Tuesday, May 02, 2006

More Unrealistic Expectations from CIOs

I found anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r article containing unrealistic expectations for IT staff. It's in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1 May 2006 issue of CIO Magazine, titled The Postmodern Manifesto. It begins this way:

The service-fulfillment model for IT is dying. A new philosophy of innovation and productivity is being born. Here’s what CIOs need to do to usher in a new age of IT.

Excuse me? IT as a service is already dying? I know plenty of shops who are only now jumping on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 service bandwagon. I guess magazines like CIO have an incentive to write about whatever cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y consider to be "new," since people want to stay "on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 edge." Let's see what advice this article provides.

The Postmodern IT Department will be smaller, more distributed and dependent on a tightly integrated supply chain of vendors. It will be in desperate need of multitalented specialists who have in-depth technology knowledge but who can also create new products and capabilities that businesspeople might never have envisioned.

Yuck. "Postmodern" is a horrible name. What comes next -- PostPostmodern? Here's anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r buzzword -- "multitalented specialists". Let's hear more about this in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sidebar, The Unexpected Rise of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Multi-Specialist:

While CIOs increasingly demand that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir programmers understand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y’re also asking for a deeper knowledge of new technologies.

While everyone agrees that IT needs generalists today, a more accurate term might be multi-specialists. Programmers who remain solely programmers will have to be highly specialized and extremely skilled to survive against international competition. Meanwhile, ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r jobs in IT will require at least a solid grounding in programming, along with a strong specialization in ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r skills, such as project management and business process (probably both).


Let me get this straight. IT people are expected to be technical experts and business experts? We're supposed to "have in-depth technology knowledge" and simultaneously "create new products and capabilities"?

This attitude really bugs me:

"You can’t say, ‘I can manage but I can’t do,’" says Verizon CIO Shaygan Kheradpir.

Is that true, Mr. Kheradpir? As a CIO you obviously manage. Why don't you try configuring routers or firewalls for a day? How about analyzing security events or writing new Snort rules? Incidentally, you'll have to learn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new Snort rule language to do that. Can't do it? You give up? So sorry!

I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 people who write cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se articles and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CIOs who feed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se unrealistic expectations should remember Adam Smith and his ideas of division of labor. You cannot expect someone, especially in IT, to be an expert in everything. "Multitalented specialists" is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r term for "someone who can do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 job of two or more people, allowing me to furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cut my IT staff."

I spend almost all of my professional time staying current on issues involving network security monitoring, and I struggle like everyone else to make sense of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new threats, vulnerabilities, and assets which comprise cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 risk equation. I am happy to encounter a person who is at least competent in one specialty, and I am suspicious of those who claim expert knowledge of several areas simultaneously.

Incidentally, I briefly mentioned this same problem in January.

10 comments:

foQ said...

We seem to have a hard enough time finding SINGLYtalented specialists. That isn't to say we don't have some very talented folks here, but not enough. Now everyone is supposed to be a talented specialist in anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r area, as well? Double cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pay, right? If not, see Adam Smith again and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 invisible hand. The invisible hand with visible money somewhere else.

Anonymous said...

Multi-talented - yeah my favorite is job vacancy listings - cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y want someone to write apps, run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network, maintain file/print servers, be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DBA, and monitor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IDS....

They want a whole team of people, not just one person. Oh yeah, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y also want to pay you $75k/yr in a major metro area.

PS I bet that Verizon guy couldn't tell you cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first thing on how a router determines to forward an IP packet or what is found in an IP header. He manages, but does DO any technical work.

jbmoore said...

Same crap cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y put out after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dot.bomb - wanted system adminsitrator and DBA. Of course, I saw worse job ads for bioinformatics postdoc - must have Ph.D. in molecular biology with one specialty area, a B.S. in Computer Science or equivalent, knowledge of Perl, C, C++, and/or Java. Oracle or Microsoft SQL Server also preferred. Salary range: $20,000/yr. This was around 1996. Industry is easier, yet, it's starting to get crazy here as well.

Anonymous said...

