Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT Technology

Why Your IT Department Needs To Staff a Hacker 241

First time accepted submitter anaphora writes "In this TED Talk, Rory Sutherland discusses the need for every company to have a staff member with the power to do big things but no budget to spend: these are the kinds of individuals who are not afraid to recommend cheap and effective ways to solve big company problems. This article argues that, in the IT world, this person is none other than a highly-skilled hacker. From the article: 'To the media, the term “hacker” refers to a user who breaks into a computer system. To a programmer, “hacker” simply means a great programmer. In the corporate IT field, hackers are both revered as individuals who get a lot done without a lot of resources but feared as individuals who may be a little more “loose cannon” than your stock IT employee. Telling your CEO you want to hire a hacker may not be the best decision for an IT manager, but actually hiring one may be the best decision you can make.'"
This discussion has been archived. No new comments can be posted.

Why Your IT Department Needs To Staff a Hacker

Comments Filter:
  • On Staff? (Score:5, Funny)

    by WrongSizeGlass ( 838941 ) on Monday June 11, 2012 @01:08PM (#40286459)
    I don't need a hacker on staff. I'll just leave a few ports open, like FTP, Telnet, HTTP, RDP, etc. They'll find me and I won't have to spend a cent on payroll! ;-)
    • That's right, you won't! Someone else that's filling your shoes will, as you're busy at home updating your resume.

  • by Animats ( 122034 ) on Monday June 11, 2012 @01:09PM (#40286479) Homepage

    They must have had a slow day at TED and needed a talking head.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      No,
      You all miss the point. The point, said in terms I speak, is that IT is a cost center in almost every company that has an IT department. By having a resident hacker, you have the ability to generate prototypes quickly, and switch IT from a cost center to a profit center. By doing this rapid prototyping, you have the ability to demonstrate to management the ability of IT to increase profit. This is a *good thing*.

  • I can agree to a point. I certainly know people/places that just throw money at a problem. And I know that when systems and down and the customer is starting to panic, that I've come up with some interesting and very good solutions. However there are problems with always trying to solve solutions with 'hacks'. They become unsupportable, they fail in unexpected ways, and they make it harder for you to get a budget to do things you simply can't/shouldn't hack a solution together for. 'What, why do we need a SAN? Remember how you wired those netbooks together for our web farm! Figure something out for us. KTHXBYE.'

    But I do agree you need someone who can think creatively and not be locked into marketing speak anytime a problem comes up.
    • by godrik ( 1287354 ) on Monday June 11, 2012 @01:14PM (#40286553)

      I think teh point of the original article is not to build your IT staff out of hackers-that-don't-shave-and-keep-swords-under-their-pillow. But having one in the corner that will recall you periodically that "we don't need a supercomputer, we can do it in excel" is sane for a team.

      • by war4peace ( 1628283 ) on Monday June 11, 2012 @02:21PM (#40287437)

        There's just one problem that comes with that, and it's called management expectations. I've been doing that sort of hacks for a while. Management says "we need an automated reporting application that gathers data from 5 different sources and displays nicely formatted reports on a web page, 24/7, every 15 minutes, but we don't have a budget for that sort of thing". I got an old desktop, installed Apache, installed an Office suite, created some VBA code that did all that. The reports were displayed best in IE only; under FX, the colors were a bit garbled but oh well, it was a quick hack. Right?
        Wrong. Management wanted FX compatibility. I talked them out of it, but it took me longer than actually writing the damn code in the first place. Then they wanted historical data, so I expanded my script to do that. Then they wanted e-mails to be sent to them automatically because they were too fucking lazy to check the damn webpage. Then they wanted 2 more data sources included in the consolidated reports. Then they wanted reports customization.
        We have a saying here in my country which sounds like this: "You can't make a whip out of shit and expect to crack it". But management expected just that. There's a pretty thick line between aiming for more and being flat out ridiculous. And needless to say, I am not a programmer and never been one, my job was different but I took this project to see what could I accomplish.
        That's the problem right there: you do something with nothing and then they expect you to do just that and more of it indefinitely. So good luck in hiring a "just get shit done" guy. It's good to have one. But the temptation to abuse him is high and most management level dudes have no clue when they cross the line.

