Security

Managers and technologists live in different worlds

There is a fundamental disconnect in the way the typical manager and the typical technologist each approach the world.

Not long ago, I ran across an email on a cryptography mailing list that made reference to the Rivest-Shamir-Adleman encryption algorithm. This reminded me of an experience I had at a former place of employment, where the the term "RSA" came up in reference to improving the security policy for employee access to computing resources.

I was the network administrator and IT resource manager for the company; I won't mention which company, of course. The Vice President called me in for a meeting, along with the head of the software development department, to discuss future security technology implementation. About twenty minutes into the discussion, the conversation had moved into discussion of securing mobile resources -- a lot of the developers had high-end ThinkPads running one of two Linux distributions as their primary workstations. The VP turned to me and said "What do you think of RSA?"

There wasn't a lot of context for this question, so I was (understandably, I think) caught slightly off-guard and a little confused. I responded with an implied question of my own: "That depends on what you want to use it for."

This time, it was his turn to blink at me with a look of confusion. Naturally, the software guy leaned back in his chair and waited to see whether we'd ever reach a point of mutual understanding, since he knew even less about what was going on than I did.

I did my best to lay out the basics of what I knew about RSA encryption for him in terms a layman could understand. I thought it was odd that a nontechnical manager -- user of one of about eight or ten MS Windows machines on the whole company network, if that gives you an idea -- would want information about the uses and strengths of an encryption algorithm, but he asked, so I tried to answer. He chipped in with some attempts to help redirect the focus of the discussion to what he wanted, such as ". . . but what about using RSA for secure access on the laptops?" Of course, I thought that's what I had already been talking about, but apparently not in a way that was helpful to him.

It was several minutes of talking past each other before it finally dawned on me that the Vice President wasn't asking me what I thought of the Rivest-Shamir-Adleman encryption algorithm. Actually, it dawned on the software guy, who was sitting outside the discussion watching what was going on, and he asked the VP a quiet, seemingly innocuous question that cleared up the confusion for me in an instant.

"Do you mean RSA Security, the company?"

I could have smacked myself in the forehead with the palm of one hand, but figured that would only annoy the VP. Instead, I said "Oh, RSA Security! I thought you were asking about the RSA encryption algorithm."

At that point, I got to explain the difference between an encryption algorithm and an encryption product. All this time, the VP was asking about RSA Security's line of SecurID hardware tokens (for one-time password, multifactor authentication) that he had seen in a magazine advertisement. This seemed like a much more likely question for a nontechnical manager to ask than the similarly named RSA encryption algorithm, after which the company had been named.

I told him I would have to do some research on the products to really give a reasonable judgment of their suitability for our purposes. This research, I informed him, would have to include talking to the people that would be using them (since willingness to properly employ security measures is an important part of evaluating whether to deploy them) and determining whether they were compatible with the system configurations we used.

The moral of the story is that, as technically oriented IT professionals -- especially subject matter experts such as security professionals -- we must ensure we are aware of the potential for misunderstanding between us and the nontechnical people with whom we work. Misunderstandings can lead to wasted time talking past one another at best, and to unmitigated disaster at worst. Managers and technologists, in many ways, live in different worlds. It takes extra care to ensure we're speaking the same language when discussing technical matters.


Disclaimer: The above quotes are paraphrased from memory. I do not claim that they are one hundred percent accurate recollections of the discussion.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

49 comments
daileyml
daileyml

The key to navigating the differences between managers and technical personnel is to understand the mindset of both. It took me years of working for both good and bad managers, and then becoming a manager myself, to fully understand how these two mindsets operate. Some of the key steps to take in being effective in both worlds: -- Learn to speak without using technical jargon or acronyms. If you use the term "encryption" as opposed to "RSA" or "IPSec" managers and business stakeholders will understnad you. -- Write in a non-technical manner; act as a conduit between the non-technical and technical worlds. Remember to "speak" to the audiance that may not understand technology instead of the one that does. -- Think in terms of dollars, not technology. Adopting a fiscal mindset as opposed to a technical mindset will help you to understand the root of the questions and comments you hear from the CIO, Director, etc. They don't want to understand how Gigabit is better than 100Mb, they want to understand how the faster link will increase productivity and lower costs. -- Have an opinion. Managers want to hear your thoughts on business direction, key technologies, etc. If you can remove yourself from the all-technical role and spend time in the realm of management you will get the feel for what is on your managers mind. This will help you to adjust your conversation tone with management. Hope it helps. -Mike D http://www.daileymuse.com

