IT Employment

General discussion


The New & Highly Expected IT Person

By john ·
To any/all IT folk out there, I need help. I was hired 3 weeks ago as the IT specialist for a company in Illinois, not realizing that there hadn't been an on-staff IT person in over a year, maybe two.

My problem is the overwhelming lack of information regarding IT policies, network information, software & licensing information, etc. Basically, there is next to nothing to work with. The "Master IT" manual is dated 2003, to give you an idea. So my query is how to go about getting this organization squared away and secure my job in the process.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Hi John

by zlitocook In reply to The New & Highly Expected ...

Welcome to the new guy club. Allot of companies thought that contracting or out sourcing was a cheaper way to go. In the last year or so there has been a big upswing in hireling IT for large and small companies in our area.
As the only IT person you need to meet with managers, CIO's and others to let them know that you will do what ever is needed to make their company run better and keep its information secure.
Now you need to let them know to do this you will need their help because it might mean changes in how they do things.
Like how they use the internet, how they use their computers and what users can do on their computers.
I am in the same position where I am at, and my boss is in another state. So I follow some of their polices and make some of my own.
PM me and I will give you more of what I do to keep the users happy.
I use MS allot for free how to's on Outlook, Excel and other office products.
You did not say if you need to answer to a high boss or if you are the only IT person. If you are the only IT person, you need to find out what you can and can not do! Ask the people in charge what can I do and not do?
This may let you know if you need to look for another job fast.

Collapse -

Other considerations

by gralfus In reply to The New & Highly Expected ...

I'd bet they probably don't have up-to-date patches on their servers or PCs, and may have been compromised severely by now. There are probably spyware and other nasties if they are all admins on their computers.

I'd recommend doing a bit of recon to determine what needs to happen, present it to the management so they understand the dangers, and recommend a clear course of action. They will still probably resist because they are used to unbridled freedom with their equipment.

Collapse -

Prepare a realstic action plan

by ayambeng In reply to Other considerations

What I suggest is you should draw up an action plan which consists of what you intend to do and the amount of time you intend to spend doing it. This should fall within a specific time frame say three months. One thing for sure is, you are going to work yourself out. You should be as realistic as possible when drawing up your action plan since you will have to present it to hierarchy for prior approval. So do not insert what you cannot do. The action plan should be result oriented ie you should present the expected results at the end of the period. Actually, what you are trying to bring out here is to let the Administration know you are thinking of and intend to take good care of their business. This is what has to come out at the end of the day.

Collapse -

Absolutely -- you've got that right

by RayneToday In reply to Prepare a realstic action ...

This is the FIRST thing John needs to do, in spite of the excellent responses down thread. John needs to let the Administration know that the first order of business is to cover their behinds for them, that they have been exposed to a risk, and that he is going to address it immediately. He needs to explain that the risk is a lack of current Disaster Recovery planning, which includes an updated snapshot of the existing system, documentation of information flow, and how to recover the infrastructure and data in the event of disaster. (Any hesitation by management -- and some managers are stupid or weenie enough to hesitate -- should be answered by the word, "Katrina".) If the business must be SOX or HIPAA compliant, he can also explain that the secondary risk is lack of currency in compliance, and that he is going to reduce their risks as soon as applicable Disaster Recovery documentation has been completed.

Doing these two things, letting management know how critical the documentation is and why, will buy John the time he needs to do his job. Remember that some businesses, especially those with only a single IT person, don't necessarily understand the value of documentation and may not perceive value from any IT work that is not directly and immediately visible as cost-saving or productivity-enhancing to management or the users. (Been there, done that, now consult on it.) If management understands they have been exposed to a quantifiable risk, they will let John have space and time he needs to get the documentation done.

That said, John also needs to ask why the last IT person left and why so long to replace them; there's an issue right here, and it also needs consideration. This gap might explain a lot about the business's condition and management attitude towards IT, helping John formulate a position in dealing with management about IT. If there were cost/expense issues involved, John needs to frame his efforts in those terms. If a lack of understanding about IT's importance was involved, he's going to need to have education/training sessions or prepare "explainers" (short briefs that provide an overview of particular IT issues and impact on business).

And of course, as all other IT folks in SMB's know too well, do all this while users are breaking every known security maxim at the same time. Heh.

