An important service my company provides to North Bay businesses is an independent, third-party assessment and inventory of their computer networks and infrastructure. We look at the age of hardware, potentially unwanted programs, how often security patches are applied, what devices are present on the network, and even whether there’s enough documentation to help a lay person through a crisis.
Recently we were called in to audit an agency with offices in multiple states across the Western US, to weigh in on the present and potential future states of the network, and to assess any vulnerabilities we thought weren’t sufficiently addressed. In delivering our report we had to defend our findings before the company’s executive board, including their existing IT person. As you may imagine, it was contentious. Though we tried to focus our presentation on the current state and how we as an organization would want to see them move forward, much of the meeting was spent by the existing IT person defending or explaining the decisions that lead to the current setup.
Pride in one’s work is a difficult thing to repress, particularly in the face of perceived criticism. If someone looked at my home network and pointed out flaws, my first reaction would be to defend the decisions, limitations, or circumstances that lead to the present situation, and so on a personal and professional level I understand that urge to lash out in defense of one’s work. As an independent auditor however, a large part of my job is to make sure I clearly convey to the clients that the reasons why a given situation or scenario is in bad shape is completely irrelevant. This is not something most people are used to hearing.
Imagine taking your car to a mechanic for scheduled maintenance and them pointing out that the wrong oil is being used, that a gas cap from a 1980s Chevy Camaro doesn’t quite fit on a 2010 Ford Taurus, and the windshield is cracked beyond a simple repair. Both from his perspective and in a truly objective sense, the fact that the auto parts store only had the wrong oil, that the gas cap was picked up in a hurry, and that work has been so busy that you haven’t been able to get around to fixing the windshield earlier simply don’t matter. Part of his job is to assess the condition of the vehicle as it was brought to him and to make recommendations based on that assessment. The same goes for my firm’s auditing of a computer network.
If a company is using a server first purchased in 2004 to manage their email in 2018, that’s a very big deal that should be addressed all but immediately. Even though each decision that lead to the server still being in use may have been logical and may have even been correct in the moment, at this point in time it’s a time-bomb just waiting for components to die and take out email for the whole company. My job is to help companies see a three- to five-year plan, with today as a starting point. Often the decisions that lead to a bad current state were done without a larger, more wide-angled outlook in mind, and bringing that long-term view is something we specialize in.
It may sound fairly straightforward to say “we’re looking at the network as it is today, not evaluating the decisions of the past” and leave it at that, but many of the clients we approach, particularly their IT staff, have a lot of emotional investment in the way things have been done, or in the choices that brought them to the point where management brought in an outside auditor. Sometimes even corporate Presidents and CEOs, who were the ones to hire us in the first place, don’t want to hear the advice and suggestions we have, or listen to the red flags we identified, because they are so married to the past, rather than working toward the future.
A lot of times these meetings remind me of episodes of Kitchen Nightmares where chef Gordon Ramsay is invited to a failing restaurant to help them address the reasons for their sagging business, but so very often the owners or cooks are so married to the ways they have been doing things, or to the decisions they made in the past, that they adamantly refuse to listen to the world-famous chef whose advice they sought in the first place.
At the end of the day there are some people/companies that are impossible for me to reach, because they are resistant to the idea of change or that a small investment now can stave off a massive (and potentially catastrophic) expense later, but it’s my job to try, because it’s our business to help others succeed; to give them the benefit of our decades in this industry.
I will readily admit that preparing for some meetings, like those I know are going to be immensely contentious – no matter how sure I am in the veracity of our analysis – makes me want to pull my hair out. Perhaps its an exercise we all need to practice, leaving our egos at the door when others make suggestions.