Moronic Monday - October 14, 2019

Hi everyone-- I was going to make a post about this but it feels kind of dumb, so I figure this thread works. I could really use some input from people working on this field.:

I work for a small medical lab (~15 employees). I've been here for about 3.5 years, having started as a data entry employee who had some self-taught Python and SQL skills. They had a need for better reporting than janky MS Word templates and my ability to fulfill that need put me in a developer/IT generalist/whatever extra thing the business needs position. I'm also the only IT or even IT-esque person here.

The business has come under new management who want to put the reporting into an LIS (which I'm happy to let go of, it's gotten old and it's good for the techs) and so they've newly titled me Systems Administrator, which isn't far from some of what I've started to do, including administering Windows Server Essentials 2012 for what's not a domain (yet-- the old boss was stingy about it) but basically a file server. Before the management change I was working on the CompTIA Network + (still am, this has all been in a short period) and planned to look for hopefully a network-centric support job. Instead, I welcomed the new challenge and planned out a curriculum over a few quarters to work on rolling out and performing more advanced administration of a Windows domain early 2020, hardening network security, adding IDS/IPS, implementing written policies and documentation practices, a new backup system and backup restoration test schedules, etc. I also found a good deal on a virtualization server in order to test things thoroughly prior to production.

In spite of these plans, I've continuously felt deeply concerned that I should leave for a long time. As much as people are happy with my work and look at me like I know a ton (though I try to be frank, albeit positive, about how (in)experienced I really am for this field), they don't fully realize the massive security concerns we face as a HIPAA-regulated entity. I try to keep security foremost in my mind every day, but I'm still just not that seasoned. I recognize that if I screw up because I haven't seen the ins and outs of certain systems over time it jeopardizes everyone. All the good intentions and positive opinions in the world won't optimally configure a device. They don't see that.

I guess the key phrase is "imposter syndrome", though I've tried my hardest not to be one. Maybe I became one the moment I let them print this title on a card and hand it to me.

Okay okay so why are you talking about it here?

Last week we had a security breach on our file server. Lots of files went missing, and that's about it. We restored from a backup, and I didn't see anything on Event Viewer. I've been planning to get RADIUS with a new domain for fear of such a situation. Doesn't help much now, we can't tell who did it. Our old MSP-type guy (they released him two months ago to save money) who's also our Datto distributer (came by to restore backup) couldn't find a footprint either.

I was worried, talked to MSP guy and told him I'm thinking this is the sign that I need to make them replace me. He was encouraging and said that he's always been impressed by my work here and that I can't put that pressure on myself. I'm an "if not you, then who?" kind of person, so I couldn't fully agree, but I listened to him and refocused on how we can prevent such a thing from happening again. Big project has been formalizing remote access protocols and having the company finally invest in corporate laptops, which we couldn't afford for a long time. Wrote a three-page incident report and submitted to upper management who might not even read it, for protocol's sake.

Friday the same thing happened again. Restored again, no footprint again. Added what additional auditing I could for the future, which I had put lower in the queue after the first incident just due to how many things I'm being asked for. Shame on me. It feels hard to keep things straight right now.

Anyway, after the second event I decided that I'm going to force them to replace me with either a strong MSP for healthcare or take my salary and add probably $10-20k to get an admin with more experience who can confidently take care of them and deploy stronger infrastructure better than I can with the learning I have to do with my limited off time.

I've talked to three people about it, including one who I think is most likely to understand the regulatory spectre hanging over me as she works in medical billing, but she thinks I'm being too hard on myself and that at the least paying some extra to have a consultant set up infrastructure and hand me the keys should be doable with upper management. However, to me it's not a matter of being hard on myself, it's just a cold hard truth. And a system will always be developing and growing, just a professional inital deployment isn't enough.

Another person I talked to is my immediate supervisor, who is out of town, but she also sees no reason for me to leave. I really am forcing them to replace me in order to get a real experienced sysadmin. I feel like the proverbial kid throwing rocks at a golden retriever trying to make it leave for its own good.

On top of all of this, I'm tired of carrying this weight on my shoulders and having no mentorship, resources, training programs, or even departmental peers to make the journey any easier. CBT Nuggets feels like a poor substitute. Over the years I've repeatedly forced myself out of burnout for lack of ability to take time to recover. I started a new precious to-do list and it shot up to over 100 items in less than two weeks, and that's without including the little troubleshooting things I'm often suddenly asked for. I'm completely exhausted and disappointed in myself; it feels like I wasted the last three years in a place that couldn't teach me anything worth much to a new employer and utterly failed to overcome the challenge.

So, I'm scared but I'm pretty decided. But I'll ask you, dear reader-- am I overreacting? Or do you agree with me that this business needs more to protect themselves?

/r/sysadmin Thread