tmbailey123
tmbailey123

Many years ago I was working for a branch of a Fortune 100 company. I was a System Administrator on the team. One of our primary projects was a data mining endeavor. The company had outsourced the database programming to a large team of Oracle developers located in India, while the infrastructure was located in the US. Once the coding was complete and the project was brought online it was discovered it was taking an inordinate amount of time for these jobs to run. A review of the code base indicated many poorly designed queries and other poor programming practices. While the code "worked" it didn't didn't perform well. A business decision was made to double the CPU and RAM allocated to the project to meet the required deadlines to complete the program runs. No effort was made to rewrite the code and fix the real problem. The end result was the project from a business point of view was deemed a success. And many of the business managers were promoted based on the "success" of the project. While every techie on the project knew the technical merits were very poor and could not be considered successful at all. This experience for me forever burned in the difference between business managers and technologists and how they evaluate the success of a project. All too often the merits of doing technically clean or slick/superlative work is lost on managers who have not a clue of what their employees do or how well they actually do their job from a technical perspective.

Grumpa777
Grumpa777

Not just Managers & Technologists have communications problems. We have too many problems between Technologists. I sat in several meetings with Management, Telephone and Computer Technologists at a Coordination Conference. In conversations between the computer & telephone 'experts' we started talking about 'POP'. This went on for 3 days until I figured out that we must be talking about something different. We were discussing the remote offices' ability to connect to the data center to send and receive email. The phone guy was using POP as Point Of Presence or the little phone connection boxes you see around the countryside or big boxes you see in cities. The computer POP was actually POP3 or the Post Office Protocol used to set up the email. We each thought we knew what the other person was talking about but found out we didn't really have a clue! It happens all the time. Especially now that I work at a University Computer Science Department! :-0

mikifinaz1
mikifinaz1

This is one of the biggest problems facing many companies and people who can bridge that gap will be highly sought after.

boxfiddler
boxfiddler

They perceive the world differently. You being an excellent nitpicker, I would have expected you to see this.

Tony Hopkinson
Tony Hopkinson

All you can do address each one as it comes along. Talking past each other is not just for technical issues. Precision and accuracy is always a good starter. I've got used to that one now. Another favourite is explaining how the rounded sum of ten numbers doesn't necessarily equal the sum of ten rounded numbers. The disconnect I see most often. Is I can bodge this now, but when it changes again, we are boogered. If I fix it now when it will cost us less overall when it does change. I get told to bodge it. I need to learn more about this business stuff. I keep thinking, it's about staying in it to make a profit, instead of making a profit now to get promoted before something bad happens.

JamesRL
JamesRL

And part of my role is to keep up with technology. So I don't see it that often. And I've worked primarily in technology companies (software, telecom) so most of the managers were technically literate. Its the clients that I deal with that have a technological gap. And thats my problem to deal with. James

apotheon
apotheon

Have you run afoul of the disconnect in experience and knowledge domains between nontechnical managers and technology professionals in your work? It seems unlikely that anyone could pursue a career in IT for very long without hit such snags, but I suppose exceptions are possible. What kind of problems, if any, have you had in this area? Do you have any tips or tricks to share for how to ensure such problems don't occur?

Tony Hopkinson
Tony Hopkinson

into the classic trap.... All your communication tips were tech to manager. For managers Realise that some things are technical, that the jargon we use was specifically invented so we could express technical concepts in 'english' Don't assume that an everyday english word in a technical context means the same thing. Remember we don't understand what 'your' TLAs mean anymore than you do 'ours'. That you have your own jargon, to express business specific concepts. But the big difference, is sound business thinking is often imbecilic tech thinking and vice versa.. HtHs. :p

apotheon
apotheon

"[i]And I've worked primarily in technology companies (software, telecom) so most of the managers were technically literate.[/i]" The company in the story was actually made up mostly of two departments: 1. algorithms 2. software development The VP, the accountant, the administrative assistants, and HR were the nontechnical people.

