Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help on Job Creation 3

Status
Not open for further replies.
NetIntruder

NetIntruder

MIS
Jul 13, 2004
427
US
Hello All,

I have been trying to talk my boss (The Director of IT) into creating a position for Manager of Network Security. He has been reluctant to this point and i'm looking to put together a good argument for helping this along. Can anyone help me with this? I'm looking for good legal/technical reasons to have this job created. Right now our Security Team consists of 2 people within an IT Department of 125. My efforts thus far have failed, but I feel he's giving in and I want some fresh input to bring home a solid argument.

Thanks in advance!



~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

 
Sort by date Sort by votes
Take a look at monster.com. There should be a job description there for a Network Security Manager. Items in that description may help you come of for reasons as to why your department needs this position.
 
Upvote 0 Downvote
Quantify.It is much harder to argue with numbers (even when they are estimates) than to argue with a genral description of why it might be a good idea. Cost out the cost of lost business or down time by not having adequate security (It helps alot if you have had some actual security related events to use in this costing, if not estimate or find sources that estimate it onthe Internet). Then cost out the cost of adding the position (don;t forget to add administrative costs (benefits,etc) as well as salary - it gives your figures more legitimacy).

Even for things that you see as benefits but can't cost out, do a numeric analysis. Write down all the pertinent issues that should be considered in the analysis of the two options. Cost, increased security, increased visibility of security to the organization, cost of security failure, etc. Then have the manager rate the importance of each issue from 1-5. Then you take the "do nothing" possibility and the add security manager possiblity and numerically rate each one. Multiply by the rating factor the manager gave you and add up the totals. it will usually show which of several possibilities is the clear winner. (Remember to be consistent in how you do the numbers so that they can be added together at the end - a positive such as increased organizational visibility may be a 5 for what is good and a 1 for what is bad, but the higher risk of failure would be a 1 while the least risk of failure would be a 5)


Questions about posting. See faq183-874
 
Upvote 0 Downvote
Remember, it's not HIM/HER who has to make the decision. Job Titles are a business function. It requires allocations of funds to that position. Does this new position require a new body (either to fill that position or to replace a person that is promoted to that position)? If they create that position, do they eliminate a lower position? You are creating a new MANAGER position. In some companies, MANAGER positions require a certain salary. Can the business afford that? I'm sure I'm missing other points, but all that has to be considered when creating a new job title.

Bottom line.....

1. what need will this fullfill?
2. how will it benefit the business?
3. what is the cost to the business?

-SQLBill

Posting advice: FAQ481-4875
 
Upvote 0 Downvote
This might be something to mention verbaly rather than written to your director of IT. Risk analysis from the IT directors standpoint. if there is a security issue, and there is no other management head to roll, his head may roll. if there is a manager of network security then there is possibly another head to roll.
This would be your head, if it is your new position, consider this as well.

 
Upvote 0 Downvote
As always, Security is a spot that has little glory, and people are quick to point fingers at the head of the department in the event of a breach. I completely understand the risks, but if the proper programs are implemented, such as Risk Analysis, Vulnerability Assessments, Policies, Security Training, and Incident Management/Response, this generally will cover the person in charge, assuming that proper response to an incident is taken. This also assumes that management has been properly versed to the fact that there is no perfect security solution and that incidents WILL happen - it's the job of the security department to minimize risk and reduce impact of breaches.

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

 
Upvote 0 Downvote
Point well made, and taken Intruder. One which if in a meeting with the IT Director and the management would only serve to re-enforce their versing. Also, to provide respected acknowledgement and authoritative concencus between the two of you that all the proper programs were in place if an incident occurred. Sounds like you have the ability to make the argument!

Probably not a fresh input, or fresh perspective driving response to your situation, but I tried.

Good luck!

 
Upvote 0 Downvote
Thanks everyone for the advice.

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

OCsurfer
  • Locked
  • Question
Tips on strategies for findind a new job. What has worked well for you? 5
Replies
11
Views
487
Saviom Software
Saviom Software
Steve101
  • Locked
  • Question
Ageing Microsoft Access Software Developer seeks help
Replies
1
Views
258
SamBones
SamBones
johnnygage
  • Locked
  • Question
Can I Get an IT Job at a College, Even Though I Never Went to College?
Replies
5
Views
415
johnherman
johnherman
FormerIT
  • Locked
  • Question
Best Website for resume to find a job
Replies
3
Views
105
FormerIT
FormerIT
kenalex
  • Locked
  • Question
New Job and Certifications 1
Replies
8
Views
151
ChrisHunt
ChrisHunt

Part and Inventory Search

Sponsor

Back
Top