      • Can do it in excel is never a sane option, that's an unmanageable nightmare waiting to happen. You going to email the spreadsheets around while your at it so everybody has a local copy of different old versions and it's impossible to reconcile them all?

    • by crazyjj ( 2598719 ) * on Monday June 11, 2012 @01:20PM (#40286637)

      I become very wary when the higher-ups start talking about fixing problems without spending any money. It's usually corporate-speak for "Do everything for nothing." Some things are WORTH spending money on. Some things you absolutely NEED to spend money on. And hacking together cheap solutions only makes it even more problematic when one of these situations arises (Expect to hear "Hey, why do you need a budget bump now? You did fine last year on next-to-nothing"). Corporate culture almost demands that you spend at least enough money each year to not shock the hell out of the boss when you really NEED it one year.

      Not to mention that hacked solutions tend to be a fucking NIGHTMARE to maintain over the long-term. Think about the day your "hacker" leaves and his replacement has to come in and try to figure out his predecessor's jerry-rigged mess.

      • by mcmonkey ( 96054 )

        Not to mention that hacked solutions tend to be a fucking NIGHTMARE to maintain over the long-term. Think about the day your "hacker" leaves and his replacement has to come in and try to figure out his predecessor's jerry-rigged mess.

        QFT. While hacker != cracker, the submission is incorrect to say a hacker is a great programmer.

        A hacker may or may not be a great programmer. What a hacker is, is clever. A hacker can get systems to do things they weren't designed to do. A hacker can repurpose tools to achieve novel results.

        What a hacker does not do, is produce a solution that will be easily maintained.

        • What a hacker does not do, is produce a solution that will be easily maintained.

          Wrong, that depends on the hacker. To qualify as a great hacker, the hacks have to be good by this metric too. A lot goes into being a great hacker, but this much is always true: greatness is on more than one level.

          • Re: (Score:2, Troll)

            by CanHasDIY ( 1672858 )

            What a hacker does not do, is produce a solution that will be easily maintained.

            Wrong, that depends on the hacker.

            Also depends on who's following along afterwards. Even the simplest hacks will quickly confound pedigreed ponies who only know how to follow directions.

            Most of the hacks I've managed over the years would (by design) be fairly simple for another hacker to figure out, but those MBA's running the department? Yeah, good luck with that, Chuckles.

            • by pnutjam ( 523990 )
              I agree, I am always careful to document the open software and standards I am adhering too. In my mind it always looks straightforward and I have maintained systems for years. Unfortunately once it gets turned over to someone else they always have maintenance problems, usually because they cannot understand the process no matter how much training I provide.
              However, I see this with commercial solutions also. Either the new guy can't understand the current stuff, or he needs to mark his territory by replacing
        • What a hacker does not do, is produce a solution that will be easily maintained.

          This. A thousand times, this.

          A well-rounded IT staff would be better off with more money for staying up-to-date with training and new technology than having someone dedicated to hacking together ductape solutions and bandaid fixes because the business doesn't want to spend the money/time on the right tools to doing things the right way.

          Hackjobs are a nightmare to maintain, inherit or scale up, and they're usually a bit shortsighted when it comes to conditions the hacker didn't expect or think about. Y

      • Corporate culture almost demands that you spend at least enough money each year to not shock the hell out of the boss

        This is the kind of mentality that makes management keep cutting IT staff, and budget, annually. If you're dumb enough to let one person "jerry-rig a mess" that's the fault of management.

