Ask Slashdot: IT Personnel As Ostriches? 246
MonOptIt writes: I'm a new IT professional, having recently switched from a different sci/tech field. My first gig is with a mid-size (50ish) nonprofit which includes a wide variety of departments and functions. I'm the sole on-site IT support, which means that I'm working with every employee/department regularly both at HQ and off-site locations. My questions for the seasoned pros are: Do you find yourself deliberately ignoring office politics, overheard conversations, open documents or emails, etc as you go about your work? If not, how do you preserve the impartiality/neutrality which seems (to my novice mind) necessary to be effective in this position? In either case: how do you deal with the possibility of accidentally learning something you're not supposed to know? E.g. troubleshooting a user's email program when they've left sensitive/eyes-only emails open on their workstation. Are there protections or policies that are standard, or is this a legal and professional gray-area?
Simple Answers to Simple Questions (Score:5, Insightful)
Yes
IT has access to everything and should read nothing. The content is just that, content. It doesn't matter
Not sure why this is a question (Score:5, Insightful)
I treat everyone's email the same: I don't read it. I may see subject lines but I don't see the technical reason requiring you to read them. If it's a temptation, might want to re-evaluate your own professionalism.
The same with politics and gossip: keep it to yourself; do not participate. If asked a question, smile and decline to comment. Be polite and cordial but trust no one.
Basically: do your job and stfu.
Don't look for logic (Score:4, Insightful)
1) They have no idea how to do what you do, and need you to help them perform even the simplest of tasks
2) What you do is so simple any moron can do it
3) Their son / brother-in-law / uncle, etc. is much more of an expert then you. They re-install Windows for them every six months, and made their system much faster by upgrading from a 512GB drive to a Terabyte drive as well as much safer by installing three, count them three different Antivirus products!
4)You are some kind of idiot, because you haven't done what their expert relative has done
I wish I was kidding. The reality regarding your question is that as an IT professional you will have access to said sensitive information. It will only make you jaded if there is good reason to be jaded. If there is good reason to be jaded, run don't walk to a better gig.
Just ignore it (Score:2, Insightful)
Whether I'm working in IT or another area, I try to ignore what is on people's screens. I consider this a simple matter of manners, not an IT issue. You don't read over other people's sholders, do you? Do you feel the need to act on every piece of overheard gossip or twitter/facebook post? Dealing with other people's computers should be treated much the same way you treat overheard snippets of conversation on the street. Ignore it and move on.
I've been in your position (Score:5, Insightful)
You can never ignore office politics. You don't have to play the game actively, but you do need to be aware of what's going on around you, who is in what camp, what the major conflicts are. You have to cross battle lines regularly to do your job; you can't afford to be seen as a member of the 'enemy camp' by *anyone*.
As an IT guy you need people to trust you, which means you need to be ethical. If you see something you shouldn't know, don't go chattering about it.That kind of thing does get around, and you'll lose trust instantly.
Nothing's stopping you from making personal career decisions based on the information that you come across in your daily work. For instance, if you see that the company is about to be liquidated and you don't want to be around for the mess, by all means polish your resume and start interviewing. Just don't assume that just because you saw something you have the whole picture. You could end up feeling stupid when the private email you saw turns out to be a deliberate test of your trustworthiness. It does happen.
Keep your mouth shut about the things you see. Look after your career and reputation. Be aware of politics, but abstain from participating wherever possible. After a few years when you have trust and credibility, you can consider climbing the ladder a bit and playing the game - you'll have capital to spend.
Re:Simple. (Score:2, Insightful)
Snowden found a different job more important than the one he was doing. It was also his duty to report illegal activity. I think he did a great job.
Re:Simple Answers to Simple Questions (Score:5, Insightful)
I prefer the term "professionally disinterested".
If it is NOT evidence of a crime then you ignore it. Or you use that knowledge to avoid finding out anything more about the topic.
If you have any questions then you bring those questions to HR.
There's no "grey area" (Score:5, Insightful)
As an IT professional, you will have access to data that regular employees don't. You keep your mouth shut and you don't snoop. Period. You only look at as much as you have to diagnose and fix problems; the details are irrelevant.
It's called "being professional."
Think of it as the equivalent of lawyer-client or doctor-patient relationships.
