Why Your IT Department Needs To Staff a Hacker

First time accepted submitter anaphora writes "In this TED Talk, Rory Sutherland discusses the need for every company to have a staff member with the power to do big things but no budget to spend: these are the kinds of individuals who are not afraid to recommend cheap and effective ways to solve big company problems. This article argues that, in the IT world, this person is none other than a highly-skilled hacker. From the article: 'To the media, the term “hacker” refers to a user who breaks into a computer system. To a programmer, “hacker” simply means a great programmer. In the corporate IT field, hackers are both revered as individuals who get a lot done without a lot of resources but feared as individuals who may be a little more “loose cannon” than your stock IT employee. Telling your CEO you want to hire a hacker may not be the best decision for an IT manager, but actually hiring one may be the best decision you can make.'"

On Staff?

[WrongSizeGlass]

I don't need a hacker on staff. I'll just leave a few ports open, like FTP, Telnet, HTTP, RDP, etc. They'll find me and I won't have to spend a cent on payroll! ;-)

Re:On Staff?

[N!k0N]

I don't need a hacker on staff. I'll just leave a few ports open, like FTP, Telnet, HTTP, RDP, etc. They'll find me and I won't have to spend a cent on payroll! ;-)

That's like expecting your car's security will be improved by leaving the windows down in a well-visited parking ramp in an area with no security cameras. No, you'll just get robbed, and likely the inside will be trashed because if there's one thing criminals love more than a free lunch, it's shitting on someone else's hard work for thrills. There aren't many real hackers left in the world... it's all assholes looking for cheap thrills or cash. Those of us who still do it to teach ourselves about how these amazing little boxes of wires and boards work and make them do nifty things for us are about as plentiful as 20-something aged stamp collectors.

I believe "woosh" is in order.

Re:To some extent, yes

[godrik]

I think teh point of the original article is not to build your IT staff out of hackers-that-don't-shave-and-keep-swords-under-their-pillow. But having one in the corner that will recall you periodically that "we don't need a supercomputer, we can do it in excel" is sane for a team.

Bullshit

[holmedog]

One of the most annoying things I deal with at work is people who think they are "hackers". The best and brightest people follow the rules - that's why they are the best. They break the rules in great times of need. When a project blows up on the weekend and we are going to miss an SLA, etc.

The idea that you want to work with someone who spends their time trying to half-ass things to save themselves time is not only stupid, it's completely the opposite of what you want in a professional environment.

"Hack" in your spare time. Enjoy it, have fun. I know I do. My home-grown projects have none of the constraints my work does. But, don't do it on my company time.

BURN THE WITCH!

[girlintraining]

You're joking, right? A hacker is, by definition, someone overqualified for every job where the dress code includes the word "business" in its description. Why the hell would someone like that want to work for peanuts, creating miracles out of thin air with no budget? Because they find it challenging? Bitch, please -- we want to get paid, and if I'm working for a place that values IT so little they can't even come up with a budget for things that would (by your own definition!) render improvements to their infrastructure, what are the odds of promotion? A raise? Benefits? Answer: Zilch. Nothing. Nodda. Zero.

I know it's an unrelated field, and some of you will probably laugh, but when I was in school for graphic design (I already know enough for a degree in IT), one of the things my first teacher told me is: Don't work for free. You're not going to get any exposure, leads are worthless, and charity work doesn't get the bills paid. As a graphic designer, most of us are self-employed and it's essential we know to the nearest half-hour mark how long a project is going to take in billable hours. We need to make our own budget for every project, and everyone and I mean everyone is looking for free work or thinking they can do it themselves with photoshop.

IT is approaching the same commoditization of labor -- Many of us are "contractors" already, but eventually people are going to wise-up and become self-employed because contractors are paid shit and treated as such. Be ahead of the curve people: Don't work for peanuts, and if someone says "there's no budget for what you do," take the hint and move on.

Re:Quite obvious for security reasons

[SomePgmr]

It doesn't sound like that's what they're talking about.

I think they're talking about the "I'll just get shit done where it needs doing, by whatever means I feel most appropriate" type worker. In my work experience, that guy is usually the one that is just an OK programmer, but the only one in the building that actually knows how to work on his machine, too. He probably also doesn't much mind office politics because he'll blow right past it and deal with any fallout when the problem is solved. He may or may not have read the manual. He's the practical person more than the academic, if you're brave enough to stereotype like that. ;)

You wouldn't believe the supposed "really great programmers" I've seen that just throw their hands up when something goes sideways on their workstation, or sit on their hands for days over a management dispute. They're there for one job, to write textbook quality code for a single project, collect the paycheck and be out the door at 5:01 unless someone insists that he stay. That's it. If anything else happens that complicates that arrangement, it's like a train derailment.

I know, I'm being a bit obtuse about the difference where there's a million shades of grey... but it's something I've seen a lot and I agree with the general point.

Re:To some extent, yes

Agreed. Quality work is made by following processes and using checks and balances, not by trying to patch holes with someone who doesn't understand the whole picture.

...Wrong. I was called in as a hacker to a fortune 500 (at the time, but no longer) manufacturing company that had an emergency. Their WAN connection was down which took out their VPN connection to their corporate offices which housed a lot of their IT equipment. It essentially left them dead in the water. To the tune of losing about $100,000/hr (not including employees lazing about with nothing to do). Their proprietary firewall failed. The cold spare turned out to be dead. The firewall vendor said they could have one next morning at 8 AM. I told them I could have them back up in about an hour.

One pfSense install later (and a call to corporate) and they were back up and running. Was it done with checks and balances? Approval all the way up the chain of command? A plan? A review? No. They simply said "Do whatever needs to be done and get it back online as quickly as possible." Done. At the next maintenance window, the pfSense 'hack' was replaced.

In the context of the article, the 'hacker' needs to be your 'go to guy' when you are looking for a brilliant solution to a tough problem. (And I'm not saying pfSense was some sort of 'brilliant' solution--I'm saying that it was 'brilliant' and a bit 'magic' to the IT-types at this company....which is why they are no longer Fortune 500)

Re:To some extent, yes

[war4peace]

There's just one problem that comes with that, and it's called management expectations. I've been doing that sort of hacks for a while. Management says "we need an automated reporting application that gathers data from 5 different sources and displays nicely formatted reports on a web page, 24/7, every 15 minutes, but we don't have a budget for that sort of thing". I got an old desktop, installed Apache, installed an Office suite, created some VBA code that did all that. The reports were displayed best in IE only; under FX, the colors were a bit garbled but oh well, it was a quick hack. Right?
Wrong. Management wanted FX compatibility. I talked them out of it, but it took me longer than actually writing the damn code in the first place. Then they wanted historical data, so I expanded my script to do that. Then they wanted e-mails to be sent to them automatically because they were too fucking lazy to check the damn webpage. Then they wanted 2 more data sources included in the consolidated reports. Then they wanted reports customization.
We have a saying here in my country which sounds like this: "You can't make a whip out of shit and expect to crack it". But management expected just that. There's a pretty thick line between aiming for more and being flat out ridiculous. And needless to say, I am not a programmer and never been one, my job was different but I took this project to see what could I accomplish.
That's the problem right there: you do something with nothing and then they expect you to do just that and more of it indefinitely. So good luck in hiring a "just get shit done" guy. It's good to have one. But the temptation to abuse him is high and most management level dudes have no clue when they cross the line.