Slashdot Mirror
Why Your IT Department Needs To Staff a Hacker
First time accepted submitter anaphora writes "In this TED Talk, Rory Sutherland discusses the need for every company to have a staff member with the power to do big things but no budget to spend: these are the kinds of individuals who are not afraid to recommend cheap and effective ways to solve big company problems. This article argues that, in the IT world, this person is none other than a highly-skilled hacker. From the article: 'To the media, the term “hacker” refers to a user who breaks into a computer system. To a programmer, “hacker” simply means a great programmer. In the corporate IT field, hackers are both revered as individuals who get a lot done without a lot of resources but feared as individuals who may be a little more “loose cannon” than your stock IT employee. Telling your CEO you want to hire a hacker may not be the best decision for an IT manager, but actually hiring one may be the best decision you can make.'"
One cannot fix what they do not know how to break, or how it breaks.
I don't need a hacker on staff. I'll just leave a few ports open, like FTP, Telnet, HTTP, RDP, etc. They'll find me and I won't have to spend a cent on payroll! ;-)
Because someone needs to real world fix the broken shit so we can keep making money.
And those guys reading facebook all day can't do it.
They must have had a slow day at TED and needed a talking head.
I can agree to a point. I certainly know people/places that just throw money at a problem. And I know that when systems and down and the customer is starting to panic, that I've come up with some interesting and very good solutions. However there are problems with always trying to solve solutions with 'hacks'. They become unsupportable, they fail in unexpected ways, and they make it harder for you to get a budget to do things you simply can't/shouldn't hack a solution together for. 'What, why do we need a SAN? Remember how you wired those netbooks together for our web farm! Figure something out for us. KTHXBYE.'
But I do agree you need someone who can think creatively and not be locked into marketing speak anytime a problem comes up.
I will shred my adversaries. Pull their eyes out just enough to turn them towards their mewing, mutilated faces. Illyria
Staff just one hacker? Companies would fill every position with a hacker if they could find the right people...
To the general public, the term “hacker” refers to a user who breaks into a computer system.
FTFY.
Best not to go to your boss asking to hire a "hacker." And I sure wouldn't use that term in writing.
What political party do you join when you don't like Bible-thumpers *or* hippies?
Who read that as "Why Your IT Department Needs To Staff a Hooker".
A bit crazy, but it just might work.
Where I work "hacker" is a derogatory term for coders who write non-maintainable solutions. We consider hacks to be bugs waiting to cost a customer money, and we try hard to prevent coding them.
Of course, we must also deal with management that isn't particularly disciplined on this point and sometimes forces us to write hacks in order to meet a deadline, and then later holds us accountable for the bugs. They then wonder why it is hard to find and retain good talent.
Some days are definitely better than others.
Spend your day arguing with a PHB trying to get a project funded.
No thanks.
If a descriptor is "recommend cheap and effective ways to solve big company problems" then that's me. My company is dirt cheap and the CFO signature is required for any IT purchases over $1000.
one of the two definitions of a hacker is wrong.
1) Person with malicious intent who breaks into systems
2) Someone who can 'program' but doesn't understand theory or good programming concepts. They can get it to work (sometimes), but it ain't gonna be pretty.
Corporate environments are openly hostile to cheap and effective solutions. The various funding and approval departments all want justification and forms filled out in triplicate any time a package is deployed for which a license was not purchased. FOSS is a four-letter word, and will get you on the shit list in a big, big hurry.
In the rare case where a "hacker" has been given leeway to get things done, s/he is often given a nearly unlimited budget and virtually no oversight, which leads to obscene expense over-runs and a further tarnishing of "out of the box thinking." Once a "hacker" is done waxing philosophical with management for a couple of years, your company will be completely by-the-book in the whiplash that ensues.
You know it's true. Most of you have probably seen this happen in your own department, or even caused it. Corporate IT is simply not flexible enough, nor is it savvy enough, to deal with the "hacker" arch-type on his/her own terms.
