One of the things IT managers face is losing touch with the technical aspects of the projects they manage. That's OK if you've got plenty of talented people working for you. But when you have a small staff and lose a key person, you have to be able to step in and do the work yourself.
Personally, I have always tried to stay as hands-on as possible without losing my vision of the overall strategy. Technical people often get hung up on the details and forget to step back to see the big picture. A good manager keeps the vision in mind and guides the team in the direction of what's good for the business, which does not always jibe with what the technical team thinks is important to focus on.
In my realm, this plays out with me reining in the most severe security impulses of the professionals who work for me while ensuring that security is tight. They want the network locked down as much as possible, as they should. I do too, but I have to keep in mind our users and the efficient functioning of the state agency we work for.
For example, I don't want users to be forced to choose a very strong password that has to be changed every 30 days. The security professional in me knows that every increment of protection helps, but the manager in me knows that users resist strictures that constrain efficient work habits. If you institute practices that users will ignore or circumvent - by posting their strong passwords on their monitors, for instance - you've done nothing to increase your security profile.
But how does a manager stay hands-on when skills are constantly being ratcheted up?
We had a windfall in training dollars this year. A lot of training money had gone unused; it was as if Christmas had fallen at the end of the fiscal year instead of the end of the calendar year. I set to work right away assessing the skills of the team and the areas where we needed to get stronger. Then it dawned on me: I could use some additional training myself.
Managers don't usually go off to get more technical training. But my team is small and often needs me to pitch in, so why not? I'm not looking for additional credentials. I already have an advanced degree and four certifications (which mean nothing in some circles and a great deal in others, but that's another story).
I'm looking to enhance my skills so I will better understand what my employees are doing and how I can help them. What I need is an in-depth understanding of networking technologies as they relate to security. The thought that I could send my entire team off to enhance their skills and still have money to make myself more effective in my job got me kind of excited.
First, I turned my attention to what my team needed. Our environment runs primarily on Microsoft and Cisco products, and training in those two areas would be the focus. I went to the team members and asked them to decide what they needed and pick training courses. Their choices were amazingly in sync with what I thought they required. Hooray for communication! I made just a couple of adjustments that everyone immediately agreed to.
Then it was my turn. What were my knowledge gaps? For me, my No. 1 training priority was clear. I had always wanted to achieve the CCIE (Cisco Certified Internetwork Expert). Many years ago, I purchased the entire study series, including the hands-on lab guide. From time to time, I pick up those books and read a few chapters. I also use them as reference materials when network problems come up. I've probably learned a lot just by having those books close at hand. But I haven't made any real progress toward the CCIE.
I'll have to start at the beginning by achieving the CCNA (Cisco Certified Network Associate) and build upon that. But I want to get through that quickly so I can move on to the good stuff.
My plan is to take an e-learning course for the CCNA. I'll kick my way through that in a month or two, take the exam and check that off my list. (If only I could do the Base10 to Base2 to Hex conversions in my head!) Then on to the advanced training. I want to understand the functioning and applicability of every security feature of every Cisco device imaginable, from switches and routers to firewalls and virtual private networks to intrusion-detection and -prevention systems.
So my goal this year, after I get the CCNA out of the way, is to achieve the next level of training up from that, the CCSP (Cisco Certified Security Professional). I can take a class at the end of this year. It will require me to be gone from the office for two straight weeks while I endure 12-hour days cramming this stuff into my brain. But I will be on the road at last to that top-level certification.
I've said it before: I'm lucky to have a good boss. When I told him what I wanted to do, he understood where I was coming from and approved all my training. Like me, he understands how important it is to keep up with the technology in a real and practical way. He's a closet coder himself, often developing programs we need over the weekends.
My Cisco training is going to cost about US$10,000. That's a lot of money to spend on technical training for a manager. But if I had to hire someone with these skills, it would cost us well over six figures a year. State agencies usually can't afford to hire talent at Silicon Valley wages, even though state and federal governments are required to secure their networks at a high degree of sophistication.
Well, we can pay the piper now or later. We'll do it now.