Lying and overconfidence: The vices of the IT pro

IT pros lie. There, I said it. Nothing terrible—we’re not embezzling or doing anything that may cause serious damage (well, most of us aren’t). We’re just partial to using the odd white lie to make our jobs easier.  Whether it's buying us a little extra time or appeasing a particularly enthusiastic request, these lies can help us ease the pressure and take the heat off, if only for a while. 

On the other hand, many of these lies are a result of the most human of follies: overconfidence. (I would say “hubris,” but I didn’t want to get too Shakespearean). We sometimes may not even be aware that we’re lying, as our lies are often garnished with the truth. Without due consideration into timing and effort, we find our egos writing cheques that, sadly, we are eventually unable to cash. 

It should come as no surprise then, that such fibs have a habit of biting us on the backside, eventually making our jobs tougher, rather than streamlining them in the way we hoped when first making these statements. So, let’s take a look at what IT pros lie about, and why honesty usually is the best policy. 

Infrastructure fibs

At every new job I’ve had since I gained my spurs as an admin (sysadmin, network admin, monitoring admin), I've asked for a picture of the environment. This is useful in helping me familiarise myself with its intricacies, and stand me in better stead when the inevitable happens and something goes wrong. Yet, not once has the design shared with me actually matched the network.  

This lie is perpetuated on a day-to-day basis, with misplaced confidence often audible throughout the organisation. You’ll regularly hear IT pros state that they know where everything is in the network, or make the bold assertion that the inventory is definitely up to date. 

This, I’m afraid, is usually nonsense. But if you confront an IT pro about it, they’ll usually say that the organisation’s use-case is unique, which is why it doesn’t adhere to common practices and is so wackily designed. Such an excuse doesn’t really fly, however, when every company is comprised of the same things: computers, servers and networks that run applications to help make the company money.

Perhaps it isn’t an outright lie—maybe it’s a heady cocktail of wishful thinking, and yes, overconfidence. However, this can be similarly damaging, and if you ever hear an IT pro saying that they know what’s going to happen within a network and don’t need monitoring, it’s time to administer a reality check and ask: “Is being reactive really your best-case scenario if a problem does occur?”

It shouldn’t be. Such attitudes are the very reason so many organisations become victims of data breaches. Indeed, it's quite telling that in a SolarWinds survey, 25 per cent of respondents said that standardised monitoring was one of the major factors in increasing security at their organisation.

So, by kidding yourself or others about your seeming clairvoyance with the network, you’re only delaying the implementation of something your business almost certainly needs: a comprehensive, top-down monitoring solution.

Security porkies

How many times have we seen headlines announcing that yet another company suffered a data breach of astronomical proportions, and wondered how? How could a company with such significant resources have fallen prey to such a damaging hack, and why wasn’t it caught before the damage was done?

Well, you should ask yourself this the next time you tell yourself, or others, that if a hack were to happen, you’d know about it straight away—as though sophisticated hackers would leave a blazing sign saying “we’re up to no good” on their way into your organisation. 

This is despite the fact that attackers are now more sophisticated than ever, and have more resources to play with, too. What was once the refuge of lone-wolf hackers is now a fully-fledged industry, with the resources behind it ensuring that innovation is quick and effective, offering attackers all new means of breaching an organisation. 

This is supported by SolarWinds research, which found that 29 per cent of respondents said that the increased sophistication of attackers had increased their organisations' vulnerability to cyber data breaches. 

Another lie we tell ourselves, and others, is that we’ll know better. Sure, other organisations have similar infrastructures and yes, attackers are growing more sophisticated, but you'll never be the one to get caught out, right? Yet it’s this kind of complacency that leaves the door open for hackers, and is the very reason why organisations of all sizes become vulnerable. 

Also, far too many IT pros rely upon the old adage of “security by obscurity”—the belief that if the inner-workings of a system is hidden from prying eyes, then it must be secure. What won't be a surprise to anyone with the faintest idea of the escalating security threat is that this is not an exact science, and can leave you compromised.

So, instead of simply burying your head in the sand and hoping for the best, why not just implement a monitoring tool that’ll help you pinpoint unusual activity and root out any potential breaches? There’s little worse than being caught in a lie, but being caught in a lie that costs your company millions is probably one of those rare examples. 

While we are all guilty of lying in our jobs—a missed deadline here, a convenient excuse there—IT pros can seldom afford to be so flexible with the truth. Instead of turning to that old white lie you have tucked in your back pocket, why not swallow your pride and embrace a solution? 

Leon Adato, Head Geek and technical evangelist, SolarWinds
Image source: Shutterstock/everything possible