KSoniat
KSoniat

I don't think it is only Technologists and Managers, that is just the world we currently live in..... One of my first summer jobs I was brought into the payroll clerks office to fill out forms and she had large filing cabinets with "T&A" posted on them. Having recently seen A Chorus Line it was all I could do to keep a straight face as I asked her what was in her files. "Time and Attendance" was quite different from what I was thinking, but I didn't have much business experience back then.

dcolbert
dcolbert

The issue of communications disconnect here has everything to do with the "soft-skills" that Tech Republic so often gently tries to promote here. I'm a little more blunt with my perspective of, "socially maladjusted, former-mathellete, Linux ubernerds alienate normal people" mantra. But I think Chad's example here is a clear example of the disconnect that your typical Linux developer type has with... well, the entire rest of the world. As I read his article, it made me think back to high school and Jr. High and thought of the guys who played role playing games during lunch, who were inevitably only in extra-curricular activity pictures in the yearbook; Computer Club, Math Club, Chess Club - and who always seemed to have a disproportionate sense of arrogance tempered with a liberal dose of bad judgement that tended to get them into a world of trouble with the various jocks, stoners and thugs on campus. The guys that would tell what they thought were funny stories that ended with things like, "And *he* actually thought I meant RSA Security, the COMPANY! Can you BELIEVE that?!?" to the bewildered looks of normal people. I mean, when I was reading this, my first thought was, "WOW, I never knew that RSA standed for three dudes' names". I read far enough to realize, "Oh... yeah, no... I was right... RSA Security... a company... that makes those little fobs with numbers that roll so you can get into your corporate VPN". More or less, the problem then, is to understand the world as 90% of the population sees it. And that seems to be the problem that uber-techs and Linux gurus suffer from the greatest. My wife always says, "The thing that strikes me about the Mafia movies, is how they're so isolated, the families, the wives, the kids... in their own communities, that they think their life IS normal". Linux Uber Nerds are kind of that way. Most people in corporate America who have ANY idea or experience with RSA have experience with RSA Security. So *why* would you assume FIRST that your VP was talking about the "Rivest-Shamir-Adleman encryption algorithm". I mean... SERIOUSLY??? I think part of this is just that you want to fluff your ubergeek tail fathers and be able to indirectly illustrate your Tech Skillz by showing you *know* that RSA stands for "Rivest-Shamir-Adleman encryption algorithm" - the way other geeks like to fight over how to pronounce GIF or Linux. That is just my preconceived stereotype, after decades of working with people like you... but I bet there is at *least* just a little truth to it. And I may be guilty too. I have my moments of not being able to bridge the divide between nerd and normal. I think most of the people who get anywhere in this industry are to the geek side of center. But the problem is almost always with us, not with them.

jevans4949
jevans4949

For example, ATM. Working for a bank, from the 1970's these meant Automated Teller Machines. Until someone invented Asynchronous Transfer Mode. Started reading a lot of magazine articles about the latter until I figured they weren't about the former.

Sterling chip Camden
Sterling chip Camden

What's really funny is when the management type throws out the technical question with such ease and confidence, as if he even knew anything about what he was saying. When it doesn't quite fit into the context (but the green techie thinks that it must, because it came from such an authority) the conversation can get really interesting.

Jaqui
Jaqui

I'm still working on developing the habit of looking at WHO is asking the question to have an answer that fits their question.

Sterling chip Camden
Sterling chip Camden

... that boxfiddler was employing dry humor. But perhaps you were as well, in your response! OK, technologists are from Mars, managers are from Venus. Technologists are cold, stark, and have very little (if any) life. Managers are a lot of hot gas -- little chance of life there, either.