I'm a big fan of standardized solutions from a name big enough to provide consistent support. That said, sometimes 2 hours spent writing a script is cheaper than 20,000 spent to your vendor to accomplish the same thing.
It's a balance, and it's up to the manager to determine the best financial choice.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
One of the most annoying things I deal with at work is people who think they are "hackers". The best and brightest people follow the rules - that's why they are the best. They break the rules in great times of need. When a project blows up on the weekend and we are going to miss an SLA, etc.
The idea that you want to work with someone who spends their time trying to half-ass things to save themselves time is not only stupid, it's completely the opposite of what you want in a professional environment.
"Hack" in your spare time. Enjoy it, have fun. I know I do. My home-grown projects have none of the constraints my work does. But, don't do it on my company time.
You're joking, right? A hacker is, by definition, someone overqualified for every job where the dress code includes the word "business" in its description. Why the hell would someone like that want to work for peanuts, creating miracles out of thin air with no budget? Because they find it challenging? Bitch, please -- we want to get paid, and if I'm working for a place that values IT so little they can't even come up with a budget for things that would (by your own definition!) render improvements to their infrastructure, what are the odds of promotion? A raise? Benefits? Answer: Zilch. Nothing. Nodda. Zero.
I know it's an unrelated field, and some of you will probably laugh, but when I was in school for graphic design (I already know enough for a degree in IT), one of the things my first teacher told me is: Don't work for free. You're not going to get any exposure, leads are worthless, and charity work doesn't get the bills paid. As a graphic designer, most of us are self-employed and it's essential we know to the nearest half-hour mark how long a project is going to take in billable hours. We need to make our own budget for every project, and everyone and I mean everyone is looking for free work or thinking they can do it themselves with photoshop.
IT is approaching the same commoditization of labor -- Many of us are "contractors" already, but eventually people are going to wise-up and become self-employed because contractors are paid shit and treated as such. Be ahead of the curve people: Don't work for peanuts, and if someone says "there's no budget for what you do," take the hint and move on.
#fuckbeta #iamslashdot #dicemustdie
Someone who has coding chops but whose happy place is 50 pages deep in documentation.
Occasionally living proof of the Ballmer peak.
Management will have a lot less difficulty funding him/her if he/she is not called a 'hacker'. Educating them about the word won't help. Managers come and go.
I suppose I'm my department's hacker. One of the more fun things is I've begun repairing touchscreen wallmount PCs in-house rather than sending them out for repair at $350-$1000 each. A shame the money I save likely won't be rolled back into my salary.
Yes sir I know its only 50% likely to save us £5000 but I can have a demo of that in 30 mins to see if it works
vs
Its going to take me 2 months to develop and do the QA and its got a 50/50 chance of saving us money.
Doing it the "proper" way can make it dead in the water before its started. How many ideas have NOT been done because of this !
Best definition and most simply put: A hacker is a person who engages in playful cleverness.
The skills you get from that activity have a value all their own. You could become proficient enough to start your own repair company. It's like kickstarter for your hobby.
hack repairs / MacGuyver fixes can end up down the road being a big issues or just become some leftover thing that no one know why it's there and keeps it there even after what it was trying to fix got fixed so now it's just setting there doing nothing.
This can be even worse in places with lot's red tape where so one puts something in with little or no docs on it to get the job done.
yes tech writer but don't make the techs do the documentation. Let the tech guys do the tech work and the writer do the documentation work.
I can how it might be fun to be the "hacker" in that scenario but if I'm the IT manager there is no way I'm going to let some code cowboy run around doing this and that without any oversight. Sure, in the short term you can get some problems fixed quickly but in corporate IT all the I's are dotted and all the T's are crossed. You've got to follow procedures and get the proper authorizations and buyoffs for things otherwise you (the IT manager) will get hung out to dry if anything goes wrong.
why not go for the socially skilled hacker? You know, one that is not thinking that the company is there so the IT department exists.
I know, many will say that without IT the company would not exist. Well, that goes for any other department as well. If the company could do without them, they would not exist.
