Talking to the Techs
There are times when the hardest thing a security professional can do is work with the IT department. It’s strange since many security professionals have come from an IT background. Speaking for myself, I moved into security from network engineering after a large firewall project. Of course, IT professionals work on security tasks their whole career, from cleaning up malware to managing user accounts and passwords. The IT team is on the front line of security every day. If your organization is hacked, they’re going to be just as busy as you are, if not busier. When the auditor delivers a failing report, it’s going to reflect on IT’s efforts. Even worse, high-powered hacking groups and spy agencies single out IT personnel as high-value targets. They know sysadmins have the best access privileges in the company. If they can take over their accounts, the whole network is their buffet table.