        Always, always have at least two people on a project. Documentation should be reviewed for accuracy on a regular basis. Have people design a plan on paper first before any hardware purchasing happens. Have them stick to it so you have an idea what's going on. If they need to change paths, the paper plan should be updated f

      • by sjames ( 1099 ) on Monday June 11, 2012 @02:19PM (#40287409) Homepage Journal

        That's why you don't want only hackers. Just one or two. When they create the amazing solution, then you get the other staff involved in documenting it and creating procedures around it so that it becomes a formal solution. That's also where you decide if it's a stop-gap, a prototype, a permanent solution or an abomination to be replaced yesterday.

    • You quipped -
      "What, why do we need a SAN? Remember how you wired those netbooks together for our web farm! Figure something out for us. KTHXBYE.'"

      - I think the guy who got that line went on to invent iSCSI.

      Not that I have anything against Fibre Channel --- as long as the buffer credits dont run out.

  • by crazyjj ( 2598719 ) * on Monday June 11, 2012 @01:12PM (#40286519)

    To the general public, the term “hacker” refers to a user who breaks into a computer system.

    FTFY.

    Best not to go to your boss asking to hire a "hacker." And I sure wouldn't use that term in writing.

    • To the general public, the term “hacker” refers to a user who breaks into a computer system.

      FTFY.

      Best not to go to your boss asking to hire a "hacker." And I sure wouldn't use that term in writing.

      To be fair, I find the general public is often more informed than the media are.

      • by SJHillman ( 1966756 ) on Monday June 11, 2012 @01:27PM (#40286729)

        That's because the general public informs the media. It's like a game of Telephone, in which each link further from the source is more convoluted than the previous link.

        Subject Area Experts >> People that work with the experts or have intermediate experience in that field >> enthusiasts/hobbyists >> selective public that will read an article on the topic from time to time >> general public that "knows a guy" >> media who gets it from a "guy who knows a guy" or reads a blog by "a guy who knows a guy" >> ... ad infinitum ... >> politicians

    • by Nidi62 ( 1525137 )
      This is what I was going to say. What I can think of is to basically call him a MacGuyver. I mean, that's basically the role Southerland is suggesting the guy plays, right? Plus this term comes with a more positive connotation than "hacker" would.
      • I like MacGuyver, though it might become anachronistic as more young people grow up in the post-MacGuyver era. I was actually shocked the other day to learn that one of the new hires was born in the 90's. I guess it had never occured to me that someone old enough to work could have grown up completely in an era I consider so recent.

        • by Nidi62 ( 1525137 )

          I like MacGuyver, though it might become anachronistic as more young people grow up in the post-MacGuyver era. I was actually shocked the other day to learn that one of the new hires was born in the 90's.

          That's a good point, but if you think about it, you're trying to sell the hire to management, right? Management at this time, especially at the department level, should still be old enough to recognize the reference.

      • You're right. Telling management you want to hire a McGyver, troubleshooter or "general all-round developer" is fine. But announcing you want to hire a hacker is just a dumb move in any company.

      • This is what I was going to say. What I can think of is to basically call him a MacGuyver. I mean, that's basically the role Southerland is suggesting the guy plays, right? Plus this term comes with a more positive connotation than "hacker" would.

        I've worked some places where it wasn't MacGuyver, but B.A. Barabbas, as in "..get me a BBQ, a trash can and a tube radio, 'cause I'm going to make a server!"

    • What term would you use, then? How do you distinguish someone who considers programming their day job from someone who loves to program regardless of whether they are being paid to do it (which is not to say that hackers do not care about getting paid)?
  • There's a balance (Score:5, Insightful)

    by grasshoppa ( 657393 ) on Monday June 11, 2012 @01:21PM (#40286651) Homepage

    I'm a big fan of standardized solutions from a name big enough to provide consistent support. That said, sometimes 2 hours spent writing a script is cheaper than 20,000 spent to your vendor to accomplish the same thing.

    It's a balance, and it's up to the manager to determine the best financial choice.

    • I'm a big fan of standardized solutions from a name big enough to provide consistent support.

      If by standardized solution, you mean a piece of utter piece of shit and if by "name big enough to ptovide support" you mean Oracle, then sure.