Don't fight for your country, if your country does not fight for you.
Dumb for employer: don't make a hire you'll have a tough time explaining if that employee goes rogue
Dumb for employee: don't take a job where you'll be first out the door after the next corporate reorg
The dangers of employing a hacker (as per meaning of article).
I go off ill suddenly and quite unexpectedly for a week, at some point, the big boss wanders in, sees a bunch of the non-windows machines I use on a daily basis (Debian boxes, with Windows XP running in virtual machines) and have been doing so for the *past two years*, freaks, gets someone else to pull the plugs on them, come back to find all the linux boxes (and, amusingly enough, the Macs as well) pulled from the network as if they're some sort of threat..
Admittedly, the one I use as my desktop was unlocked and had ssh sessions open in terminals to about three other machines, but, hey, it wasn't MS Windows (apart from the copy running in a VM with an 'in-progress' CAD drawing up), I must be a hacker (in the sense of the more 'common' usage today) and must be up to 'dark and terrible things' (tm)
Maybe I should point out the firewalls are linux boxes, and the thing running their expensive Cisco telecomms crap is a linux box..
(Scenario above simplified to protect the guilty...there is a lot more braindeath involved than I'd care to go into, really)
By the time I have them trained in programming, graphic design, hardware, sound, writing, producing, and directing their salary is usually 1-2m per year, that's just much too expensive!
WTF are you on about? Hackers, by definition, don't need training, they figure shit out - often, in my experience, much faster than the pedigreed ponies.
You don't 'train' hackers, you give us a problem and we solve it, either through finesse or brute force - whichever is most effective at the time.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
I think the word you are looking for here is a badass, not a 'hacker'. But the problem is that most big organizations dont want to spend the money to employ someone who is a badass.
That's not the kind of hacker you want anyways. You're not looking for a guy who strings up bullshit fragile cheap solutions that cost more in long term complexity. You're looking for the guy that will say: "Oh, you wanted to spend $500,000 on a commercial firewall solution to solve problem X? We can do that on a cheap Linux box with iptables for $2,000, and it will be automated via puppet and well-documented".
hackers are home grown experts. If IT didn't keep sending baby boomers away in favour of gen next, we wouldn't be reading this post. Better still outsource the whole dept.
This can be even worse in places with lot's red tape where so one puts something in with little or no docs on it to get the job done.
Documentation is always the problem. Have a policy that says all changes must be documented, and fire with extreme prejudice if documentation is not kept, because it's really all you have after the code, and we all know how that can go. Fine, or really really bad and wrong. This is probably MORE important where there is great secrecy involved, because if someone leaves you'll never be able to talk to them about the project again :p
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Never do it for free.
http://youtu.be/uYMnAUGFuG0
Sage words.
..don't panic
we don't have $500,000 or even $2k so do the hackjob and I will be golfing with a vender the rest of the day.
Joel On Software had an article on this some time ago calling them duct tape programmers instead of a hackers.
http://www.joelonsoftware.com/items/2009/09/23.html
I like hackers too. As a consultant who comes in and repairs the damage of renegade rainmakers, they are a steady stream of income.
Rory Sutherland discusses the need for every company to have a staff member with the power to do big things but no budget to spend
This sounds like the job from Hell. What qualified person would take it? It screams "cheap" – a company that thinks like this probably won't be too generous with raises and benefits either.
(Lots of IT staff, myself included, don't directly control any spending authority. But that's different than having "no budget to spend." What matters is that we get new equipment and/or software when the situation requires it.)
Response - sorry, but I had to re-image your workstation as the security solution as I see it was the only system not in use. Your boss knows about the security solution and cost saving initiative.
This is further proof that corporate culture doesn't attract top talent. Conformity, rigid hiearchy, and no space for free thinking don't inspire problem solves, or attract those who think outside the box. i.e. thoose needed to stay ontop of the ball in an ever changing world/economy
someone shoudl hack TED and tell them to post their videos in html5.
not everyone is using windows, flash and the the new webased outlook that jsut went public.
