Archive
Success in the IT Industry: Whatever you do, DON’T PANIC!
I’m going to kick off a small series here about succeeding in the IT industry. These will be topics that I have learned over 20+ years of working as an IT Professional. I will do my best to make sure the topics and content cover consultants, such as myself, as well as those who work for a single entity. So, with that introduction, off we go!
If you have worked in this industry any length of time, I can guarantee you have had at least one person come running up to you sure that their life was about to end due to a lost file, a jammed printer that contains their presentation to the board that’s due in 5 minutes, or their inability to access the internet on their smartphone while in the restroom. In any of those situations, it is pretty easy for us to remain calm, hopefully reassuring that person, and helping them quickly resolve their problem.
But what do you do when it’s your server or server farm that has suddenly dropped off the network denying the CFO access to his data that he needs for a meeting that started 5 minutes ago? How do you react when the worst happens in the systems that you are responsible for and all the upper management staff are standing over your shoulders watching you and demanding an estimate of when the company will be back up and running, all the while reminding you of the expense of having 50+ employees that they have to pay for sitting around and drinking coffee?
Hopefully, your answer doesn’t contain the words “panic”, “freak out”, or “I don’t know”.
If you work in the IT industry as a network or systems administrator, I can personally guarantee you that there will be times that this happens. Technology is not infallible and, in my personal opinion, subscribes to Murphy’s law: “Anything that can go wrong, will go wrong, and at the worst possible time.”
So, how do you prepare for that? Can you prepare for that? How do you deal with the ownership or management staff breathing down your neck?
Rule number one: KEEP CALM!
There is absolutely nothing gained by you panicking. In fact, if you panic, it will increase the panic level of all the others around you. Imagine, if you will, a heard of zebras on the plains of Africa. One of them notices a lion that appears to be stalking the herd. It follows it’s natural instinct to run away from the danger as fast as it can, making noise while doing so. This alerts the rest of the herd to the danger and causes them all to panic. The result is a stampeed and ever increasing panic as they lose sight of where the lion is due to the dust cloud they create in running. Now imagine this same zebra that, instead of panicking, watches the lion. After a few seconds, it sees that the lion is going to lie down in the shade because it is really hot. I sleeping lion is not a great threat, so it goes back to munching the plains grass. The herd doesn’t stampede, and the peace if kept. That doesn’t mean the zebra stops checking on the lion every so often, just to make sure it really is napping.
Same thing applies in IT. You will get people that come running into your office or calling you in a panic. You WILL have servers that go offline for mysterious reasons and cause all sorts of havoc around the office. You might even have equipment that quite literally goes up in smoke. I have been witness to that several times. Since these things are pretty much inevitable in this industry, you need to have a plan to deal with them. And you need to have the proper attitude to handle any situation that comes up. You need to appear to be calm, cool and collected in everything you do.
Some of this response comes from experience. The longer you do something, the more you see the issues, and the better prepared you are to handle the issues as they come up. The hardest part is not dealing with the issues. It’s dealing with the people affected by the issues. When they approach you at a dead run or panicked on the phone, you need to be able to reassure them, let them know you are aware of the problem and that you are working on resolving the problem as quickly as humanly possible. Easy to say, not always easy to do. And to my knowledge, there is no training program that can prepare you for the flood of varied responses you will get from the people in your organization. Some will decide it’s time for a coffee break. Some will call you or come visit you thinking that their presence might in some way help you solve the problem faster. I have even seen people break down in tears over issues they have no control over.
All of these responses can be a major distraction and can cause you to feel more and more stress as you try to resolve the situation. Sometimes it becomes necessary to ask people to leave you alone so you can do your job. This needs to be stated nicely, but firmly. My best example is a CFO/VP at one of my clients. He came from a very large company that had a huge IT staff. He was used to getting status updates and resolution estimates every 10 minutes during an outage or incident. His new company, my client, has two location, about 100 employees overall, and one IT guy…me. With me being the only point of contact for IT issues, needing to give status updates every 10 minutes could be a real problem since it distracts from the task at hand. During one particularly major issue involving Microsoft Exchange, I finally had to sit him down and explain to him that having to stop every 10 minutes, find him, update him on the problem, give him a resolution estimate, and then go back to work on the task was going to easily triple the amount of time (and thus the bill) for getting the issue resolved. Once he finally understood that and realized that I would let people know when there was something to actually report, he backed off on his requirement to update him so frequently on the progress. The net result was that problems got resolved much faster, and if he was really curious, he would come find me, and if I was not looking completely absorbed in the issue at hand, he would ask a simple “how’s it going?” and get a quick reply while I got to keep working the issues. It was a win-win for everyone.
