening in a couple of hours.  Case solved, you'll get my bill in the mail.

Like I tell my boss, just because I can out-Linux the Linux team doesn't mean that I want to do it all day--I have plenty of other things to do.  When it gets to the point where I need to touch a Linux server, things have fallen apart to the point where I'm the last hope for humanity.

But I can't get down into the tech like that all the time--it takes time.  I have my other job to do, the one that the Linux team can't do, and it's very easy for me to get over-committed.

So I hide my Linux skills and pick when and how I show them.  It makes me wonder who else out there in the IT security world is in hiding.