I’ve had a nap, and some caffeine, and time to pontificate.  Allow me to delude myself for a few minutes, if I may…

blue_waters_main_data_center_room

So, I’ve blogged about this before, but it deserves another layer being peeled back to expose yet another realm of impending doom.

What I’m blabbering about is what some MBA folks call “salary compression”, and others call “resource compression”.  It’s what I call “anal resource compression”, because when you compress salary and resources, you get raped in the 2nd worst kind of way: your job.  The first worst kind of way would be an actual rape, and I sure hope that’s not happening to anyone reading this.

On the back end (pardon the pun) managers have various means and approaches to this scenario, but the goals are the same:

  • Lower head count
  • Fewer roles
  • Lower labor costs

Why?

  • Reduced salary costs
  • Reduced benefits costs
  • Reduced liability (legally speaking)
  • Win that quarterly bonus and golf trip

The way it plays out varies as well.  But most often it varies by time span.  The other factors tend to be driven by that initiator.  In other words, the shorter or longer the time allocated to putting such plans into action directly drive the means and mechanisms by which they are deployed.  Confused?  Just drink more, that’s how these managers make sense of it too.

Let’s role play!

You work for Phisting, Beaten and Battered, LLP, Attorneys at Law.  Your title is “Systems Administrator” in the IT department.  You currently have a full time job maintaining the status quo: lifecycle management, hardware maintenance, software patching, applications deployment, shooting-the-shit, and of course: staff meetings.  As we all know, staff meetings are designed to keep productivity down to an acceptable level.  But I digress.

Like most of your colleagues, you seem hurried and anxious most days, and feel as if you can barely keep up with your duties.  Your manager says there are no plans to hire additional staff, so current employees will need to “pull their weight harder”, as he puts it, in between sips of coffee from that stupid mug his kids bought him last Father’s Day.

After months of failed attempts, you’ve given up asking for more help, usually while standing in his office as he tries to hide the fact that he’s been lurking on Facebook and LinkedIn all day.  You decide to forego any plans to introduce “current technology” unless upper management mandates it.

Then, one day, he calls you into his office:

“Jim?”

“It’s Bill, sir.”

“Right, John.  Anyhow, I wanted to commend you on doing an outstanding job.  Look.  I know it’s not easy keeping up with all this technology…. stuff.  But nerds, I mean, engineers, are one of the most vital components to our company’s vision and execution, and we depend on the dedication of people like you, to make that happen.”

“Why, thank you, si…”

“ANYHOW.  I called you in to discuss a promotion.”

“Promotion?”

“That’s right.  You’re being promoted!  Effective next Monday, your new title will be ‘Senior Infrastructure Engineer’.  And not only that, but I approved a salary increase from $45,000 to $50,000, effective Monday as well.  How does that sound?” (huge grin, head nodding up and down as if on a dashboard spring)

(You) “Uhh…. That sounds GREAT!”

Then two weeks later you realize that you got gang raped by a team of splintered telephone poles with wirebrush gloves.  What that “promotion” really means is that you’re doing the duties of two (2) people now, and you’re still in that shitty cube in the other building.  And, because they’re not going to hire that other position you hoped they’d fill, you’re getting shafted out of a much higher salary.  Instead of paying someone for that position at somewhere between $65k-$90k, they got YOU for $50k.  Awesome deal.  And a great example of “anal resource compression”.  Smile for the photo.

FAST FORWARD…

You’ve already read this mess from me before, but here’s something they don’t consider:

Read the news often and you won’t be at all surprised to hear about another company, government agency or non-profit, getting “hacked” and records stolen.  LinkedIn, Target, U.S. Office of Personnel Management, FBI, IRS, colleges, banks, whatever.  The Internet is bound by big-name entities who seem to lack in the security department.

And if you were to corner any IT employees from those places in a small pub and buy them enough drinks, I GUARANTEE you they will eventually spill their guts about why it happened.  And I’d bet that somewhere along the way, it would involve some talk about lack of management support, too few staff, more duties piled on, not enough time to keep up, etc. yada yada yada.

In today’s world that often translates into gaping security holes.  The kind that Chinese and Russian teenage hackers live their entire lives pursuing.  So, what those bean-counting MBA folks think they’re gaining for “shareholder value”, is actually putting the entire company at incredibly, irrationally, bombastically, stupendously, asswipingly HUGE risk.

If you overload your IT staff as a standard practice, you’re breaking their legs.  They simply don’t have time to keep the current machine running AND build a new machine.  But that balance sheet sure looks tasty in front of that scary board meeting.

Meanwhile, Mr. CEO/CIO/CSO/CFO/COO/CTO/CAO is enjoying his/her quarterly 30% salary increase and $10,000 bonus for satisfying shareholders with cost cutting measures.  What they really did was reduce the weight of the ship by sawing off bulkheads below deck.  Eventually, that ship is going to sink.  And you don’t need me to prove that, just read the news.

Whether it’s a software exploit, a protocol exploit, or a human/social engineering exploit, it doesn’t matter.  Those are just the screws on the cap that covers the pipe leading directly into your data centers.

  • Support your IT staff with proper resources
  • Support your IT staff with proper training (don’t tell them to train on their own time)
  • Buy the right tools
  • Hold people accountable for picking the right tools
  • Hold people accountable for setting up the tools and processes
  • Inspect your environment (logically, virtually, physically) as often as possible
  • Make checklists
  • Update your checklists
  • Ask “Why!?” for everything you do, and you better have a satisfactory answer for each

Ask yourself: “If I were angry at my company, what could I do to gain entry and do some harm?”  If you can think of it, a dozen others can as well.  And don’t forget, when the news report comes out that your company was hacked, it won’t be the system admin guy on the news, it’ll be the CEO and CIO.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s