Patch management question?

Edgra

Hi I have a question I currently work as level 2 desktop support and our security admin was let go about two months ago, so I volunteered to do the patching, and now my manager has left and they’ve hired a security admin but have left the task of patching on me, I am salary so no overtime, should I look to get increased pay or at the very least comp time for staying up till midnight or later doing patch management? I’m working about 30 extra hours a month on this btw, Thanks in advance for your replies.

DatabaseHead

Doesn't hurt to ask. I would most certainly bring it up or see if they can get another resource to do it. Time is money and working that much more extra lowers your hourly.

cyberguypr

I see a potential tactical opportunity here. Do you have any interest in moving beyond desktop? You could easily leverage this additional responsibility when the time to make the move comes. Doing what nobody wanted to do is part of how I climbed the ladder.

GirlyGirl

Edgra wrote: »

Hi I have a question I currently work as level 2 desktop support and our security admin was let go about two months ago, so I volunteered to do the patching, and now my manager has left and they’ve hired a security admin but have left the task of patching on me, I am salary so no overtime, should I look to get increased pay or at the very least comp time for staying up till midnight or later doing patch management? I’m working about 30 extra hours a month on this btw, Thanks in advance for your replies.

I want to say most. I really want to say all. But, I will be nice and say some. Some organizations run the same scan every month. So, all you are really doing is re-running the already pre-populated scan. It was simple a few clicks, and BOOM the scan was running. When it's finished BOOM use vulnerator or some other program or this or that to populate the results. Then BOOM re-forward the email from the past 5 years with the attached results.

A few questions:

1. How is it taking 30 extra hours a month? Just curious.
2. Every month, are you running the same scan as the previous month?
3. How big is the organization?
4. What tool are you using?
5. Why did you volunteer (?)NOW you want to talk about pay. This right here is the issue. YOU should have talked about pay before you volunteered. The leadership can say you volunteered high speed I didn't force it upon you. Kick rocks we have a security admin who can do it. This can go more than one direction.

If you don't answer any question answer 5.

GirlyGirl

Edgra wrote: »

Hi I have a question I currently work as level 2 desktop support and our security admin was let go about two months ago, so I volunteered to do the patching, and now my manager has left and they’ve hired a security admin but have left the task of patching on me, I am salary so no overtime, should I look to get increased pay or at the very least comp time for staying up till midnight or later doing patch management? I’m working about 30 extra hours a month on this btw, Thanks in advance for your replies.

I think you would have more wiggle room IF the Security Admin wasn't hired.

Either way, I hope all that starts well ends well. Wish you the best.

Danielm7

Is it patching of the desktop systems? That's exactly what our level 2 desktop support does. Do you have any patching tools, SCCM? What are you doing that takes 30 extra hours a month? How many systems?

Edgra

cyberguypr wrote: »

I see a potential tactical opportunity here. Do you have any interest in moving beyond desktop? You could easily leverage this additional responsibility when the time to make the move comes. Doing what nobody wanted to do is part of how I climbed the ladder.

I do want to move beyond desktop, so this is definitely something that can help.

Edgra

GirlyGirl wrote: »

I want to say most. I really want to say all. But, I will be nice and say some. Some organizations run the same scan every month. So, all you are really doing is re-running the already pre-populated scan. It was simple a few clicks, and BOOM the scan was running. When it's finished BOOM use vulnerator or some other program or this or that to populate the results. Then BOOM re-forward the email from the past 5 years with the attached results.

A few questions:

1. How is it taking 30 extra hours a month? Just curious.
2. Every month, are you running the same scan as the previous month?
3. How big is the organization?
4. What tool are you using?
5. Why did you volunteer (?)NOW you want to talk about pay. This right here is the issue. YOU should have talked about pay before you volunteered. The leadership can say you volunteered high speed I didn't force it upon you. Kick rocks we have a security admin who can do it. This can go more than one direction.

If you don't answer any question answer 5.

I did volunteer to do this you are right, I just want to be compensated fairly.

Edgra

Danielm7 wrote: »

Is it patching of the desktop systems? That's exactly what our level 2 desktop support does. Do you have any patching tools, SCCM? What are you doing that takes 30 extra hours a month? How many systems?

I am Patching servers, we use a tool named ivanti it takes time because some servers i have to do it manually, maybe I’m just being extra cautious that I don’t break any production systems so it takes me longer to do this not sure I’m fairly new to patching servers.

Edgra

GirlyGirl wrote: »

I think you would have more wiggle room IF the Security Admin wasn't hired.

Either way, I hope all that starts well ends well. Wish you the best.

Thanks you are right I appreciate the well wishes

scaredoftests

30 hours a month is way too much! Do you have test servers as well that you test on first? Where I worked previously, we would do production servers on Tuesday night(once a month).

Edgra

scaredoftests wrote: »

30 hours a month is way too much! Do you have test servers as well that you test on first? Where I worked previously, we would do production servers on Tuesday night(once a month).

No I wish we had a test environment, it makes it much easier this way.

cyberguypr

Wait what? Patching with no testing? That's living on the edge.

scaredoftests

^^^
I know, right? Is this a virtual or physical environment?

TheFORCE

Ivanti is a good tool, no reason it should take you 30 extra hours. Schedule some of the patches on training or DR machines and see how they behave and schedule production few days later. Do servers 2x or 1x a month and do workstations more often.

Edgra

scaredoftests wrote: »

^^^
I know, right? Is this a virtual or physical environment?

Mainly a virtual environment.

scaredoftests

Hopefully, you do snapshots as well beforehand.

Edgra

Thanks for all the replies.