Don't let the turkeys who give you bad advice get you down
Management by headlines afflicts all professions, but it is particularly troublesome
for federal IT professionals. We are caught between rapidly changing technology and
politicians seeking re-election. We are constantly buffeted by dire news and dramatic
Management has few options in the face of these pressures. About all the senior
managers can do is shift people and funding from current projects to meet new challenges.
As IT expertise can be highly specialized, this approach can be frustrating. Momentum is
lost, and technical skills may not readily transfer from one problem to another. Moving
from one crisis to another, we feel obliged to adopt quick fixes in lieu of fundamental
The typical news article is long on controversy and short on specific solutions. Some
deplorable event is garnished with quotes of experts giving general admonitions. The story
clearly points out that something is wrong and must be fixed. But the writer might not
have the time, expertise or access to analysis that would shed light on how to solve the
problem. The reporter must move promptly on to the next story.
The experts may be just as much in the dark. Or they may be reluctant to give away
ideas they'd rather sell.
Too frequently, agency response, if there is one at all, is panic, overreaction, or
paralysis by analysis.
Panic can fritter away time and money in uncoordinated activities. Overreaction can
throw the baby out with the bath water. Exhaustive studies can waste time and resources in
documenting the obvious.
""DOJ incident exposes Web insecurities,'' a Page 1 article in the Sept. 9
issue of GCN, was a fortunate exception to this scenario. The Justice Web site had been
clandestinely replaced by an unflattering spoof. Justice representatives are not saying
how this dastardly deed was accomplished, perhaps to prevent copycats from doing it again
and to avoid acknowledging some hole in security.
But the story's authors included a short list of precautions that webmasters can take
to minimize their exposure. These precautions were not very detailed, but they did cover
the likely avenues of attack and where to begin to prevent them. A thorough discussion
would require a long feature article, even a book. But the article was far more helpful
than the usual ""watch out for hackers'' and ""the Internet is
dangerous'' nonsense that often appears. When generalizations pass for solutions, the IT
technician not only has to develop a solution unaided but also must overcome the fear,
uncertainty and doubt that lurks in the back of the manager's mind.
In organizations where one is rewarded for not making mistakes, risk-taking is a rare
management attribute. Consequently, management will favor the solution that has the least
prospect of failure over an alternative that promises greater benefits.
Who has the answers? Unfortunately, many managers give more credence to consultants
than to their own staff. A solution may be dismissed when it comes from in-house but
eagerly embraced when it is delivered in a classy, bound report costing tens of thousands
of dollars. The consultant often simply harvests and packages the ideas of the rank and
So, good suggestions appearing in an article can be worth their weight in gold. They
have the credibility of the authors and the quoted experts. Like doctors and lawyers, IT
experts can be reluctant to give prescriptions via the media. In another similarity to
medical or legal advice, good suggestions should come with caveats that specific agency
situations and requirements can vary. Serious problems can occur when this fact is ignored
Fortunately (or not), few of us act on free advice, however wise. And most agencies are
willing to pay for a road map with a distinguished pedigree, if for no other reason than
the insurance value if things don't work out. Because getting quoted as an expert is
invaluable advertising, there will be no shortage of experts eager to offer suggestions.
How can you distinguish between a good suggestion and a poor one? Recalling a
management seminar I took a long time ago, good suggestions are like SMART goals:
specific, measurable, attainable, realistic and time-related. Poor suggestions are
ambiguous, impossible to execute and never-ending in scope.
Sometimes you need to undo a poor suggestion that has taken root in your organization.
Generalizations like ""tighten security'' can be readily dismissed with
specifics and should be readily dismissed. Otherwise, they can hang around one's neck like
a dead albatross; one might be forever explaining them away.
The one advantage poor suggestions have is that they are safe. Because no one ever can
truly follow them, one need not worry about being accountable for their efficacy. Except
the unfortunate person trying to follow the suggestion.
Walter R. Houser, who has more than two decades of experience in federal
information management, is webmaster for a Cabinet agency. His own Web home page is at http://www.//cpcug.org/user/houser/.