It was 9:30 on the morning of March 4, 2002, and something was terribly wrong at the offices of PaineWebber UBS. Computers in branches all over the country began showing disc errors. A logic bomb buried deep within the machines had wiped their hard drives clean, preventing 17,000 brokers from making trades.
“It was six months after 9/11,” says Keith Jones, co-principal of Jones Dykstra and Associates, a computer forensics and expert witness firm. “Back then if anyone so much as sneezed, you thought ‘terrorism.'”
The IT staff located the backups and restored the first batch of machines. They got wiped again. The logic bomb had propagated to the backups. The brokers gave up on their computers and went to their other backup plan: paper and pencils.
UBS tech staff ultimately figured out how to bypass the bomb and restore computer access, but it was weeks before the company was back to normal. More than $3 million in damage had been done.
The culprit: Roger Duronio, a 60-year-old systems administrator. Unhappy about not receiving compensation he’d been promised, Duronio planted the logic bomb on more than 1,000 Unix machines throughout the company.
He then shorted the company’s stock, hoping to capitalize financially as PaineWebber’s share price dropped. Instead he was convicted of computer sabotage and securities fraud. He’s now serving an eight-year sentence.
Other cases speak less of revenge and more of IT workers simply cracking under stress — such as the saga of Terry Childs, a network administrator for the city of San Francisco who became frustrated by his manager’s lack of technical expertise and withheld administrative access to parts of the city’s network.
That particular incident appears to have been a freak-out rather than a premeditated criminal act. But either way, disgruntled IT workers — battered by interminable hours and impossible demands — pose a greater threat than ever.
For every Duronio or Childs that makes it into the press, there are 98 others you never hear about, says Jones, who was a key government witness in the Duronio case.
“People don’t realize just how much access senior IT people have,” says his partner Brian Dykstra. “The vast majority of system admins don’t abuse their privileges – even if they wanted to, they’re too busy. But when someone does go over the edge, they have the ability to do a great deal of damage.”
And the consequences can be devastating.
What does IT want?
The most common tactic used by disgruntled geeks is widespread deletion of company data, says Dykstra. Sometimes the damage is obvious, but other sabotage may be harder to detect.
In one case, Jones Dykstra and Associates was called in to help an international market analysis firm that kept losing some but not all of its e-mail. It turns out a recently fired techie had set the servers to automatically delete messages coming in from overseas.
Dykstra adds that most IT workers are too professional to take out their grievances on the systems they’ve worked so hard to maintain.
“The last thing any IT pro wants is a downed system,” Dykstra says. “That just means more work. But the thing we see over and over again across every industry is that IT is always drastically understaffed. You go into companies and find two or three admins responsible for 600 users. It’s easy to understand what gets them to their snapping point.”
Staff reductions following the dot-com crash have stripped many IT staffs to the bone, forcing those that remain to double or triple their workloads. The piling on of work can demoralize the people charged with keeping the business going, says Laurent Duperval, president of Duperval Consulting.
“This morning I spoke to an IT colleague who was explaining to me that he had to work 75 hours last week in order to help complete a project,” Duperval says. “The project has a strict deadline that must be met. It had original requirements that have since been expanded, but no extra resources (people, money, or time) have been allocated.
Basic message? ‘I don’t care about you as an individual; the project comes first. Just do it, no matter what the cost to your health.'”
Although large enterprises are typically loathe to reveal how many technology jobs they’ve shipped overseas, a recent study by researchers at NYU and the University of Pennsylvania estimates that 8 percent of IT jobs have been offshored. Gartner Research has predicted that figure will rise to 30 percent by 2015.
“My big thing was the lack of corporate loyalty to the IT folks,” says Mark Semple, a 27-year IT veteran who now runs a business coaching home entrepreneurs, Successful Together Coaching. “Outsourcing may look good on paper and to the shareholders, but it is devastating to the domestic workforce and their families.
How can you feel good about working for an organization that just sliced 50 of your colleagues and replaced them with cheap offshore labor? Loyalty is a two-way street. It is demanded of the IT folks yet is rarely given in return.”
Even more than wages, life/work balance, or job security, virtually everyone interviewed for this story says what IT workers want most from their employers is respect — for both their expertise and for the value they bring to the organization.
“One of the biggest things to cause IT pros to feel undervalued is a lack of appreciation for the skills they’re bringing to the table,” says Joel Evans, co-founder of the Geek.com news site.
“They’re misunderstood in a professional sense. You have some manager who runs Ubuntu on his home PC and thinks he knows all about Linux. He looks at net admins and thinks ‘they just maintain the network’ without having any idea what that really entails.”
Geeks are from Mars, suits are from Venus
The problem runs deeper than a mere lack of appreciation. Geeks and suits don’t walk the same walk, talk the same talk, or even eat lunch in the same rooms. They have different motivations and seek different rewards. It can create a simmering discontent that may easily boil over into a major problem.