Re:Don't look for logic (Score:5, Insightful)
Always remember that you are dealing, in your case where your internal customers are not IT savvy, that there is a reason why we refer to them as lusers:
If I ever hear any IT professional at a place where I work referring to end users as "lusers", I can promise you that the shit will hit the fan.
Re:Simple Answers to Simple Questions (Score:5, Insightful)
Your best bet is to "forget" you read it; never acknowledge that you saw it, and assume the best.
For example, just because someone wrote about supposed "irregularities in the pension fund"; doesn't mean there are irregularities in the pension fund, it may just be some ignorant person spouting out / jumping to wrong conclusions.
There are also paranoid folks who will say such things, until it's proven that no, there was just some minor typographical mistake and everything's fine.
Just like when a person tells you "I turned off the firewall," but it still gave me the error message. Doesn't mean they managed to break into the server room and replace the corporate firewall with a closed circuit ------ they haven't a clue what they just said.
I'm really hoping you are smarter than that (Score:5, Insightful)
Never get involved with reading others' emails, documents, etc., that you are not required to be privy to.
Never ever let the temptation allow you to see others' performance reviews, salaries, politics. I've seen how it leads to telling someone else and then they become the go to person for information. And if the information is bad and they didn't share it, even though they had no idea, well, they didnt' say that there was a problem, the @$$#013! Hell, I've seen someone with access to the HR database pull up salaries of EVERYONE and share it out. "Oh, can you tell me how much Jason Mcboogerhead is making? What?!? I'm making $1k less?! WTF, time to march off to the manager!!!" [A manager who was stunned at the level of knowledge! AFAIK, no info was given out about how the salary info was found. I found out later when it was offered to me.]
Ignore any overheard conversations, it'll only be a couple of people talking, who knows the truth and what really is going on? You must throw out any info you "accidentally" pick up too. The obvious is the missing context of the info. As a manager, I've had other directors and managers openly talk about staffing, budget, bonuses, performance or lack thereof, in front of me. In all cases I threw away what I heard, after all, all I'm hearing is a snippet of a longer discussion. It's not my business to try to save John's job if he's pissed someone off, so I'm better off not worrying about it.
Sometimes I received a list of users to be locked out of their accounts. The only reasons to receive such a list is that they are being laid-off/let-go or in a heap of trouble. I never shared such a list with anyone. It was given to me, as a manager, in confidence. Keep that confidence. Even after the firing, I still didn't tell anyone, there's no point or net positive to be gained.
In another instance I was at a company that changed their HR such that you logged into a page, and it told you your salary, OT rates, etc. You could print your confirmation of employment for loans and such there too. But there was a bug. This bug allowed me to view everyone's salary, their bank account info and some other stuff in a nice neat chart. I immediately picked up the phone and called head office IT Security and talked them through the bug. They fixed it, phoned me back to test with me on the phone, thanked me and sent off a thank you cc'd to my manager, director, etc., praising my immediate response and "help" in fixing it.
What I didn't do was say, "Hey everybody, look at this!" and print it off, etc. Nor did I read further than a few lines and then remove it from my screen. To this day, I run into some of the higher-ups from then from time to time, they still remember me, who I was, only because of that email and that to them I was trustworthy.
It's not up to you to solve office politics, who said what to whom, or anything else. You are there to do IT. So do it and maintain your dignity and professionalism and just don't even think of looking.
You, and hopefully everyone else, will hopefully see that you are in a position of trust. You are trusted by many to keep secrets. If you can do that, it only helps your reputation. If someone can actually say you are trustworthy in your IT job then you've accomplished a lot and it only helps down the road when you want to switch jobs.
Vip
Ostriches sometimes, yes (Score:4, Insightful)
Other animals that IT personnel may impersonate include canaries and guinea pigs.
Re:Simple Answers to Simple Questions (Score:5, Insightful)
Re:Simple Answers to Simple Questions (Score:2, Insightful)
In my career I've had access to everything from HR data, payroll, ethics/legal investigations, etc... never really looked at it other than the few times I commented to the programming teams about them having debugging on in their code (in production), potentially spitting out private/sensitive information into the logs, etc (one time one team had company CC#'s with names, SSNs, etc). It is what it is - I just inform them they shouldn't do that, but don't really pay any attention to it.
