CISO Trick: Know the Hiding Places
Posted March 27th, 2007 by rybolovIn my somewhat hazy job description, there is one additional duty that I have absorbed: limited asset management. As I tell people all the time, I’m not an asset manager, but I become one when I have to. For example, I spent an entire month last year doing equipment inventories. Not a thing to be really proud of, but at the time asset management was one of the chief risks that my organization faced.
My CISO trick for the week: Know where the engineers hide the excess equipment. Every NOC, SOC, and data center has the place where, when equipment is missing, that’s the place where you can go and find it. In the NOC, it’s the closet in Eric’s office where he now has 6 managed switches and some other networking gear. In the SOC, it’s their half-rack worth of lab equipment, including some spare firewalls and IDS sensors. In the data center, it’s the top half of rack 1-2 where the engineers put equipment and lock it up so it won’t walk away.
Point is, most organizations have these hiding places, and it’s almost an unwritten duty description to find them. Don’t point them out as I just did, but keep them as your little secret and when you need to either find something that is missing or absolutely need a piece of equipment, you can go check the usual places and see if you have one on-hand that is not being used.
Last week I told one of our projects that they could not open up some services across the Internet until they designed their connections right with a DMZ for the Internet-accessible servers. We left the conversation with a logical diagram to build from and the need for a firewall and a small switch–loaner equipment to get them up and running right now and that they could replace with their own when they ordered replacements. 10 minutes later, the project team had a PIX and an older catalyst, all culled from hiding spots.
One final thought for today: I call these places “Mike’s Happy Hardware Hunting Grounds”. =)
Similar Posts:
Posted in The Guerilla CISO, What Works | No Comments »