“The problem is not simply that IT people are disgruntled,” says Bill Pfleging, co-author of “The Geek Gap: Why Business and Technology Professionals Don’t Understand Each Other and Why They Need Each Other to Survive.”
“The problem is that geeks in general are one culture and suits are a different culture. They’re like oil and water. They have completely different ideas about what should be going on. The whole situation is loaded with lack of respect and lack of trust on both sides,” he says.
For example, the business side usually assumes techies are lying to them, says Pfleging. “It’s the Captain Kirk school of management. Scotty says it’s going to take 48 hours to fix the warp engines, Kirk says you’ve got two, and somehow Scotty gets it done. But the real world doesn’t work that way.”
Meanwhile, many techies think business people who don’t understand technology — and have no interest in learning about it — are idiots. “It’s frustrating for them to have to answer the same question over and over,” he adds. “They get very irritated when the suits don’t respect the technology they care about.”
There’s no dearth of consultants urging IT pros to improve their communications skills and get more involved in the business — but you’ll rarely find anyone urging the business side to learn more about IT.
“Nobody cares about the technical aspects of a solution or problem, except the geeks,” says Duperval. “If geeks want to be taken seriously by management, they need to speak the language of the business: How is the company going to make money or lose money, and why is it important for management?”
SourceForge community manager Ross Turk believes business professionals are starting to realize they need to meet the geeks halfway. “Most businesses are about technology these days,” he says.
“Being technologically competent is a differentiator in way it hasn’t been in the past.”
But while the suits control budgets, salaries, and the overall direction of the company, the geeks hold the keys to the economic engine. Without IT, there is no business. The question is whether unhappy IT pros will use that power toward their own ends.
“I don’t think techies ever doubted they had the keys to car,” says Pfleging. “Now the suits are starting to realize it. Back in the ’90s, I talked to techs who were fully aware of the Y2K problem, but they were content to sit back and wait for it to all go to Hell. Watching a suit go down in flames is entertainment for geeks.”
Rewards and recognition
Organizations face a double challenge: How do they keep their IT staff from going off the reservation, while gradually regaining control over the technology they need to run the business? It’s not easy.
As the Terry Childs case demonstrated, in many organizations a single person holds the keys to the kingdom — and may be unwilling to hand them over to someone they deem less competent.
Organizations need to move from a trust-based approach — where sys
admins are expected to wield their enormous powers with restraint — to a process-based one, says Jeff Nielsen, product manager for Symark, which makes software that enables businesses to document procedures, limit access to sensitive systems and data, and create audit trails.
If IT admins have business reasons to access sensitive data, they can fill out requests stating their business reasons, Nielsen says. “Depending on the organization’s approval process, the admins can get the password immediately or wait for approval from a supervisor, then do the work.”
Nielsen admits this may be seen by IT personnel as adding delays and unnecessary bureaucracy to an already arduous process. Worse, job security in IT is often tied directly to a geek’s intimate knowledge of what makes the systems tick. Once the processes are well documented, the company may decide that position is no longer essential. It’s a catch-22 that’s not going away soon.
Another way to keep your geeks from wreaking havoc is to stop treating them like a commodity, says Roy Saunderson, president of the Recognition Management Institute.
“Look at how most companies recruit,” he says. “They need to understand they’re not just hiring a body; they’re getting significant expertise and talent for a job that can’t be done by just anybody. They need to do a better job of coming up with rewards packages that are unique to the qualifications and expertise they’re hiring.”
Dialog is also key, says Saunderson. The business side needs to understand IT’s needs and communicate how IT contributes to the company’s success.
“I was talking to one company that surveyed its employees recently and discovered IT was not too happy. The senior leaders said, ‘Whoa, we never intended this.’ They opened up a dialogue with IT, said, ‘You’re right, we’re wrong. Here are some things we’ll start doing based on your input.'”
And if management won’t listen, techies with in-demand skill sets can vote with their feet and find employers that speak their language, says Geek.com’s Joel Evans. Startups and other tech-driven companies tend to understand geeks and value their input more than other vertical industries.
“It has to do with recognition more than anything,” says Evans. “Sometimes all someone wants is to hear is ‘Hey Terry, thanks for building us such a great network.’ It doesn’t even have to be public — geeks just want to know their work is appreciated.”
For example, three years ago, worldwide IT services provider Dimension Data realized it needed to recognize and reward its technical people as well as it does other employees, says Denise Messineo, senior vice president of HR for the company’s North American division.
The company issued laptops with Webcams, so more of its outbound consulting force could teleconference into meetings, saving travel time.
It offered more flexible work schedules and time off for training, so techies could keep their skills current. It opened its annual sales conference up to all employees and launched a marketing video that shows off the cool technology techies have created. Next year, the company plans to launch a technology “hall of fame” to honor longtime IT employees.
“When you think of any kind of recognition program for employees, you need to think first of your technical people, because they truly are the heartbeat of the organization,” says Messineo. “If your systems go down, everyone’s productivity stops. It’s the same as if the electricity goes off. If you take care of IT first, everything else will fall into place.”