As a newbie, I conjecture that we'll continue to see this attitude rise up a bit before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IT group naturally, and subtly backlashes against it and it resubsides. I think this is natural because for most companies, IT is not a profit-center. It is a place where profits get sunk in order to support cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 infrastructure of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company. It's a cost, and what do companies want to do with costs? Reduce cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, of course. This ties into asking too much and having one person do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 job of two people...those are concepts and phrases you hear passed around at managerial meetings to make everyone feel better...even if it means more stress and lower quality by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 people down cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stream. I think we'll have to see more burn-out and unrealized expectations of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se CIOs who believe this stuff...and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y'll hopefully settle down back into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 real world.

-LonerVamp

Anonymous said...

The article is a typical management rag pontification, but having a broad range of knowledge and at least somes outside of your immediate specialization is vital. I'd be suspicious of a "security expert" who could describe a buffer overflow, cross side scripting or an SQL injection but couldn't code examples of each.

A developer should have some project management and team leader skills. Likewise someone managing a team of developers should be able to code, at least to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 level of a junior developer. Ideally everyone should at least have played around with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 things people cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y interact with do... graphics design, system administration, documentation, security.

Obviously "multi-specialist" is a contradiction. You can only specialize in one thing, especially in rapidly changing technical fields. But being an expert shouldn't permit you to be utterly oblivious to every ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r aspect of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company.

Google encourages employees to spend 20% of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir time on side projects to broaden cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir knowledge. Some companies have cross training programs.

Sadly cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are plenty of CEOs who expect staff to have multiple skills or at least awareness but expect employees to accumulate it by magic. If a company really wants staff with broad skills cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y should set up programs and policies that help develop it.

010101 said...

You're witnessing a fashionable corporate mindset: IT is no longer an influencer of business strategy at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 senior executive level but a 'necessary' G & A cost center and it is in vogue to maximize profit margin by continuing to reduce cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 operating expense of IT. As a result, executive strategists and bean counters are peddling cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 notion of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new IT hybrid - cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Queen on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 technology chess board who can move in all directions. While cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mindset maximizes ROI, it minimizes technology innovation.

The root issue is that many CEOs and CFOs have little technology acumen and view IT service cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same way cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y view dial tone - 'it's just cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re.' It is something expected without truly understanding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logistics of how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 service is implemented, supported, or maintained.

Ultimately, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CIO's role is being marginalized from one who translates stratagy into technology to that of a garcon asked to serve an abundance of technology.

Richard Bejtlich said...

Anonymous -- it's cross-site scripting, not "side." I don't think coding is as important as you consider it, unless security programming is your job. Automation, yes. Security development, not so much.

Jimmycá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365Geek said...

This kind of untechnical technical rag is why I drastically limit my subscriptions, even if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y would be free. They cost time to recycle!

Typical template:

Get article proposal approved on $Buzzword.

Collect quotes from various people who assert that $Buzzword is vital.

Collect quotes from various people who assert that $Buzzword is overrated.

Collate and slant towards vital.

Submit artical proposal on $Buzzword++

Anonymous said...

Richard:

(yes... cross site scripting. Thanks for point out my typo)

Regarding ability to code... how can you protect what you don't understand? I wasn't thinking of actually developing security apps, but racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r being familiar with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 languages cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 things we're supposed to be protecting are written in. Same for platforms. How can someone detect or prevent an SQL injection attack when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y don't have at least a basic ability in SQL? How would you know that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 string "eval(" in a form being submitted to a Perl or PHP app is suspicious without having gotten close to those languages?

With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new snort syntax, it looks like folks with experience in C have an advantage. But those who don't but do have a knowlege of variables, flow control, and boolean arithmetic will be able to pick it up pretty quick.

With a background in fundamentals you can understand root causes, maybe even write or adapt a few proof of concepts to get a better understanding of a particular vulnerability. For detection, maybe that allows you to write a more generic snort rule racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than one that only identifies one specific PoC, or write a more accurate one that gets fewer false positives.

From anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r perspective, apps have so many vulnerabilities largely because too many developers only know variables, flow control, and boolean arithmetic. How many web app vulnerabilities are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 direct result of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 coder not understanding that HTML forms can be edited on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 client side or that "../../" means something special to Unix?

The article's idea of multi-specialists is absurd, but having an understanding and some ability in multiple fields... IMHO not so much.

Anonymous said...

Feh.

Do CIOs read CIO?

If I want to read gibberish about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new agile organization, based on nothing but anecdotes, I'll subscribe to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Harvard Business Review.

Don't work yourself up over it.