JamesRL
JamesRL

But in the software companies I've worked for (3) and the telecom equipment maker I worked for, the VPs were technical. Heck at the telecom place, the president had been an engineer. Actually you reminded me of another story. I worked as the Program manager for Y2K at a big company. I worked for Risk Management which reported up to the CFO. One of the major projects that started before my arrival failed big time and the CIO and half the directors were fired. The CFO was asked to cover for the CIO until a new one was brought on board. Given my IT background he asked me to sit in on a few meetings. In one of them a director and IT manager were trying to explain a technical issue to him. They were frankly a bit condescending, and they were clearly not presneting all options equally, as the CFO had asked for, but were biasing towards their favoured solution. When the CFO picked up a whiteboard marker and started drawing flowcharts and making Venn diagrams and explaining the options more clearly than they had, their jobs dropped and they feared for their jobs. They missed the fact that engineers in Canada wear an iron ring, and he was not only an MBA and CA, but an engineer too. He saw right through them. The look was priceless. James

Sterling chip Camden
Sterling chip Camden

I might assume that your use of "standed" for "stood" proves that you lack basic education in the English language. Since I'm not, I'll allow that you were using it for effect (exactly what desired effect, I cannot say).

shardeth-15902278
shardeth-15902278

I'm not a Linux ubernerd. I'm not a developer either. And my first thought was the algorithm, not the company. (oh, and I don't like chess, and was never in a math club, though I do think mathematics is the cat's pajamas). Seems to me you have made a very clear example of what Chad was actually talking about - Jumping to a conclusion about what another individual was thinking or saying, based on your own personal experiences and bias.

NickNielsen
NickNielsen

I'm so glad I'm not one of your reports or employees. Do they know you have no respect for them?

apotheon
apotheon

Your attitude is the very definition of "bigot".

Neon Samurai
Neon Samurai

I heard of RSA Security and the nifty key fobs long ago. Later, when I started reading on encryption and security specifically, I was somewhat confused until realizing that RSA is an encryption method separate of the company that bases so many products around it. I'm not sure how that adds to the conversation actually, just a funny story that came to mind. (Edit): I read the rest of the post: In this specific case, I didn't find it odd that he'd think of RSA encrypting rather than the security company. He tends to be a security type and was working for a development company with an inhouse math department for designing new algarythms. I'd probably assume the method rather than the company in that case also. That doesn't change the fact that everyone should take the time to understand the people they are communicating with and what differences of perspective that entails either though.

JamesRL
JamesRL

For the people working on IT financials it was Supply Chain Management - managing the ordering, configuration, delivery and installation process. For those of us on the infrastructure side of IT it was Software Configuration Management, the system for storing, tracking and delivering code. James

apotheon
apotheon

BusinessWeek is a huge problem -- it makes nontechnical managers think they can prove they know the technologists' jobs by giving them buzzwords to throw around without really understanding what they're talking about. The real problem is often that writers for periodicals like that play to many managers' ego-driven desire to feel knowledgeable about subjects well outside their areas of expertise.

NickNielsen
NickNielsen

[i]You should be glad for the opportunity to uphold the rightful authority of whoever's claiming authority today! [/i] would be "Aah, uphold this!" My second response would be to uphold the standard to its ludicrous extreme. There's a reason my supervisor and manager like that I'm not around the office... :)

apotheon
apotheon

. . . but isn't authority its own reward? You should be glad for the opportunity to uphold the rightful authority of whoever's claiming authority today!

Sterling chip Camden
Sterling chip Camden

... don't mix well. I'm having one of those cocktails right now -- a ludicrous "standard" being upheld for no reason that I can perceive other than maintaining the authority of the person who's laying down the law.

apotheon
apotheon

Office politics and I had a parting of ways.

Sterling chip Camden
Sterling chip Camden

I've never heard of a company with am entire department devoted to algorithms, even though most of my clients are software development companies. Sounds fun!

apotheon
apotheon

The business centered around development of software with some specific, highly specialized purposes -- and they actually had to regularly develop and hone new algorithms before implementing them in software.

seanferd
seanferd

will allow that or simply will allow As a phrase meaning, "take(n) into consideration". My personal guess. "Please allow for heavy traffic." I refuse! ;)