      Though you might want to add a few zeros to your figure of 20,000 if you want a big name.

      • by s.petry ( 762400 )

        Nah, I can't say I agree with you. The problem we have now in IT is that we have really only given ourselves 2 possible solutions, unlike what grasshoppa suggests as a third alternative. It currently goes like this.

        Big contract houses and huge pay outs for everything. This could be Dell or HP, with full board support, iLO licenses, insight managers, etc... Oracle and IBM have the same thing. It's a fixed price for everything, and you have to order from the catalog for them to support you. Need a 1 off

    • MS-Access is the primary tool for quick-and-dirty specialized apps in most orgs I've been in. Sure, it scales poorly and needs a fair amount of babysitting because things break, but that's the trade-off. If a quick-and-dirty app grows in popularity or proves to be useful and lasting, THEN more formal approaches can be done to make a "real" version of the app.

      Don't get me wrong, MS-Access has a lot of annoyances and quirks, but it's common enough that somebody is usually available who knows it and thus it's

  • Bullshit (Score:5, Interesting)

    by holmedog ( 1130941 ) on Monday June 11, 2012 @01:27PM (#40286725)

    One of the most annoying things I deal with at work is people who think they are "hackers". The best and brightest people follow the rules - that's why they are the best. They break the rules in great times of need. When a project blows up on the weekend and we are going to miss an SLA, etc.

    The idea that you want to work with someone who spends their time trying to half-ass things to save themselves time is not only stupid, it's completely the opposite of what you want in a professional environment.

    "Hack" in your spare time. Enjoy it, have fun. I know I do. My home-grown projects have none of the constraints my work does. But, don't do it on my company time.

    • Re:Bullshit (Score:4, Interesting)

      by Bob9113 ( 14996 ) on Monday June 11, 2012 @01:52PM (#40287027) Homepage

      The best and brightest people follow the rules - that's why they are the best.

      Following the rules is orthogonal to greatness. Joan of Arc, Steve Jobs, Richard Feynman -- not big on following the rules. Alan Greenspan, Warren Buffet, W. Edwards Deming -- big rule followers. Each extraordinary in his or her own way.

    • The best and brightest people follow the rules - that's why they are the best. They break the rules in great times of need. When a project blows up on the weekend and we are going to miss an SLA, etc.

      The best and brightest don't follow the rules, they make the rules. Their projects don't blow up.

      Where I work, the challenge is to take a $20 million project, and make it work for $10 million. Blowing up is not an option.

    • Why didn't you just write "I disagree with the entire premise of the article", because that is what your words mean. And in the process you redefined the definition of "hack" to mean "write crap code". As if you didn't read the article, or have never met a real hacker. I hope you don't consider yourself one at this stage. By all means continue with the home-grown projects, but keep in mind that just being home-grown does not mean it has to be crap.

      • I'm sorry. I thought writing "bullshit" would more than clarify that I don't agree with the author. Hacking has its place, but it is not in the work environment. Standards and procedures are a good thing for a reason. Being a "loose cannon" as the article says is a terrible thing in a work environment. Every time I have to work on some "genius hacker's" code I get pissed off. It might be the most brilliantly written thing in the world, but if it is "hacked" together - by the very definition of the wor

    • The best and brightest people follow the rules - that's why they are the best

      I think you are confusing "best and brightest" with "most conservative."

    • It really depends on what role you are playing. Thinking outside the box, trying a few things here and there, quickly cobbling crap together with whatever tools lie to hand, no process or documentation, modify stuff on the fly? Not such a good idea on a project, even when its stuck badly. But great when doing a quick proof-of-concept on a dime. In PoCs and pilots, you need a lot of agility, and outside-the-box thinkers who might not be the best and brightest but who are good generalists rather than spec
    • by sjames ( 1099 )

      If you have people who break rules so they can half-ass things, they may fancy themselves to be 'leet hackers, but they're certainly not.

