I’ve been thinking about what to write next for some time. I do not want to start with new technical themes while still tuning the honeypot I wrote about last time (Honeypot: Effective and inexpensive way to detect LAN attacks).
Note: I was “rafting down” Sázava with ESET during the weekend. The quotation marks are there because I would not call the few kilometers we had traveled rafting. And my companion has worked for me. It was a great chamber-size event, where we met other smart IT people. From our debates, we have found that, in terms of power measurement / diagnostics of servers (CPU, RAM, bus, disk, network), we have quite a lot of experience. I would like to share them in other articles (if you are interested, please leave your e-mail in the form below – as soon as the article comes out, you´ll get an echo [already started to come out Why is the server slow: transient problems]).
However, for relief, I would like to share one of our failures. I believe we have learned from it and it will not happen again. 🙂
Years ago, one man had bought a new business. Since he knew us and trusted us, he wanted us to examine it on the IT side. We were pleased because it was a fairly large firm and agreed deal. It was enough just to not to scr*w it up…
We crashed the company as a bunch of cowboys and were going to audit the state of IT. The state (from our point of view) was not good. Everything was stuck or stitched with a hot needle. The success was that at least basic systems (information system, shared data, and the Internet) were functional).
Note: Every time I see a business in that state, I do not understand that there has not been any major accident (data loss, data leakage, or multiple-day downtime). I do not know how to argue that they need to do something about it. They always react to the fact that they have always existed like this for X amount of years and no problems have occured.
We have prepared a report and confronted the internal IT administrator. However, we have just started his defense mechanism and made him our enemy. It was just a word against word. We said “everything is wrong.” He said there was no problem.
The status of the IT was further consulted with the new CEO. His main task, however, was to improve the state of the company (mainly on the economic side). Well, we stubbornly wanted a relatively large investment right from the start. We said, “either everything or nothing.” We did not want to do half-assed job.
Note: We want to do our work either properly or not at all. We appreciate our good name. We do not want something to go wrong, because it’s only half done, it would damage our image (we want to build our company in the long term).
Finally, we did not get the order and another company did. Personally, I take it as a failure, because we had recommendations from the owner in the beginning and no such contracts were ever lost.
Certainly, someone could argue that the owner has a bigger word than the CEO. He, however, does not interfere with the management of the company. He requires the management to have both competence and responsibility. He could hardly have done anything for them if he would interfere.
Where we went wrong
I think we have underestimated the political approach at that time and we have not had enough empathy. We were asked to develop an IT audit. And in order to make the audit properly, we were too hard and ultimate.
I think this approach stuck with us from the past. We both started to do business with Martin (our partner) because we have enjoyed IT. We wanted to do things the right way. We were both technicians, not salespeople. And so we approached things. Either they were done well or not.
Now I understand that not everyone is devoting all their time to developing IT. Some administrators do not even know how (the company is missing IT, so the colleague who understands it the most gets the job), others have families and do not have time to study what is new in IT (I’m in from morning till evening and yet I feel like there are more things I can´t do than I can), or they have too limited resources from the management (fortunately, there is a lot to be done without investments when somebody is advised).
Management is in charge of all the company’s agenda, and it’s not just the IT department. Problems are often numerous, and everyone claims that his is the most important one. 🙂
What did we learn?
We want to collaborate more often with companies that have their internal IT in the future. We think that together we can make IT better than alone.
- Internal IT knows business needs, information systems and is the closest one to users.
- We are well skilled in server issues, advanced networking, security, and infrastructure monitoring. We are dealing with dozens of companies every day, so we have an overview: what works best and with what.
We have realized that if this is to work, we need to open up more to the internal IT. We have to prove that we are not here to replace them. This is not at all our goal. Just the contrary. IT management would not work so well without them, we do not have enough work capacity, nor we want to do it. That’s why we’ve made changes:
- We have invited our partners from our customers to our internal training / lecture in April (content I wrote here “How to hack a computer in a few seconds – attack with Bash Bunny and Packet Squirrel“).
- We have shared our systems to everyone (monitoring system, ESET Remote Administrator, Unifi Controller).
- We are currently working on access to our information system where there is additional functionality (network scans, autoruns scans, reports on compliance with expectation and access to all reported work).
- All partners are invited to visit us so we can get to know each other, mainly the colleagues who help. We will also train them in the abovementioned systems (we will explain what to see, what purpose it serves and how to save money).
- We would like to make a joint lecture once or twice a year in the future, where we would like to:
- Share another part of our know-how (or another topic they will be interested in).
- Discuss some current topic and news of the past six months (profiling information for them and sharing the important parts, being up to date and saving time).
- Discuss what and how they did, exchanging experience, partners would know each other and advise on how to develop our systems.
It’s most likely never going happen that each job will work out. But it is certainly a shame (both human and commercial) when negative emotions remain. I´ll be happy if you would share what do you think about such a situation, what do you think about our mishap, and whether something like that has ever happened to you.
I wish you a relaxing work week.