Confessions of an IT Director

Knowing what you don’t know… (I TOLD YOU!)

I told you so!

I tend to be a competitive guy. BUT, as I’ve gotten older I realize you don’t know what you don’t know, and normally, people are okay with that. As a matter of fact, I consider it one of my strengths, the fact that I’m aware of my areas of weakness and have cultivated relationships and resources to help me in those areas. I can’t do something for you? Don’t fret, I’ve got a guy. However, a large part of the IT director gig is being a generalist.. A person who knows just enough about everything to orchestrate and execute on strategy and vision, someone who can be both strategic and tactical, dealing with today and 5 years from now. I have to have the ability to deal with IT items on a company P&L sheet, but also be able to roll my sleeves up and troubleshoot why a monitor won’t turn on. 

Thus, being an “IT guy” (or normal guy who’s proficient in IT) inherently develops a “know it all” attitude that isn’t always positively received by…. Well…. Anyone. In all my posts thus far, I’ve referenced Jimmy Fallon’s character on Saturday Night Live, “Nick Burns, your company’s computer guy”  As funny as the bits are (because they’re rooted in somewhat exaggerated truth), you hear a consistent theme, that the end users Nick Burns is servicing don’t like him. “I don’t like that guy,” one of them says. Even the theme song talks about how first (Nick) will fix your problem, and then he’s going to make fun of you. 

A “C” level person for a company I used to work for had a talk with me once, when I was younger in my career, and called me a “bull in a china shop.” He was attempting to coach me because I had rubbed people the wrong way. “You walk around here acting like you know everything, because you probably do know everything,” is what he told me. I was frustrated because my new colleagues (I was new to the company) just operated so much slower than I was accustomed to. I had just left a company where everything was urgent. They wanted it done, and they wanted it done yesterday. So this new company, where everything was a quarter speed (“Oh you can give me that budget proposal a week from Friday”) was jarring, in all the wrong ways. I tried to change the culture by example, kicking off and accomplishing so many “wins” (in my eyes) but all that did was cause my colleagues angst, because they didn’t operate my way. Looking back, it put me on the outside with those I worked with, and I never fully recovered from that position in that organization.

But what happens when we (the “IT guy” ) DO know something? When we warn and warn that if the company does not do something to remedy a problem, that the company is at risk? And then when the company ultimately decides not to go through with our recommendation (because IT is just too expensive) and pays a huge price for it when the thing we said was going to fail, does… who’s fault is it?

There was this article in the New York Times last week, about a former IT Director for a city in Florida who was fired after a ransomware attack caused the city to have to pay out almost half a million dollars ($460,000 or 42 bitcoin) in order to retrieve the key to decrypt the city’s files. It took the city weeks to recover from the attack, and shortly after the IT Director was fired. However, he claims he warned the city two years prior about this vulnerability, and proposed a system that would have kept the city from having to pay for the key. Basically, he identified a problem, proposed a solution, and the organization said no. There’s a lawsuit in progress… you can read about it here:

When Ransomware Cripples a City, Who’s to Blame? This I.T. Chief Is Fighting Back”

I’ve engaged in a couple discussions on this topic with a few colleagues. People definitely end up on different sides. “IT people” take the side of the Director, the “I told you so” approach. I tend to agree, to an extent. The problem was identified early on and a solution was already proposed. How is it the IT Director’s fault if the organization decides not to go with the proposal? And then, there is the business side of me that disagrees, because in any other walk of life, someone pays the price for a massive problem like that. Is the IT Director personally responsible for the ransomware attack? No. However, he’s responsible for the health of the system, and I can’t help but wonder what his actions were when the organization turned his proposal down. Did he throw his hands up in resignation? Did he refuse to research alternative methods? Did he provide other, possibly less expensive proposals that maybe could have mitigated some of the vulnerability? Obviously, the article doesn’t stipulate… but I know how I’ve reacted in the past, and I’m not super proud of it. We get “IT tunnel vision” because we “know what’s best.” 

I’ve been there, more times than I’d like to count. I do the research, come up with the charts, graphs, ROI, cost justification, risk analysis… and I’m lucky to get 6 minutes of hard pressed attention from executives. In the end, they deem the cost too great, don’t understand the risk, or don’t believe it could happen to them, or by the time I’m explaining the risk, their attention span has moved to another topic. 

It’s certainly easy to fall into the trap of throwing my hands up and saying, “oh well, not my circus, not my monkeys”… but that’s the catch. It IS my circus. When something goes wrong, no executive is going to say, “oh man, IT warned us about this two years ago”… heads are going to roll!

It’s also easy to say that the IT Director needs to do a better job pushing for the solutions. Someone told me, “ If you don’t want to be the IT director who ends up the scapegoat, you must insist that your employer deploy technology and training you know will protect your organization.” I laugh at that statement. What am I supposed to do? Stage a sit in? Lay in front of the CEO’s car until they approve my solution? I recently read, “The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win”  (it’s a good, unique look at the world of IT through a fictional story).. And at one point, the main character resigns over constant disagreements and unrealistic expectations from the CEO. They have it out, he resigns.. Then (SPOILER ALERT) the IT department suffers, the CEO sees the error in his ways, asks the IT Director (VP, in this story) to return, the VP gets his way, the day is eventually saved, and the VP of IT (main character) is eventually put on the track to be the next COO of the organization, due to his unique understanding of the workings of the enterprise. 

While this makes for a great book, most of us don’t have the luxury of resigning when we don’t get what we’ve asked for. Most of us have people who depend on our staying employed to live… and more realistic still, most CEOs won’t “see the error of their ways” and ask you to come back. If there’s anything I’ve learned in my days as a professional musician (yes, before IT I wanted to be a pro musician… another blog post, perhaps), it’s that if you cannot or will not do something, there’s always someone just as good as you or even better than you waiting in the wings who will do what you can’t or won’t do, for probably cheaper. 

So which side is right on the above example? The city, who fired their IT Director due to the massive breach and subsequent massive payout? Or the IT Director, who warned of the vulnerability two years prior, but got shut down? 

In my opinion? Both. And both are wrong too. It’s important to look at situations like the city IT Director, and the one I posted about my experience where I was a “bull in a china shop” and learn from them. Yes, there will always be problems (thank God for that, because that’s why I find myself employed), and I will likely still see many of my future proposals shut down. I believe IT has to do a better job of changing the “know it all” culture, and integrating themselves as normal operating pieces of the business, and businesses have to do a better job of raising the awareness, training, and competency of their integration with IT. 

The next time I’m asked to do a task that I find easy, I will refrain from calling it an ID-10-T problem (or that the issue resides between the spacebar and the back of the chair), and take the time to sit, kneecap to kneecap with someone, educate them, and in return, maybe be educated things I don’t know.. Because as much as I want to say, “I told you so…” I’m not doing my mission any favors that way. The more I do this, the more I find that this job is a small percentage technical, but a large percentage relational. A smile, nod, and genuine attention go a long way… maybe then I can start to change the culture, one “IT request” at a time… and in the end? I’m finding there’s just so much I don’t know…. And that’s okay.. Because it’ll make me better at my job.