Ask Slashdot: IT Personnel As Ostriches? 246
MonOptIt writes: I'm a new IT professional, having recently switched from a different sci/tech field. My first gig is with a mid-size (50ish) nonprofit which includes a wide variety of departments and functions. I'm the sole on-site IT support, which means that I'm working with every employee/department regularly both at HQ and off-site locations. My questions for the seasoned pros are: Do you find yourself deliberately ignoring office politics, overheard conversations, open documents or emails, etc as you go about your work? If not, how do you preserve the impartiality/neutrality which seems (to my novice mind) necessary to be effective in this position? In either case: how do you deal with the possibility of accidentally learning something you're not supposed to know? E.g. troubleshooting a user's email program when they've left sensitive/eyes-only emails open on their workstation. Are there protections or policies that are standard, or is this a legal and professional gray-area?
Simple. (Score:0, Informative)
"how do you preserve the impartiality/neutrality which seems (to my novice mind) necessary to be effective in this position" You keep your mouth shut about anything but your job.
LOPSA/LISA Code of Ethics (Score:5, Informative)
Read the System Administrators' Code of Ethics [usenix.org] and take it to heart. Even if your job title doesn't include the words "system" or "administrator."
It's actually pretty easy to ignore the content of an email if you're focused on the email delivery process (mail server logs, the headers of forged/spam mails, things like that). Similarly, if you're doing FTP hosting or file drops for customers, you rarely need to dig into the content of the files themselves to troubleshoot upload/download problems. There are rarely reasons to dig into the content of whatever you're working on. It does come up, if (for instance) some piece of email has wacky malformed content that keep crashing the mail client, but IME those situations are uncommon.
I used to work at a mom-and-pop ISP, in a small town. Our customers included the local police and fire departments, City Hall, and most of the larger law offices and accountants' offices. Since we provided email and Web hosting (among other services), I certainly could have made some locals' lives very interesting. Hell, I had access to the email of everyone in my company, including that of the owners to whom I reported. I'll admit to having been tempted once or twice, but I'm proud to say I never abused my privilege.
Re:Not sure why this is a question (Score:2, Informative)
I call bullshit on this. It seems to be true... but it isn't, not quite.
IT is typically a support position, not the core business. That limits promotion potential. Worse, when done well it's supposed to be invisible by dint of not breaking down. You can do something about that by promoting yourself, by communicating really well, by showing what went well instead of having to announce another failure you're mopping up after. Like, you've done a bunch of maintenance and introduced a new service. You can announce that with a nice little (short!) blurb extolling the virtues of what you've done and how that helps the company in a way that'll be appreciated. Do this well and everybody'll know what IT is for, what it does for the company, and so on. You make yourself visible.
The original question, though, was about office politics and gossipping you run into because you meet bloody everybody in the company, and about the accidental brushes (I would hope so, anyway) with stuff not really ment for your eyes. As to that, you indeed don't partake in and do STFU about.
As a last resort, maybe.. (Score:4, Informative)
I have designed, built, tested, audited, and supported security compliant environments for over 2 decades. A decade at a DOD site, and about the same time afterwards with PCI and HIPPA compliance. In many cases, you need to report seeing things you are not supposed to see. "Forget" is illegal in many cases, so claiming it's a viable answer is dangerous.
That said, from TFA it does not appear to be a legal issue here. Just warning that it's not good advice in general.
The biggest single thing to put into your debugging arsenal is test data. Need to debug mail, send test mail. Need to test encryption/decryption, make dummy files to encrypt and test. A user can't do something, provide them test data to work with that you know is clean. A user has a display problem, have them bring up the application with NO data loaded. These are extra steps, but worthwhile steps. If users complain about loading test data explain it to them.
The second biggest thing for you to have handy is a big dose of honesty. If you open something confidential, make sure that someone knows you saw it (you report to someone as an IT professional, even if it's the CEO directly). If you have to access a users desktop, ask them to watch and make sure you don't open a file that they may not want you to see. If you have to open something you know is sensitive, get permission first (preferably in writing).
There are surely exceptions (Edward Snowden), but that's a much longer discussion. Sysadmins by nature have access to more than any single person in the company. Good sysadmins don't flaunt or take advantage of that fact.