Confessions of an IT Pro: Everyone Should Ask "Why?"
IT security professional Jesse Erhman talks about how his curiosity lead to a successful career.
With abundant opportunities in IT security, Jesse Erhman made the jump from working at a non-profit to now working as an information security specialist for a Fortune 500 company. In this month's Confessions of an IT Pro, Jesse discusses how certifications are more important to some disciplines than others, the one trait that all IT employees have, and how he's had executives to yell at him because their computer was never broken in the first place.
Q: How did you start your career? And how important do you think education and certifications were for you?
A: Jesse never had any intent of going into IT. "I was laid off from a job at a non-profit," he explains. "A friend of mine was working in IT and needed somebody to review logs on the weekends for a small marketing company." That initial role gradually grew into a full-time position in IT operations, where Jesse first discovered his affinity for information security. "There are a lot of opportunities in information security," Jesse points out, "and every day you are finding new solutions to different problems."
As for education, Jesse thinks that any degree can help you get past the initial barriers of HR when you're first starting out. Certifications, on the other hand, he sees as important to establishing your skill set in certain areas of IT. "In my particular role, having certain certifications proves without demonstrating skills that I understand certain topics. They're more important in operations and security than they would be in programming."
Q: What are your feelings about the ethics of employee tracking? How far should companies go?
A: With a grounding in IT security, Jesse's feels tracking is important for protecting the company's assets. "At most companies, the day you start or the week you start, you'll get some training that, if you pay attention, usually has a blurb about how everything you do on company equipment can be tracked," he says. "I think it's really important to understand that every time you use a company resource, you're acting as part of the company. It's not your data. It's not your resource." Jesse makes the point that, as a result, the company has every right to track what you're doing on their equipment for the protection of the organization.
Q: What do you wish non-IT employees knew?
A: Jesse's insightful answer to this question was "You can always ask why." Pointing out how most people in IT really love what they do and, by and large, are happy to share what they know. He thinks that a lot of non-IT employees think there is some magic that happens with computers and can be mystified by what we do. "There is no magic," he says, "and everyone who works in IT asked why. They tried to figure it out."
Q: What is the craziest technical support issue you or your team has ever had to deal with?
A: In IT ops and security you see all kinds of issues. "There was a vice president who really enjoyed asking why," Jesse laughs. "He didn't like others touching his computer, so when he opened a ticket he would want to be involved in the troubleshooting process." For several months, when Jesse received a support ticket from this VP, he'd walk down the hall and ask him to demonstrate the issue. "He'd do the steps to lead up to the problem, and the problem wouldn't exist anymore." After this happening over and over on unrelated issues, Jesse returned to the VPs office one day for a new issue. The VP opened his laptop, started walking through the steps to recreate the problem, stopped, swore and yelled "Get Out!"
Q: What is the most valuable skill an IT professional should have?
A: There is one trait Jesse feels is over looked as important because it would be difficult to operate in IT without it. "When you are able to bring together different data sets in your mind and correlate them and use them to solve problems, I think that really sets apart IT employees."
He feels that it's an underappreciate skill set, but a critical one for success. But because it's ubiquitous in IT, it can be taken for granted. "For my job, looking through security logs, you have different tools that you use that correlate data on their own, and you have different bits of data and you have to figure out what's relevant."