Good luck, John!

Collapse -

Something I've learned

by CuteElf In reply to The New & Highly Expected ...

Is a great tool to use anytime you're having PC troubles: either the box itself or the cerebral PC department!



Do a physical audit of the network and the lan and the EVERYTHING.
Including rack #, slot#, serial#, version firmware#, idea?

This will show you what you're dealing w/ as a whole.

Whos the ISP?
Where are the fire exits?
What's your TOS w/ the ISP?......

Start physical in your bldg.
Work up from network into the PC's themselves.
Build a DB or spreadsheet on your inventory.

Personally I'd use a network sweep and get version/patch/serial #s/liscneces.

Get this written out and drawn out for your department.

Then let it sit for a week or 3 and watch the problems in your world go by. Get a baseline to compare of net traffic, net usage, idiot calls....

Set five goals to achive by end of year.

Find any existing paperwork from legal dpt about network usage, security settings...anything?

Also listen to the users. Setup a webpage for user inputs/suggestions SPECIFICALLY for computer related questions & problems.

Pile those up and find a common denominator. Who bitches the most? Why are they whining? What box do they use (you know by now) What kind of job do they have???

Good luck, and remember: if you do **** someone off, you're doing the right thing by documenting thier crap. The lawyers will thank you some day.


Collapse -

Network Documentation

by TheAdmin In reply to The New & Highly Expected ...

Hello John,

Just to links to get you going:

Greetings, and have a happy hunting for your Info :-)


Collapse -

Break it down into basic steps

by jbrare In reply to The New & Highly Expected ...

As you inherited an unknown, you really can't begin anywhere until you define where you are at currently, and where you wish to be in a given period of time. The first thing is to do a complete hardware and software inventory, complete with hardware specifics (RAM, CPU, drives,all network access points, etc.) and software versions, license and per seat usage. This type of inventory will give you an idea of where you are. After that you will have to design the permission(s), priveleges, and security available. Good luck

Collapse -

S.O.X documentation

by amarie.singh In reply to The New & Highly Expected ...

I know exactly how you feel. The best thing to do is start with your inventory(licensing, machines, servers, firewall, switches). Software to use could TrackIt or Remedy. Have discussions(needs\support) with the managers of various departments. Helpdesk will definitely be a huge issue. Outsourcing some consultants would assist. I know alot of companies in the Caribbean invest alot in outsourcing. Search up SOX - based on documentation - standardized docuemtation.

Collapse -

Good points, all

by NoCubes4Me In reply to The New & Highly Expected ...

I walked into a similar situation, and then watched as my supervisor attempted to "reign in" everything at once without much buy-in from above (or even laterally). Not a pretty sight.

The points already made are excellent - documentation, planning, change management, change documentation (in particular).

The main things we both learned from the adventure were:

1.) One thing at a time - which means assess, get a feel from the community (top to bottom), prioritize, and establish realistic timelines. Then communicate. Constantly.
2.) No buy-in, no backing. Earn management buy-in.
3.) No credibility, no possibility - note that I said "Earn management buy-in." Doesn't matter if it's the best plan and all of the right folks are behind you - if they don't believe in you, they don't believe in "it", either.
3.) No authority, no point. You can't drag the company, and you won't get much accomplished if you don't have some degree of authority to carry out "the plan".

Collapse -

Come to Jesus

by PureCoffee In reply to The New & Highly Expected ...

Time to "Come to Jesus". I have recently been down this road. I would just start with an inventory of computers, servers, etc. Did any of them come with licenses etc. Write it all down and just start organizing. Break it down into categories and prioritize. Start with Server, server software and licensing and then move to individual pc's. Ask the business units what their expecations are and what their needs are. What do they expect that employees would have on their pc's and what is acceptable. With that,create an Acceptable Use policy. Buy a copy of Visio and start on the network documentation. Talk to the old vendors if you can and see what they did or did not do.
Your task is going to be a long haul project and won't be done over night. Creat an IT Plan and present it to the company on the problem (no docs etc.) and then your solution with an expected timeline given the resources you have. THis will give you instant credibility if done right.

hope this helps.
Remember, Failure is an event, not a person!

Related Discussions

Related Forums