Friday, December 31, 2010

My new challenge in 2010: security issues at university network systems

Since April 2010, I've been working on the network security management of Kyoto University. There are many things to consider. I've already published a report in PDF about the status and issues.

The fundamental principle which always haunts me is that adding security to a not-so-secure system is far more difficult than making the security component built-in into the system. In a large organization, you cannot change the policies and configuration of the running systems overnight; you need to negotiate with a lot of stakeholders to reach a consensus or an agreement. Consolidation takes a lot of time, especially for a well-established system such as the email servers.

Another difficult issue to handle is how not to restrict users from the legitimate use of the campus systems. University is an organization of research and education. While leaving a system vulnerable for the known attack vectors is not an option anymore, allowing failures for learning from the try-and-error process should not be prohibited. Without a firm security policy, you cannot really decide what is right or wrong.

Catching up with new technologies is also a tough requirement to meet for a large network system. The global IPv4 address space will be used up in next year 2011, so introducing IPv6 is a must, though not urgent; and the organizational DNS subsystems should be DNSSEC-ready, for both the cache resolvers and authoritative servers. And I have to be able to explain those changes will surely benefit the users and are worth paying for.

I'm sure I'm going to face a lot of existing and new problems on next year 2011. And I'm hoping I will be able to solve at least some of them.

Sunday, March 14, 2010

Writing for job seeking

For the past few months, my top priority issue has been searching for a new job. My current (as of March 2010) job contract will terminate by March 31, 2010. Looking for a job itself is very stressful, and you need to focus on writing a lot of documents, including your CV, cover letters, etc. In this article I will introduce a few Web sites which might help job seekers in general.

Ask A Manager, a blog written by a real human resource professional, has been particularly helpful during my job searching period. The articles on the blog suggest me that corporate and organizational cultures in Japan and the USA are much more similar than different with each other. I think the psychology of hiring and getting hired is highly universal.

For writing a CV, Dave Levin's job application page has a set of useful examples, especially for those searching for IT research/academic positions, with the statements of research and teaching. His energetic, upbeat and rational writing style, while not getting overly emotional, will help you find how to make your CV fit for the job openings. (Note: of course you need to change the details of your CV for each job you apply for.)

Getting the job contract terminated, laid off, or even fired, is itself a tedious and tough experience. I've read a few books for helping myself:

  • Hugh MacLeod's Ignore Everybody: this book and his comic strips remind me of the hard cold facts that creative people must endure loneliness, and that they have to earn money before doing what they want to do.
  • Martha I. Finney's Rebound is what ACM first suggested me for career development. The good thing about this book is that it starts from describing how to cope with the traumatic and angry feelings when you first find out you're getting pushed out of a job.
  • Chad Fowler's The Passionate Programmer, formerly called My Job Went to India, describes how a software developer should cope with the change of trends and other social environmental factors. I highly recommend this book as a list of checkpoints for sorting out your experience and finding out what you need to do for doing what you really want to do.

And I suggest you to think carefully about how you expose yourself through blogs, Twitter, Facebook and other social media, during the transition period of your job. Your articles or written pieces on the Internet are public and not private; an Ask A Manager article about how managers feel about blogging of their employees represents a practical view of pros and cons of blogging in a plain English.

I also suggest you to make your past blogs private, when you feel awkward about what you have written there, even slightly. Then you can reopen them after editing and removing the articles before you get embarrassed.