      A proper hacker does not half-ass. If anything, they tend to over-do.

  • BURN THE WITCH! (Score:5, Interesting)

    by girlintraining ( 1395911 ) on Monday June 11, 2012 @01:27PM (#40286727)

    You're joking, right? A hacker is, by definition, someone overqualified for every job where the dress code includes the word "business" in its description. Why the hell would someone like that want to work for peanuts, creating miracles out of thin air with no budget? Because they find it challenging? Bitch, please -- we want to get paid, and if I'm working for a place that values IT so little they can't even come up with a budget for things that would (by your own definition!) render improvements to their infrastructure, what are the odds of promotion? A raise? Benefits? Answer: Zilch. Nothing. Nodda. Zero.

    I know it's an unrelated field, and some of you will probably laugh, but when I was in school for graphic design (I already know enough for a degree in IT), one of the things my first teacher told me is: Don't work for free. You're not going to get any exposure, leads are worthless, and charity work doesn't get the bills paid. As a graphic designer, most of us are self-employed and it's essential we know to the nearest half-hour mark how long a project is going to take in billable hours. We need to make our own budget for every project, and everyone and I mean everyone is looking for free work or thinking they can do it themselves with photoshop.

    IT is approaching the same commoditization of labor -- Many of us are "contractors" already, but eventually people are going to wise-up and become self-employed because contractors are paid shit and treated as such. Be ahead of the curve people: Don't work for peanuts, and if someone says "there's no budget for what you do," take the hint and move on.

    • Re: (Score:2, Offtopic)

      by CanHasDIY ( 1672858 )

      You're joking, right? A hacker is, by definition, someone overqualified for every job where the dress code includes the word "business" in its description. Why the hell would someone like that want to work for peanuts, creating miracles out of thin air with no budget? Because they find it challenging? Bitch, please -- we want to get paid, and if I'm working for a place that values IT so little they can't even come up with a budget for things that would (by your own definition!) render improvements to their infrastructure, what are the odds of promotion? A raise? Benefits? Answer: Zilch. Nothing. Nodda. Zero.

      Oh, in the name of all that's Holy, this.

      I've been that guy - tasked with the nigh-impossible, no budget to speak of, and oh yea, paid $10/hr to make it happen.

      I got the job done every time, often doing more than was required, and typically for even less money than the meager pittance I was given for the project. Did it make an appreciable difference regarding my employer's attitude towards IT? You be the judge: I got fired for asking for a raise a week after finishing the most elaborate project ever for

      • One of the major problems in I.T. is that when you work your ass off and perform a miracle that usually your employer is not smart enough (about I.T. or just plain dumb in general) and the very next day they ask you for an even BIGGER miracle instead of patting you on the back. Since everyone is human its not a cycle that can last for all that long.

        I too have worked in areas like that. To be any good and have any longevity you've got to be mediocre.

      • This is slashdot. Most of us have been there. It took me a couple of years to lose my youthful illusion that anything I do would be properly welcomed, and now I spend the time at work enforcing the AUP with all the enthusiasm of a Gestapo officer. One of the nice things about working at a school is being allowed to abuse your authority just a little to put the Fear of the IT God into the little brats.
      • I have also been that person ($12 instead of $10, mind you). Thankfully I quickly realized I was selling myself short. I only made that mistake once, at the beginning of my programming career. Schools need to tell students about what decent market rates are or they'll do the same thing.

    • Never do it for free.

      http://youtu.be/uYMnAUGFuG0 [youtu.be]

      Sage words.

    • Why the hell would someone like that want to work for peanuts, creating miracles out of thin air with no budget?

      The article did not say anything about working for peanuts, just not having resources... that is, not being in a position to command a dozen code monkeys to go write crap code based on specs concocted on powerpoint slides and design documents not worthy of the name. I am not sure I agree with the premise that a great hacker cannot be even greater by being able to farm out some of the work. But that is not the main point.