MS-Access is the primary tool for quick-and-dirty specialized apps in most orgs I've been in. Sure, it scales poorly and needs a fair amount of babysitting because things break, but that's the trade-off. If a quick-and-dirty app grows in popularity or proves to be useful and lasting, THEN more formal approaches can be done to make a "real" version of the app.
Don't get me wrong, MS-Access has a lot of annoyances and quirks, but it's common enough that somebody is usually available who knows it and thus it's less likely to become an "orphan" app as far as support.
I wish there was a decent OSS replacement for MS-Access. Open-Office has "Base", but it still has too many glitches, missing features, and crappy documentation.
(Actually FoxPro used to be my fav tool for quick-and-dirty C.R.U.D. because the scripting language and query language were tightly integrated, unlike MS-Access. I was twice as productive under it than Access. But it got voted off the island.)
Table-ized A.I.
I don't know if this needs to be consciously planned. At least the places I see: bad economy = do more with less = more improvisation = layoffs/promotions selectively keep people who can work in that environment. We all become hackers by necessity.
Though, while we're at it, people need to give up on 'hacker' meaning anything other than 'computer criminal'. I think that battle was lost at least a decade ago. Persistent use of the term is like arguing that 'gay' just means 'joyous' or using 'men' to refer to humans of both sexes. Historical precedent or not, that's just not how the language is used any more by educated English speakers.
I work in what is in a way the hacker's dream: In about a month the building gets knocked down. About a year ago management decided there was no reason to invest in infrastructure when the building is being demolished and the entire IT system replaced. So we've had a year, minimal budget, giant mountains of scrap parts, and no reason to build anything long-term maintainable. We've got vital equipment held together by chewing gum, our backup is USB2 hard drives, one wing is networked by an ethernet cable slung between two windows because the fiber link broke and several of the laptops have the CPU heatsinks held on by cable ties.
Monumental Minutia might be the word/phrase he was looking for.
Richmond from the IT Crowd.
What a stupid story!
Basically the story says "You should hire a great programmer" - duh!!
Only reason for the story is the use of the word 'hacker'
That's a buncha bullshit.... The good TRUE hackers are typically highly paid programmers and people with a LOT of experience... those not willing to give it up for legitimacy. They're not your run of the mill IT specialists, or kids who can steal MP3s or rip movies. They often have years of PRACTICAL experience in cracking codes, breaking into shit and stealing even more shit. and certainly NOT the "oh ill take $11 dollars an hour because I'm MS certified... and oh yeah I've hacked my neighbors network" type. You underestimate REAL hackers... and you won't hire them I assure you. Even the been-busted-before ones. You could never put up the money they are accustomed to getting.
It sounds like what they're talking about is having a mini-skunk works in every large company. A person or small team who works a little outside the norm to try things and fix things where, going through normal channels, would take too long or cost too much. It's an interesting idea, but it's a double-edged sword. Too much quick and dirty hacking leaves things strung together with hope and bubblegum. On the other hand, when disaster strikes, it's good to have someone on hand who can get things back up and running _now_ rather than waiting around.
They are called IT workers. Here are your 500 job descriptions and your $1 an hour wage.
my company is not going to pay someone to fix the problems it already knows about but decides not to fix to save money
"If I do my job right there is no sign of it. Disasters just never happen." --Victor "Pug" Henry, War and Remembrance
To a programmer, “hacker” simply means a great programmer.
I have been programming for over 20 years and my definition of a hacker is some one who writes quick and very dirty code to fix a specific issue for a short period of time. In my experience hackers have a tendency to leave behind fragile, undocumented code that may or may not work in the future. Some hacks stand up over time but most fall down when run long enough. All hacks need to be eventually documented, tested and approved before they become permanent parts of the code base. The worst thing that can happen is to come across a hack a year later and no one know what it does or why it is there. In my experience most hacks need to be replaced as soon as possible.
