By Felicia King
President & CEO, QPC Security
Many job postings today lean towards seeking an IT professional that is an ‘expert’ in one type of technology. It is common to see job postings which include terms like Azure expert, Microsoft 365 specialist, firewall professional and so on. On the surface, it may make sense to hire for specific job functions and keep everyone focused on their ‘area of expertise’ but let’s discuss the downsides to this approach – for the business and for you.
Inadequate service and support capacity
When companies go the silo route, they have one person that knows a product/service inside and out. They are the ‘go to’ for all things related to that product/service. Therein lies the problem. They are now likely the only one on the team that knows the ins and outs of that product/service.
Think about this when they go on vacation. The rest of the team struggles to work through configurations and troubleshooting of that product/service. This scenario even assumes that there was some cross training going on prior to that person taking their leave. The reality is that even with that download, internal playbooks, and vendor support, questions and issues related to that product/service will take time to go through. This is not only painful for the team, but it is difficult on the client. What would normally take an hour to resolve now takes days. The client’s patience will soon run out.
Now think about what happens when that ‘expert’ has unplanned leave (due to an accident, death in the family etc.) or they quit. Now what? All of the eggs have been, in effect, put into one basket as the saying goes. No backup plan, no redundancy. Everyone left scrambling and extra stress and work is placed on a member of the team as the new ‘expert’ to figure things out, and fast.
We do phenomenal documentation. But no amount of documentation is going to cause a backup person to have familiarity with a client or their nuanced needs. The backup person cannot simply have a high level of understanding of the configurations in a client’s environment. Instead, they must have an ongoing, deep, and intimate knowledge of the client’s environment. There is no way to idiot-proof security, interaction effects, systems, or privileged administration. If a person is to solve a problem with a business application, they must have deep knowledge of the application, servers, workstations, staff, network layer, cloud connected resources, and anything else involved. They must be able to follow the problem from head to end in order to drive it to resolution.
No organizational growth
Silos can harm a business in all kinds of ways if left unchecked. Eighty-six percent of employees say that poor collaboration and a lack of communication are the main causes of workplace failures. Here are some of the biggest dangers of working in silos:
The most noticeable impact is to productivity. Staff working in silos can significantly harm business output levels. When employees aren’t aware of some relevant information‑or when they spend their time tracking it down or preventing other people from getting hold of it‑their productivity takes a serious hit. Additionally, time spent searching for crucial information, or duplicate orders for the same resources, silos can cause a lot of waste and unnecessary overheads.
Innovation, a primary driver of business growth, is stifled. Data and discussion promote creativity. Innovation is suppressed if teams are not encouraged to share perspectives and cross‑pollinate ideas.
Silos limit opportunities for workplace cohesion and employee engagement which leads to low morale. They can sour relations between teams, weaken trust in the company’s leadership, and deaden motivation for employees who feel powerless to drive change within the company.
Finally, job rotation is more than just moving people around. It is essential to maintaining security. While everyone is hired with the hope that they act with integrity and do not do anything to put the organization at risk, it is just downright naïve to think people in trusted positions do not sometimes behave poorly. Job rotation limits the opportunity for a trusted person(s) to put the organization’s security at risk. ISACA published a recent article, The Need for Job Rotation which takes a deeper dive into this area of risk.
No personal growth
It is human nature to gravitate towards things you understand and like. You stay in your comfort zone and get to a point where you are doing the same things day after day. Read that again, you are doing the same things day after day. Where is the challenge, the learning, the sense of satisfaction of owning something end to end? How do you grow and take advantage of new opportunities when you only know one specific piece of the technology pie?
Also, while it may seem like a good idea to become an ‘expert’ in one area, look at the bigger picture. What happens if you decide to leave the company, or they decide for you? Your prospects for a new job that exactly matches your ‘expertise’ are significantly reduced. Having broad knowledge and experience makes you more attractive to potential employers.
I have interviewed many people who thought they were high end network engineers, but because they lacked adequate systems expertise, they were not usable. In today’s security landscape, you cannot be just the network person or just the server person. The ship sailed on that siloed paradigm over a decade ago.
If you are currently siloed and want to make a change but don’t know where to start, take a look at some related articles I have written including ‘Our Hiring Process’ and "Leadership’s Perspective of ‘On Call’". If you want to own a client or project from ‘soup to nuts’, then I am hiring.