If you want your employees able to deal with emergencies, you can't run them at 100% capacity all the time. You need some slack, so you have capacity when shit hits the fan.
Using a small amount of that slack to keep another employee happy can be a good investment. In addition, it's good for someone like the CISO to poke around the innards of your network (etc) configs from time to time, just to stay up to date with what's going on in the company and to perhaps flag anything that smells suspicious.
You can do these kinds of exploration exercises completely free form, or you can take a little task like 'figure out exactly why this specific site is blocked' as a token of motivation.
I agree that all of this mostly only makes sense, if it doesn't take too much time.
Though if this specific task would take a lot of time, that would also indicate that either the CISO needs to upskill, or the network config is too complicated. In either case, that would be a valuable insight.
Using a small amount of that slack to keep another employee happy can be a good investment. In addition, it's good for someone like the CISO to poke around the innards of your network (etc) configs from time to time, just to stay up to date with what's going on in the company and to perhaps flag anything that smells suspicious.
You can do these kinds of exploration exercises completely free form, or you can take a little task like 'figure out exactly why this specific site is blocked' as a token of motivation.
I agree that all of this mostly only makes sense, if it doesn't take too much time.
Though if this specific task would take a lot of time, that would also indicate that either the CISO needs to upskill, or the network config is too complicated. In either case, that would be a valuable insight.