Because I did this once. You can save your company ten times your annual salary and not get paid a dime more. Companies tend to think if you can do what we want without spending the money, you don't need the money, and so they throw it at departments that will spend it instead of trying to save the company's money. The real problem: that money is dedicated as "expendable" but marked as "not for salaries." Therefore, you can hire a consultant at $100/hr but you can't give any of your employees even $.01 of it. You probably can't even use it to fund "perks" like free lunches and sodas, etc. Why bother saving massive amounts of time and money when you get ABSOLUTELY NOTHING for it?
The skillset required to do this demands significantly more than the salary companies are willing to offer for it. It's that simple. Therefore it's impossible for positions like this to exist.
I said, "We need to staff a HOOKER!" Got it now?
C|N>K
... until he gains employment
After that, that hacker becomes a programmer
I've been in this field for too long, I've seen the same thing happened to many excellent hackers
It does not mean they do not contribute any more once they are on the payroll - it's that somehow money has corroded that hunger / urge to hack
Muchas Gracias, Señor Edward Snowden !
I read that as 'hooker'
Which actually makes more sense ....
that 25 years ago it was ALL hackers, eventually the suits decided that IT needed to be ''managed''. The end result was pointy haired bosses and ladder climbing egomaniacs that didn't understand a damn thing about the 'magic boxes'. The tech would be so much more efficient nowadays if the people with money and power hadn't decided to treat IT like a widget building factory and left the art to the artists.
22 more years . . . . only 22 more . . DAMN! I need a career change.
"Hacker" seems to be a term as misunderstood by the community that coined it, albeit decades later, as by the lay-people around them. A hacker is simply someone who by-passes limitations, whether they be security, software, or hardware. Linus Torvalds is the epitome of software hacking. Kevin Mitnick is (or at least was) the poster child for security hacking. The Raspberry Pi team is trying to re-define hardware hacking possibilities for a generation that was born after the Altair. And any business that is not ready to consider someone "hacking" their budget to allow them to do things that they haven't considered possible is simply out of its collective gourd. "Hacking" is not white, black, grey, or any shade of the rainbow; that all comes when you get there and decide what you will do. Hacking is and always will be "going where no one has gone before..."
Underpaid for the stuff I do as it is. I'm sure everyone will agree that if the company is reaping substantial benefit from having you on board - you should be getting a slice of the cake - if anything to keep you motivated. A good worker is a happy worker. Of course, there are these altruist types, subject of a different discussion...
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 1.67 trillion trillion trillion trillion centuries
o.O
it was of the form
(word(){98mmmredbluepenguin34^})();
To the general public, the term âoehackerâ refers to a user who breaks into a computer system.
Best not to go to your boss asking to hire a "hacker." And I sure wouldn't use that term in writing.
How this misuse came to be was discussed at one instance of tan industry conference I attend. As near as anybody could figure out, it went like this:
In the early days of IT security issues, when the H word was still being used in the "exceptional programmer" sense and IT security was a shiny new subject, a self-appointed "computer security" expert gave a presentation at an upper-management conference. During this presentation he misused the term "Hacker" in the "computer cracker" sense (much to the confusion of the techies in the audience.)
Apparently this was the first time a lot of people at the COB, CEO, CFO, COO, VP level were exposed to the word. So they assumed the misuse was the proper definition and used it that way in their executive suites and at other conferences.
Of course once an idea gets set in the minds of the guys with the golden parachutes it can't be dislodged with dynamite. The rest of management, especially the IT head, had to use the term the way the Big Bosses did - or appear out-of-touch with their own specialty. Middle management followed like the lower-ranking pack members they are.
Then the business press picked it up from them, spread it to the rest of the press, and from there to the general public.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Ethan Hunt
If poorly planned, poorly funded, poorly implmented projects got you into the current mess, why do you expect the same process to get you out of it?
That's the question I always ask. If they insist I point out the future support issues the half-assed hack will create in the future and get their acknowledgement in writing. Then I roll up my sleeves and implement it (hoping I won't be around in the future when it goes pear-shaped and counting the paid overtime I'm getting).
