By Felicia King
President & CEO, QPC Security

You went to college, got the degree, have “all” the certifications, started at a Help Desk, and worked your way up through an organization all of these milestones are important but none of them elevate you to a level where some IT services work is beneath you. As a business owner, during the interview process, I encounter this mentality of “well, I have been in the IT industry for ‘X’ number of years therefore I should not have to do PC setups, printer configurations or anything else I deem to be entry-level work.” My response to this is an unequivocal, nonnegotiable “nothing is beneath you”.

Soup to Nuts

Here is the challenge with the whole “I’m above that” mentality. The highest calling for any company in the IT services industry is to have the “soup to nuts” depth and breadth of knowledge about a client and their technology environment. Otherwise known as Sole Source IT Provider. QPC Security can’t establish this level of knowledge if we have staff that are cherry picking what items they work on and/or refusing to do some things because they feel it is beneath them. If this is your approach, then what you are really saying is that you only want to have knowledge about certain aspects of their environment which lay above some arbitrary level. That is not “soup to nuts”.

Let’s look at it from the client’s perspective as well. Realistically speaking, there is an additional time to resolution, loss of knowledge, and decreased insights into their overall environment when their work is put into buckets and members of the IT team are limited to working within those buckets. This is also known as working in silos. A client should not have to wait for an issue to be addressed because internally we need to pass it from team member to team member for each person to complete their portion of the work.

You can still delegate

The beauty of truly having that “soup to nuts” knowledge is that you get to make the decisions. You can delegate the deployment of a new PC to an entry level person on your team. You are still responsible for their work and ensuring that it is done correctly.

What happens though if no one is available to delegate that work to? What if everyone on the team is already assigned to other projects? Do you delay the deployment of that PC until someone can take it on or do you do it yourself? The correct answer is you do the work. The client is paying us to do the work. They don’t care (nor do they need to know) who is doing the work. They pay a fee and for that fee, they expect that the work is done completely and efficiently the first time. Simply put, we are in the service industry, and it is our fiduciary responsibility to do the work.

Another dimension

There is another dimension to this concept of ‘nothing is beneath you’ that needs to be taken into consideration. If you are looking for the vCISO/CISO title, you had better be able to do 100% of these things: assessment, project plan development, engineering plan, implementation, support, compliance and risk assessment. For those of you with thoughts of “I stopped doing network-type at my last job” or “I got out of new PC setups 10 years ago”, stop and ask yourself how can you possibly generate, own a plan, and assign pieces of it to someone else when you don’t know (or have no recent knowledge of) how to do it yourself?

Another aspect of this is that if you are not the person doing the work or supporting the work that was done, how do you ensure a closed feedback loop for total quality management? As rapidly as technology changes, so do the standards by which we implement that technology. If you are not the one doing the work or supporting the client on an ongoing basis, how can you possibly learn what worked, didn’t work, needs to be changed to account for new standards etc.? What happens the next time we have a client with a similar scope of work? Do we implement the same outdated plan? You must be able to see for yourself what works and what does not in order to be a true advocate and leader for the client.

Each team member must be able to contribute to the incident response depth of bench and availability to deliver service as needed / as required. If you do not regularly engage in service work at all levels, your ability to step in and take care of what needs to be taken care of does not exist. In an urgent situation or an incident response situation, no one has any time to train you on the things you are no longer sharp on because you stepped out of doing that work years ago when it was “beneath you”. In terms of value to the company, a technical team member who has the willingness to step in and take care of issues is of much higher value than someone who normally handles high end compliance matters but is unwilling to do the day-to-day technical support and project work to keep their skills fresh.

More is not always better

Some IT Service Providers subscribe to the ‘more is better’ approach. They mistakenly believe it is somehow impressive to a prospect or client to have five engineers sitting in on a meeting as if that demonstrates expertise or depth of bench. Do you honestly think any business owner would pay for the time of five engineers to attend a meeting? The answer is ‘no’. So, then what happens is the IT Service Provider essentially eats the cost of that meeting. Having ‘depth of bench’ does not mean having a team based upon some members that can perform specific work and others who are siloed into other work. It does mean that at any given point, any team member can step up to the plate and do the work of any other team member.

Nights and weekends are not off-limits

In my article “Leaderships’ Perspective of ‘On-Call’", I speak to the fact that if a client is properly managed, you should not have hot emergency calls that must be dealt with outside of working hours. In the very rare instance where something happens after-hours, you are not above being called upon to do the work. Client’s needs do not revolve around a 9‑5 Monday‑Friday clock. If a security incident happens on a Friday afternoon and goes into the evening, so do you. Hourly jobs that end at a particular shift time consistently are the realm of lower paid hourly shift worker positions, not salaried positions with high levels of responsibility.

Look at it from a client’s perspective. They are paying us to manage their IT. This does not mean working the problem until 5 PM and then turning it over to an entry‑level tech because, well, that is what entry‑level techs do with respect to after-hours, nights, and weekends. Sure, you have likely done your fair share of that type of work with other organizations but none of that makes you exempt from doing it at QPC Security.

QPC staff are expected to be adults. Being an adult is hard. The desire to have flexible work schedule and work/life balance also means being an adult and getting the work done. Generally, we must all be available during business hours on a regular basis to provide support and availability to meet our clients’ needs. However, if there is support coverage through other team members and you have a daytime appointment, then the opportunity to go to that daytime appointment exists.

Do not apply

I stand by ‘you can’t delegate what you can’t do’ and realize that this mindset is radically different than what most IT service providers promote but then again, QPC Security is not your traditional IT service provider. For more on what makes us different, be sure to visit “The QPC Security Difference”. I tell it like it is and don’t hold back in fear of someone, who is technically qualified, not wanting to work at QPC Security because they feel they are above certain types of work. If you have that mentality, I highly encourage you not to apply.