Messages

Government regulation is always done with the best intentions, but causes more problems than it fixes.  So no.

I know this is old and resolved, so not likely to help now, but the 2960S should have a USB port and you can use a USB flash drive to transfer the file.  There are some limitations on USB size and format, and not all drives are supported.  (I had some Cisco branded drives that always worked.  No idea where they came from, I found them in a drawer when I started that job.)  But I've "recovered" a 2960S with no image on it using a USB flash drive quite a few times.

So what I've learned in recent conversations is that they had already decided to make an offer after the first two rounds of interviews.  The only thing that would have jeopardized that would have been if I just didn't do the presentation at all. 

Overall I'm pretty happy with the move.  Stress level is way down.  I'm learning a lot of new things instead of just always plugging holes in the leaking dam.  Although I'm working "from home" I'm also traveling a lot which keeps things interesting.  And things at my old place of employment continue to deteriorate. 

Well, I kind of bombed the presentation.  I thought so anyway.  I focused on SDN.  SD-Access, SD-WAN, geographically separated datacenters using VXLAN, etc.  Between my full time job and getting sick with Covid, I didn't have as much time to research, prepare, and practice as much as I would have liked.  Despite my horrible presentation, I was still offered the position.  And I accepted.  Better pay for sure, the promise of much less stress but we'll see, and I can work remotely. 

This is kind of like a homework assignment, so I'm posting it here.  I have 3 rounds of interviews scheduled for a Network Engineer position with an ISP.  They've told me that the 3rd interview will be a presentation that I have to give on a hypothetical situation.  That situation is that a university system is transitioning from autonomous campus IT to consolidated IT under the flagship campus.  I am to design a new network for the system providing IP internet services, disaster recovery / business continuity.  I can assume unlimited funding and all technologies are available with no restrictions.

Off the top of my head, I'm thinking a dedicated fiber ring connecting all the campuses.  Each campus with a dedicated connection to the internet with backup connection through adjacent campuses on the ring.  Remote OOB management with something like OpenGear that has a cellular connection. 

What about other equipment?  My Cisco knowledge is limited to Catalyst 6k, 3k, and 2k switches, some old low-end Nexus gear and a couple ISRs used mainly for VMware hosts at branch offices.  My routing experience limited to OSPF, static routes, and a tiny tiny bit of BGP.  I've attended some workshops on SD-WAN and DNA Center, but haven't been able to implement any of that yet.  What about other vendors?  What are some directions you would point me in to do research?  What I manage now is kind of cookie-cutter - repeat at building B what worked at building A.  What should I look at to broaden my scope?

Is this position potentially over my head and beyond my current skill set?  You bet it is.  But I know most of the team, they provide a ton of training opportunities, and I think my experience shows that I can learn what I need to.  I've heard that success is biting off more than you can chew and chewing it anyway.  I'm very aware this would be a pretty big bite for me, but I'm looking forward to chewing it.

My current frustration is my Chief Technology Officer.  See attached example.

https://github.com/NCSC-NL/log4shell/tree/main/software

More discussion with the CIO today regarding MFA prompt frequency, what the default 365 "Remember Multi-Factor Authentication" setting is (90 days), what we are currently set to (30 days) and what he wants it set to (0 days).  He is pretty insistent he wants MFA prompts for everything all the time.

My oldest just started his last year of college.  As an undergraduate anyway.  He'll have a degree in Mechanical Engineering in a few months.

This weekend I spent 3 days in a creek bed building a retaining wall to keep the creek from washing around the bridge and cutting off the driveway.  I barely looked at my phone all weekend.  Covered in mud and sand and sweat.  It was great.

This really hits home.  Thanks, Dean. 

Is there a "best practice" on MFA prompt frequency?  We currently have MFA applied for access to most services from off campus (on campus is an excluded "trusted" location).  If I'm reading the documentation correctly, the default "Remember Multifactor Authentication" setting is 90 days.  It was set to 30 days by previous admins. 

The new CIO wants that lowered even further and users to get MFA prompts much more frequently so they know what triggers an MFA prompt.  I think that could lead to users becoming desensitized to approving MFA requests and approving them without giving it much thought which increases the risk of approving allowing access to a malicious actor.  To us in IT, an MFA prompt is assurance.  To regular users, it's an annoyance.

Thoughts?  Are there any studies that show which option is more secure?  I don't mind being shown why I'm wrong, if I am, if it results in better security.

We currently have Cisco Amp for anti-virus and Proofpoint for email protection.  We're a hybrid Azure (local AD synced to Azure) with 365, etc.  We're on A3 licensing, but we're also doing a trial of Teams Voice so have a handful of A5 trial licenses.  While we have the trial A5, I asked my system admin to give Defender, ATP, and the other A5 license tools a good look.  So far, he says he likes the Microsoft options better than Amp and Proofpoint.

At least mine keeps accruing over the span of my employment.  Sick, Annual, and Comp time combined, I have over a year's worth of leave saved up.  And, I can cash some of that out at my retirement. 

Well, I guess I should clarify.  Here at $UNIVERSITY, we do have a "mandatory" week off during the Christmas break.  If you're new enough to not have leave time to cover it, it sucks to be you.  Typically, Christmas Eve and Day are paid holiday days.  The other days you have to use annual leave, comp time if you have it, or take LWOP. There is a catch to that that sucks for the new people.  To get holiday pay, you have to either work or use leave/comp time for the day before the holiday(s).  If you take LWOP, you don't get holiday pay.