This can be even worse in places with lot's red tape where so one puts something in with little or no docs on it to get the job done.
Hire a hacker to document your undocumented projects!
Seriously, I see this all the time: an outsider is tasked with documenting a project, several years after the fact. Not a job any self-respecting 'hacker' (=highly skilled developer?) would be interested in, but of course the whole story begs the question: why would a highly skilled developer want to join your company in the first place? Are all the other employees dolts? Weren't all the problems caused by clueless PHBs?
Signs point to yes.
>> 'To the media, the term “hacker” refers to a user who breaks into a computer system. To a programmer, “hacker” simply means a great programmer.
I first learned the terms "hack" and "hacker" back in the summer of 1964. I don't know for sure how the meaning of the term changed so perniciously, but suspect strongly that some journalist simply misunderstood the argot. Languages evolve over time, to be sure, but the effective loss of this term of respect really toasts my muffins.
It would be really great of some interested language researcher could find the earliest recorded references to assign the original blame. Meanwhile, when referring to someone who violates computer security I try to use the term "journalist." Better compromise one of their labels than one of ours.
a guy who will solve their big problems for next to nothing.
Having been there, what this means is they want to pay you scraps for you to work 60 hour weeks to save them millions.
Fuck that.
The Kruger Dunning explains most post on
Gee, last REAL JOB I had, making something out of nothing with no budget on a tight time schedule was my unofficial job description.
(officially, it was the last line of my job description "...and all other duties as assigned".)
I spent most of my time doing "All other duties as assigned" because the company that owned our tiny little division didn't want to spend any money on keeping us functional--while still expecting us to function at 150% capacity and comply with every whim they came up with.
After 2 failures from over-priced consultants, I hacked together a data extraction and secure report server in 3 weeks that DIDN'T cost us 6 hours of nightly down time and actually was CORRECT (something the consultants that made $30K each for FAILING couldn't manage). I found an open source data extraction tool that was 10 times faster than normal SQL calls, installed it, taught my self how to use it, wrote the extraction, built a secureFTP Linux server using a recycled desktop and a large HDD, AND DID IT IN 3 WEEKS. AND THEN got written up because (EVEN THOUGH IT WORKED FLAWLESSLY) I didn't comply with their "Project Reporting Guidelines" and have complete documentation of project progress and have complete documentation proving I had complied with the PRG signed by 3 managers who didn't even work at our facility. (Actually, they were going to use the project "failure" as an excuse to get rid of the lot of us incompetent idiots at the subsidiary and send all of our operations over to India, but us 'idjits' failed at failing, so we had to be punished)
When a user needed to pull, merge, and send a certain group of canned (PAPER) reports, WE DIDN'T have any tools to do it. We didn't have the time to re-invent the wheel and write a separate process to pull the data from 5 or 6 different canned reports. What did I do? I used a perl script to strip out the headers from the paper reports, re-map the report lines as data fields, up load everything to the user's desktop where it was run thru MS Access to output everything to an Excel spredsheet that zipped, encrypted, and ready to e-mail to the state. And all of this was fired off by the user clicking an icon on her desk and was ready for her to e-mail as SOON as she eyeballed the reported and decided it was correct.
When a user needed a new screen to enter newly required federal data, WHO read the requirements and set up that screen? Who documented it and sat by the user to help her learn how to do it? WHO MADE CHANGES AT THE USER'S DESK TO MAKE HER JOB EASIER?
When a change to all the desktops mandated from our corporate masters BROKE our user interface software, who researched it, and figured out how to hack COMMAND.COM with DEBUG to make it work then took all the changes to every user desktop in the company on a FLOPPY DISK? (yes, kiddies, 6 years ago, we were still using FLOPPY DISKS at that company because they wouldn't upgrade any hardware that still ran.
When a desktop WAS replaced...who went after it's carcass like a piranha to salvage the re-usable parts down to the last screw?
AND YET, for some reason, my job was eventually outsourced to Timbuk-fore, India anyway, and I'm now listed as a no talent hack.