I have never, even though I've had access, actually gone into the databases doing queries or anything "looking". I'd consider that horribly unprofessional, unethical, and potentially illegal.
Re:Simple Answers to Simple Questions (Score:5, Insightful)
That wasn't the question. What do you do when you did read something inadvertently? You can't unread "Irregularities in the pension fund". Do you pretend that you don't know? What if it's something illegal / against company policy / unethical?
We used to call it 'being trustworthy'. Not sure what the term is today.
People need to know that they can rely on you under pretty much any circumstances, otherwise they'll stop calling and you won't be able to do your job. That means ignoring pretty much everything.
I say pretty much, because there is a line past which you cannot remain silent. For me, it was child pornography on a customer's computer. I called the police and handed over the equipment.
This was in a small town, and it ruined my life, by the way. The owner of the computer was a prominent citizen who immediately accused me of planting the material, then began a slur campaign against me. The town, as the saying goes, wasn't big enough for the both of us. After more than a year of this, I had to leave. I'd lost my job, and I'd lost half my friends.
Some time later, I ran into an acquaintance from that town in an airport. His first bit of news that that the kiddie diddler had finally been convicted. His own smear campaign finally had the effect of bringing three adult victims of his out. They testified against him and put him away. The lesson I learned is that, sometimes, there is justice in this world. But it doesn't come free.
So yes, you need to be - and you need to be seen to be - completely, implicitly trustworthy. How you do it is simple enough: Always be there, never be seen to be part of the gossip. Be open and obvious about everything you do, and never, ever work in someone's office with the door closed. Equally, though, you need to be seen to be the kind of person who will do the right thing. That's a little harder to do and, as I've recounted, sometimes comes at a cost.
Secretaries (Score:5, Insightful)
If a secretary with no professional qualifications can take minutes in a senior management meeting and maintain confidentiality about what was said there's no reason you, as a theoretically highly-educated IT worker, can't do the same about the content of emails you happen to read in the course of doing your job.
I worked helpdesk for a large employer (Score:4, Insightful)
I started out all full of piss and vinegar and eventually learned to relax.
You will only make enemies if you play politics. Only play in politics that involve you directly. Let everything else go. It's not your job to know it though you have the ability to. You won't be faulted for not disclosing something that your privileges allowed you to know, but declined to know.
Be everyone's friend. I made friends and gained people's trust by being fair. They told me even more. I could go around uninstalling their games and stuff... But I didn't because it's just piss them off. So I just told them I saw the game and if something starts behaving weirdly, I'm going to blame the game first, and that they should uninstall it before I came back. That seemed to be enough to cover my ass in the event someone else found it and reported it to the head of IT. It kept me from making enemies. Exercising restraint is the key to success. If no one likes you, they won't put in the good word.
Re:Don't look for logic (Score:2, Insightful)
Suffice it to say my experience differs from yours. Too often I ran into users of my software and of those that I may have written portions of, that discerned solutions and detected deficiencies I missed or did not take seriously, respectively. The former was an entire package I wrote to specifications given to me by the head of the firm I worked for (cryptic scribbled / partially illegible notes on scrapes of paper) who was a professional with at least one masters in computer science and the owner of the firm that was our client. Get the picture, the user of the software asked how to do something that the owner specified should never be allowed. So I said it was not possible, because I constructed to the specs I was given. That user found a way around it. I learned later the best specs are inclusive, where you get an overview from the upper level and details from the actual users on what their needs on how the package will actually be used. Now for the latter, the user of this accounting package told me records were disappearing and I assured her that was not possible. However, later when I was reading the code (probably to make a custom change) I discovered, yes the deletion code moved to an arbitrary record and deleted that record. So what you might perceive as a "Luser" was an intelligent human being that knew nothing about coding or database theory, but she knew enough that something was amiss. At the time I thought it was the lead of our firm's code and one of his "customizations", since in most respects I was a novice I was utterly stunned but kept my mouth shut. Later I was canned (rightly and soon gratefully) and my replacement, who I trained, though more experienced than I had the same fate at that company.
I knew my knowledge was lacking, since I have never been formally trained to code. I like the writer of the request for guidance came from another science field, which made me see complexity that were for the most part absent. For example, Analysis is not quantum mechanics despite some overlapping terms.
Advice to you, please control your excessive arrogance.