Who Said You Can Work in IT?

As the unstoppable commoditization of IT breeds new laws that increasingly target individual executives and workers and holds them accountable for their actions, the sobering truth is most IT workers are not qualified to work in IT and most IT managers are not qualified to lead their workers.

This is not my opinion, it is a fact. Craftspeople, for example, face a more rigorous vetting program, are subject to more stringent oversight and review and face more audited personal responsibility than virtually any IT worker employed today.

But that is changing as IT laws and regulations driven by IT commoditization take direct aim at IT practitioners, not just the corporations for which they work.

Some recent examples of individuals targeted by IT laws include:

A systems administrator was arrested by the FBI in connection with installing a “logic bomb” on servers at his company Medco, a major prescription benefit manager.

The CEO of EBay’s Indian subsidiary was arrested under the Indian “Information Technology Act” for failure to control usage of an IT service.

An employee of Seattle Cancer Care Alliance earned the dubious distinction of being the first person sentenced to jail time for “Health Insurance Portability And Accountability Act Of 1996” or HIPPA violations.

A helpdesk employee in India was arrested for allegedly using U.S. customer credit card data to which he had access at his workplace to make fraudulent purchases.

These few examples illustrate a growing trend: IT workers and executives are now targets of law enforcement. As IT commoditization continues, society becomes even more dependent upon IT and this increased dependency means IT has the potential to cause more and more severe harm to individuals.

This gives rise to several questions critical to the future of virtually every IT manager and worker: What gives IT workers the right to operate the systems under their control and access the data they manipulate? And, perhaps more importantly: What ensures customers and users those IT workers will perform in a trusted manner and safeguard their information?

Based on recent industry events and increasing punitive legal action against IT executives, individuals and companies, this article describes one probable future for IT and predicts how and why IT worker qualification will be the top priority of IT leaders in the very near future.

Unqualified

Did you ever take a moment to consider if you and your team are qualified to work in IT? Consider your own credentials (and I don’t mean a college degree, vendor certification from Cisco or Microsoft, or some quasi-industry certification like ITIL membership in a group like the Project Management Institute, etc.).

Qualification is meeting conditions or requirements to become eligible for a position. A qualified person has the documented skills, knowledge, experience and permissions to be acceptable or suitable for a particular position or task.

Consider what it takes to become a qualified practitioner in the electrical, plumbing or carpentry trades. The average skilled worker in these trades, called a journeyman or journeywoman:

Must take specific classroom courses in their trade;

Has two-to-four years hours of guided and documented apprenticeship under a master practitioner in addition to their formal schoolwork;

Is licensed, bonded and industry-certified;

Belongs to and is registered with professional industry organizations with stringent membership requirements, prescribed education, defined skills;

Has a publicly available history of their work and any infractions;

Must take refresher and update classes to maintain their credentials; and

Carries out their job tasks in alignment with a nationally recognized code of minimum standards mandated by law.

Now consider the common IT role of service desk agent or database administrator. They:

Are not required to take prescribed or formal classes, have no requirements for minimum hours in class;

May or may not have received formal schoolwork in their trade;

Probably never participated in a formal internship or apprenticeship and certainly not one that lasted for several years;

Are not licensed, bonded, or insured;

Might have a product certification, but probably not a nationally recognized certification that is vendor independent;

Doesn’t belong to any formal trade association with stringent membership requirements and codes of ethic/operation;

Has no publicly searchable record of qualifications and infractions;

Usually are not required to obtain continuing education yearly; and

Makes decisions based on situation and instinct (so called “experience”) instead of following nationally recognized minimum standards and best practices.

Clearly, IT workers in general are not qualified — if qualification means the stringent controls and work standards required of other craftspeople. Forewarned is forearmed. If IT applied the same rules as say, carpentry, then virtually nobody is qualified to work in IT. But don’t feel bad after all, this is IT, not carpentry.