$10 sez within a year we hear about a major security breach or loss of data or credit card scam where somewhere in the story is the beloved phrase, “A vulnerability which was patched by the OpenSSL team 8 months ago, but the company never applied the update…”

Just another iteration in the cycle of “discover security hole -> panic -> patch security hole”. As usual, sysadmins who are paying attention and keep up with current events will know that there is a problem and how they can fix it (or, if they are dependent on renegotiation, redesigning the site). We’ll probably be dealing with this cycle forever. It’s just an unfortunate cost of doing business on the internet: nothing static will survive.

I got that picture off of Wikipedia, and it is covered under a Creative Commons license. Use of the picture for a personal Christmas card would be acceptable use, unless you threw it up on CafePress and made money off of it

Yours truly ~
Pat & Lisa

And I get the argument that systems administration, like software engineering (or computer programming), or database administration, or any one of a number of IT positions doesn’t have the formal infrastructure API like electricians do (or architects, who must adhere to building codes or whatnot).

At the very least, though, there should be covering categories among formal professions. If you want to be a systems administrator for a health organization, you have access to the information doctors do, you should have the same ethical requirements a doctor does. Same with sysadmins who work for accounting or legal professions. This generally does exist for military/criminology work (no clearance, no job, sorry).

If you break the rules, you should be effectively disbarred from working in those areas, for the same reasons you would disbar a lawyer or revoke a doctor’s license to practice… and for the same empowerment reasons those professions have: because you ought to have a formal framework (with a formal grievance process) to say to someone who asks you to do something illegal/unethical, “No, I can’t do that”.

Not that *I* need it, but I’m a stubborn cuss.

The differences between system administrators and, say, electricians, is that there is no license required to do administration work, any more than there is to be a mechanic. Sure, there are certifications that you can get in both arenas, but there’s no one that says “You haven’t passed this test, you can’t replace the belts on that car”. Or set up a mail server.

Should there be? I don’t think so. There is no “one infrastructure” in place that must be adhered to, as there is with the national electrical grid. The closest you could come would be a network-centric certification that adheres to the rules of the internet. The only one that I know of that is network based, vendor neutral, and widely recognized is CompTIA Network+, and most of the networking professionals that I know look down on that cert.

In the end, it is up to each organization to decide the necessary skill set required for their IT workers, and to dictate the training / certification they need their employees to have.

When your car is broken, you can go to a national chain where all of the mechanics are ACE certified and things are done by the book. Or you can go to Bubba’s tire and bait shop. Both can change your tire, but if I had to rebuild my engine, I know where I’d go.