The bottom line is this. When everything around you is is going crazy, and the employees and/or management are all panicked, it is your job to be the calm at the center of the storm. Let it swirl around you, maybe even ruffle your hair a little. But under no circumstances should you visibly panic. It could cause the panic in other people to amplify, and could even cause some people to lose a little faith in you and your abilities. As the person responsible for protecting their network, for protecting their data, and some will even see you as the person protecting their livelihood, you need to be the bastion of calm during a real or perceived crisis.
Too much protection?
So, I had someone make a comment the other day:
“My IT staff are all over us about security and viruses. They keep upgrading our security, and it feels like I really have to work to get anything done anymore. Do we have too much protection?”
There are many ways to look at security. I happen to be a believer in a layered approach. Each layer has a function and purpose. Sometimes those layers seem to replicate each other, but if implemented correctly they will not adversely affect the person sitting at their desk just trying to do their job.
Take anti-virus for example. This is a security feature every computer should have, and it should ALWAYS be up to date. In a business environment, you will likely have this feature built into your firewall or another device that protects your network from the dangers that are on the internet. Does this mean that you don’t need a good anti-virus solution on each desktop computer in the company? NO! You need the protection on the computers to protect you from the times a coworker or client (we’ll call him Bob) brings in a flash drive with a file they worked on at home. The anti-virus in your network firewall does not protect you from malware that could be on that flash drive. And if Bob doesn’t have adequate protection on his home or office computer, then you would potentially be introducing a virus or other malware into your office computer and possibly the entire office network. However, with anti-virus on your office computer, it would alert you if there was something bad on the flash drive.
You can have “too much” anti-virus if you have more than one anti-virus program installed on your computer. The programs are known to occasionally see each other as a threat and then cause problems. They also all use some of the same “hooks” in the operating system to provide their security. If two or more try to use the same hook at the same time, then you have a major conflict. This has been known to cause crashes, and at the very least extremely poor performance on the computer.
“What about add-on applications that look for other threats, not just viruses, and malware,” you ask? I’ll give you my approach. It may not be the best for you and your situation, but as a consultant that goes to multiple business locations every day, sometimes locations that are known to have an active infection (the reason they called me), it is proven and works great for me.
Personally, I use a stand alone anti-virus product, not a suite. I have found the suites to be…how to put it nicely…a little heavy handed and sometimes extremely resource intensive. There are many good anti-virus products out there. Over the years I have used Avast!, Symantec Endpoint Protection, BitDefender and a few others. My current weapon of choice is BitDefender. It gets frequent updates, is reasonably light weight (meaning not resource intensive) and I have yet to see anything sneak past it, even in environments that are known to be actively infected.
To round out my personal protection, I have a subscription to Malwarebytes. This program does not look for viruses in the way a tradition anti-virus does. It targets active malware. When I go into a client situation where I know they are actively infected and I need to clean them up, Malwarebytes is able to detect in an incoming request from the source computer and actively block the activity, even before my anti-virus needs to get into the loop. This makes my computer not have to work as hard to protect itself (since the infections never get to the computer at all), and sometimes makes it easier to identify the source computer on the network.
Additionally, I make sure I have a firewall on my laptop that keeps out connections I have not specifically authorized. A firewall on each computer in a business is not always a feasible approach. It can complicate the administration of the network in many ways. If you decide to check your firewall and see that it is not on, don’t panic! Call or email your network administrator and ask if this is by design. Most of the time you will hear yes. Here is where I may get a little flack… I use third party software for all of my protections…except the firewall. Here I simply use the Windows firewall. My experience shows that this is adequate protection. In a business environment, it is also easy for you network administrator to manage and maintain policies on. I have never been a fan of the built-in anti-virus protection, but as things stand right now I am comfortable with the Windows firewall.
The answer to the original question “do we have too much protection?” is a combination of yes and no. You really can’t ever have enough, if it is done right. You can have poorly configured, poorly managed, and poorly implemented solutions. You can have too many protection programs installed. But overall, if implemented in a layered fashion where each piece does not trample on the other, you can never have “too much” protection.
As a side note: I DO NOT recommend that you test your personal computer protection by connecting to networks that you know have problems. Sometimes there are threats that can get past even the best defenses. I do this because it is part of my job. I have many years of experience and the knowledge to deal with the threats, which is why I am a consultant with many happy clients.
Techie Guru 