Neon Samurai
Neon Samurai

What threw me off was your rather poetic oneliner which, having now had coffee, still seems to elude clarity. Your response does clarify your point though. I used "that doesn't change the fact" as a general phrase rather than intending to imply that it was unalterable regardless of situation. In the specific case of RSA, I probably would have made the same error having started with the "RSA Security" brand awareness then much later learning that RSA is actually an algorithm (Does RSA Security really take there name from that or is it coincidence). From the perspective of someone who?s professional focus is security ?RSA? means the encryption method first and the brand name second. From the perspective of someone who?s professional focus is management without a technological background, RSA would mean RSA Security from all those management magazine advertisements. Understanding both perspectives becomes more important, or improves communication at least. A military example; understanding the roles and perspectives of your subordinates and superior along with others in your area of focus. Communication goes up, down and sideways. Extending that to business, you need to understand the roles of your subordinates to manage the work they produce plus the responsibilities and perspective of your superior to properly prioritize your work and communication upward. You should have a basic understanding of the pie slices on either side of you plus understanding that the pie is round and those are only three slices of the whole. I don?t expect the CEO to come talk IT acronyms with me as I realize that the position and perspective have completely different responsibilities then I do. In like fashion, my own perspective may not make me a good choice for CEO (yet..) but it does make me very good at the responsibilities I cover off. Extending that to civilians and these very forums, is understanding the perspective that the other folks post from not an advantage? How many times have you seen two people arguing past each other on the same point which the obviously agree on though potentially not by exact wording? Consider one of the young?ins (there was a 12 year old posting the other day wasn?t there?) or folks new to IT. Do you consider that the perspective they write from may be lacking information they?ve simply not had time to acquire yet or do we assume they have 20 years experience in IT but are just dim? Is there a case where it is not beneficial to understand the way the other people in the conversation see the world? Anyhow, maybe I?m still missing the point as I don?t see how, either as fact or a very good recommendation, understanding the view other people communicating with you speak from. For example, assuming someone with a business management background means RSA encryption versus RSA Security.

santeewelding
santeewelding

You established perspective, and what we should do about it, as fact. In fact, you elevated it to the unalterable ("...doesn't change the fact..."). To my admittedly primitive mind, no perspective may exist unless in relation to at least one other, even in, say, the example of a pie chart with one slice highlighted. The one is highlighted with respect to the remainder of the pie, which also counts necessarily as the second and only other "perspective". The "people" and their perspectives you mention, I agree, amount to many "slices". I agree with you, too, that any of us would be foolish to assume our own slice to comprise the whole, and to impose an imperative "should" upon all the rest in terms of our own. Which is what you did. Or did you? Whence came your "should"? Surely you are not so foolish to argue the total based on your slice. You have to be arguing on the basis of the whole, don't you? If the whole in turn amounts to a "perspective", then in relation to what other remainder? Or do you argue from the "understanding" that goes right over your head, which may mean you don't understand what you yourself said in the first place. You took the trouble to say it. I take the trouble to understand it.

Neon Samurai
Neon Samurai

And by the unopened caffeine delivery mechanism beside me, I'm guessing that is the case but that went right over my head. What was that then?

santeewelding
santeewelding

That understanding which cannot for the life of us be perspective, but common, and for every last one of us, Neon? Thereby hangs a tale.

Sterling chip Camden
Sterling chip Camden

CMS = (content|contact|client|customer|contractor|case) (management|maintenance|marketing) (system|software|strategy)

apotheon
apotheon

Yes, it's funny [b]now[/b]. At the time -- not so much.

seanferd
seanferd

But it really isn't funny, is it?

apotheon
apotheon

"[i]Maybe it would have been more obvious from context that I don't have, but it sounds like the manager was beyond vague.[/i]" No, it wasn't more obvious in context. You're right.

seanferd
seanferd

Seems the manager flubbed it right there - one only has finite time to guess what another is talking about. Even if you knew he was talking about the company, would you have known what solution he was talking about? Purchase product x, become a technology partner, hire them as consultants...? Maybe it would have been more obvious from context that I don't have, but it sounds like the manager was beyond vague. Anyway, I enjoyed the perspective delivered by this article.

Sterling chip Camden
Sterling chip Camden

It is, indeed, a head game. C*O's buy these magazines precisely in order to feel informed, and the magazines follow the shortest path to oblige.

Editor's Picks