So some background here; I came into my current position two and a half years ago and quickly made countless changes to the network and security practices in general. Relatively standard stuff that should have been implemented years ago; ACLs on the switches, restricted switch management access to jump hosts, PA firewall that is actually configured in a way to limit traffic, a firewall that separates internal clients from the data center, device configurations controlled by config files on a Bitbucket server, ect. The network changed a lot in a relatively short amount of time. All of this I attempted to bring everyone involved along for the ride, one came willingly with a dedication to learn new things, and one is being dragged through the mud kicking and screaming.
The issue that I'm running into is an older engineer that is close to retiring (like 1.5-2 years, can't come soon enough) doesn't put any time or effort to keep up with changes. Every week I spend two hours going over the same information in a training session that never seems to move past the same material, because it isn't being retained. I've separated the training sessions because the other Network Administrator is so far ahead of this dude; maintaining the same session wasn't beneficial to anyone anymore. Even large changes where this guy by title should be taking the lead, he takes a complete hands off approach and never asks any questions. Even leaving out the automation stuff, he doesn't understand the basics of how the devices seem to function.
I wouldn't be upset if this was more difficult concepts to understand, if it was Git access or actually scripting things I could work around that. Instead, the simple fact that the switches have ACLs on them seem like a foreign thing. The firewalls I can't give him read/write access to, because he doesn't even understand how the policies are analyzed (again, countless hours of training). The fact that he has to log into a jump host to access any of the switches is something we talk about on a weekly basis, every week its "That's new".
I don't know what to do anymore. I can't find a way to train the dude, documentation is never looked at, conversations and hand-holding last a day but are promptly forgotten, and he just doesn't come to the board anymore. Everything I do is brought up, it's documented to a point where our manager and the other Admin can easily understand it, diagrams are constantly being modified, but he never looks at any of it. Basic concepts that should have been deployed even when everything wasn't automated or scripted just seem to go right overhead; I mean seriously having to look at an ACL on the switch to see if the traffic is even allowed is something he just can't remember. The firewalls are a black box to him, can't even reliably look at logs and interrupt them correctly.
I don't know what to do to make this easier then simply forgetting he exists. I can't train the dude. Hand holding doesn't work, documentation doesn't work, one-on-one training doesn't work, hands-on lab practice doesn't work. Weekly meetings with everyone that works on the Network and the Security teams where every change is reviewed and talked about, no questions ever come out of him. I can't find a way to engage him at all, and I can't get him to retain anything.
I don't know how to make this easier and kick him back into gear, or really if he ever even was in gear? Have any of you had to deal with someone like this, and what made it finally "click"?
No comments:
Post a Comment