Why Your IT Department Needs To Staff a Hacker 241
First time accepted submitter anaphora writes "In this TED Talk, Rory Sutherland discusses the need for every company to have a staff member with the power to do big things but no budget to spend: these are the kinds of individuals who are not afraid to recommend cheap and effective ways to solve big company problems. This article argues that, in the IT world, this person is none other than a highly-skilled hacker. From the article: 'To the media, the term “hacker” refers to a user who breaks into a computer system. To a programmer, “hacker” simply means a great programmer. In the corporate IT field, hackers are both revered as individuals who get a lot done without a lot of resources but feared as individuals who may be a little more “loose cannon” than your stock IT employee. Telling your CEO you want to hire a hacker may not be the best decision for an IT manager, but actually hiring one may be the best decision you can make.'"
Things must be slow at TED (Score:5, Insightful)
They must have had a slow day at TED and needed a talking head.
Re:To some extent, yes (Score:5, Insightful)
I think teh point of the original article is not to build your IT staff out of hackers-that-don't-shave-and-keep-swords-under-their-pillow. But having one in the corner that will recall you periodically that "we don't need a supercomputer, we can do it in excel" is sane for a team.
There's a balance (Score:5, Insightful)
I'm a big fan of standardized solutions from a name big enough to provide consistent support. That said, sometimes 2 hours spent writing a script is cheaper than 20,000 spent to your vendor to accomplish the same thing.
It's a balance, and it's up to the manager to determine the best financial choice.
Re:Just don't call them a hacker (Score:4, Insightful)
That's because the general public informs the media. It's like a game of Telephone, in which each link further from the source is more convoluted than the previous link.
Subject Area Experts >> People that work with the experts or have intermediate experience in that field >> enthusiasts/hobbyists >> selective public that will read an article on the topic from time to time >> general public that "knows a guy" >> media who gets it from a "guy who knows a guy" or reads a blog by "a guy who knows a guy" >> ... ad infinitum ... >> politicians
Every IT department needs an English major, too (Score:5, Insightful)
Re:Quite obvious for security reasons (Score:5, Insightful)
It doesn't sound like that's what they're talking about.
I think they're talking about the "I'll just get shit done where it needs doing, by whatever means I feel most appropriate" type worker. In my work experience, that guy is usually the one that is just an OK programmer, but the only one in the building that actually knows how to work on his machine, too. He probably also doesn't much mind office politics because he'll blow right past it and deal with any fallout when the problem is solved. He may or may not have read the manual. He's the practical person more than the academic, if you're brave enough to stereotype like that. ;)
You wouldn't believe the supposed "really great programmers" I've seen that just throw their hands up when something goes sideways on their workstation, or sit on their hands for days over a management dispute. They're there for one job, to write textbook quality code for a single project, collect the paycheck and be out the door at 5:01 unless someone insists that he stay. That's it. If anything else happens that complicates that arrangement, it's like a train derailment.
I know, I'm being a bit obtuse about the difference where there's a million shades of grey... but it's something I've seen a lot and I agree with the general point.
Re:On Staff? (Score:5, Insightful)
I don't need a hacker on staff. I'll just leave a few ports open, like FTP, Telnet, HTTP, RDP, etc. They'll find me and I won't have to spend a cent on payroll! ;-)
That's like expecting your car's security will be improved by leaving the windows down in a well-visited parking ramp in an area with no security cameras. No, you'll just get robbed, and likely the inside will be trashed because if there's one thing criminals love more than a free lunch, it's shitting on someone else's hard work for thrills. There aren't many real hackers left in the world... it's all assholes looking for cheap thrills or cash. Those of us who still do it to teach ourselves about how these amazing little boxes of wires and boards work and make them do nifty things for us are about as plentiful as 20-something aged stamp collectors.
I believe "woosh" is in order.
Re:To some extent, yes (Score:5, Insightful)
Agreed. Quality work is made by following processes and using checks and balances, not by trying to patch holes with someone who doesn't understand the whole picture.
One pfSense install later (and a call to corporate) and they were back up and running. Was it done with checks and balances? Approval all the way up the chain of command? A plan? A review? No. They simply said "Do whatever needs to be done and get it back online as quickly as possible." Done. At the next maintenance window, the pfSense 'hack' was replaced.
In the context of the article, the 'hacker' needs to be your 'go to guy' when you are looking for a brilliant solution to a tough problem. (And I'm not saying pfSense was some sort of 'brilliant' solution--I'm saying that it was 'brilliant' and a bit 'magic' to the IT-types at this company....which is why they are no longer Fortune 500)
Re:Quite obvious for security reasons (Score:5, Insightful)
True enough. If you really want to hire one, though, replace the name "hacker" with "troubleshooter" or "all-round developer". Management can understand why you would want to hire a troubleshooter, as opposed to a hacker who "just makes trouble".
Re:To some extent, yes (Score:4, Insightful)
That's why you don't want only hackers. Just one or two. When they create the amazing solution, then you get the other staff involved in documenting it and creating procedures around it so that it becomes a formal solution. That's also where you decide if it's a stop-gap, a prototype, a permanent solution or an abomination to be replaced yesterday.
Re:To some extent, yes (Score:5, Insightful)
There's just one problem that comes with that, and it's called management expectations. I've been doing that sort of hacks for a while. Management says "we need an automated reporting application that gathers data from 5 different sources and displays nicely formatted reports on a web page, 24/7, every 15 minutes, but we don't have a budget for that sort of thing". I got an old desktop, installed Apache, installed an Office suite, created some VBA code that did all that. The reports were displayed best in IE only; under FX, the colors were a bit garbled but oh well, it was a quick hack. Right?
Wrong. Management wanted FX compatibility. I talked them out of it, but it took me longer than actually writing the damn code in the first place. Then they wanted historical data, so I expanded my script to do that. Then they wanted e-mails to be sent to them automatically because they were too fucking lazy to check the damn webpage. Then they wanted 2 more data sources included in the consolidated reports. Then they wanted reports customization.
We have a saying here in my country which sounds like this: "You can't make a whip out of shit and expect to crack it". But management expected just that. There's a pretty thick line between aiming for more and being flat out ridiculous. And needless to say, I am not a programmer and never been one, my job was different but I took this project to see what could I accomplish.
That's the problem right there: you do something with nothing and then they expect you to do just that and more of it indefinitely. So good luck in hiring a "just get shit done" guy. It's good to have one. But the temptation to abuse him is high and most management level dudes have no clue when they cross the line.
Re:Things must be slow at TED (Score:2, Insightful)
No,
You all miss the point. The point, said in terms I speak, is that IT is a cost center in almost every company that has an IT department. By having a resident hacker, you have the ability to generate prototypes quickly, and switch IT from a cost center to a profit center. By doing this rapid prototyping, you have the ability to demonstrate to management the ability of IT to increase profit. This is a *good thing*.
Re:Quite obvious for security reasons (Score:5, Insightful)
Re:To some extent, yes (Score:4, Insightful)
Agreed. Quality work is made by following processes and using checks and balances, not by trying to patch holes with someone who doesn't understand the whole picture.
Sounds like you're wrong about processes. Many people assume a process == bureaucracy. In all the large companies I have worked with, what you describe is covered by an Emergency Fix process, which basically will let someone dive in and fix things as quickly as possible without the usual chain of command overhead. However, once in place, there will be checks and balances applied after thee fact to ensure the implemented fix won't cause any security/maintenance.performance etc. issues in the future.