      On the contrary, great hackers usually become widely recognized as such, to be in demand

  • by sandytaru ( 1158959 ) on Monday June 11, 2012 @01:28PM (#40286739) Journal
    Someone who has coding chops but whose happy place is 50 pages deep in documentation.
    • yes tech writer but don't make the techs do the documentation. Let the tech guys do the tech work and the writer do the documentation work.

      • Well, not all technical writers are created equal. Someone who was trained to write grant requests for the school's horticulture department may not be the best fit for an IT department. You still need to have someone who can recognize an SQL query and point out that you forgot to include a unit test for one of your classes.
  • by SJHillman ( 1966756 ) on Monday June 11, 2012 @01:29PM (#40286755)

    I suppose I'm my department's hacker. One of the more fun things is I've begun repairing touchscreen wallmount PCs in-house rather than sending them out for repair at $350-$1000 each. A shame the money I save likely won't be rolled back into my salary.

    • The skills you get from that activity have a value all their own. You could become proficient enough to start your own repair company. It's like kickstarter for your hobby.
  • hack repairs / MacGuyver fixes can end up down the road being a big issues or just become some leftover thing that no one know why it's there and keeps it there even after what it was trying to fix got fixed so now it's just setting there doing nothing.

    This can be even worse in places with lot's red tape where so one puts something in with little or no docs on it to get the job done.

    • I work in what is in a way the hacker's dream: In about a month the building gets knocked down. About a year ago management decided there was no reason to invest in infrastructure when the building is being demolished and the entire IT system replaced. So we've had a year, minimal budget, giant mountains of scrap parts, and no reason to build anything long-term maintainable. We've got vital equipment held together by chewing gum, our backup is USB2 hard drives, one wing is networked by an ethernet cable slu
  • by account_deleted ( 4530225 ) on Monday June 11, 2012 @01:47PM (#40286975)
    Comment removed based on user account deletion
    • Such a person is exceptionally rare. The power of the hacker comes from total dedication to their field to the point of obcession. This is why such a high proportion are diagnosed with Asperger's syndrome. They don't develop social skills, because while the normal people were out with their friends the hacker was sitting at home writing code or learning circuit design. In any field, those at the very top are always going to be barely-social eccentrics, because that is what it takes to make it to the very to
      • Eh. I find this is more of a stereotype than a reality. Sure, at the VERY top, you'll probably find more socially inept people, but you can still find some very smart, very agile hacker professionals out there, and in most cases those people are better than the ones at the top anyway.

  • Rory Sutherland discusses the need for every company to have a staff member with the power to do big things but no budget to spend

    This sounds like the job from Hell. What qualified person would take it? It screams "cheap" – a company that thinks like this probably won't be too generous with raises and benefits either.

    (Lots of IT staff, myself included, don't directly control any spending authority. But that's different than having "no budget to spend." What matters is that we get new equipment and/o

    • It would be nice to have someone charge of the things so unimportant that no-one else claims authority over them, like checking the signage is correct, the staff room sink gets occasionally cleaned* and the supply of tea is never allowed to run dry. *The cleaning staff at my workplace insist this is not their responsibility. I won't touch it without a hazmat suit.
  • What a stupid story!

    Basically the story says "You should hire a great programmer" - duh!!

    Only reason for the story is the use of the word 'hacker'

  • by jklovanc ( 1603149 ) on Monday June 11, 2012 @06:26PM (#40290199)

    To a programmer, “hacker” simply means a great programmer.

    I have been programming for over 20 years and my definition of a hacker is some one who writes quick and very dirty code to fix a specific issue for a short period of time. In my experience hackers have a tendency to leave behind fragile, undocumented code that may or may not work in the future. Some hacks stand up over time but most fall down when run long enough. All hacks need to be eventually documented, tested and approved before they become permanent parts of the code base. The worst thing that can happen is to come across a hack a year later and no one know what it does or why it is there. In my experience most hacks need to be replaced as soon as possible.

To communicate is the beginning of understanding. -- AT&T

Working...