By Jeff Harms
My LinkedIn profile recently congratulated me for my seven year anniversary with OCD Tech, LLC. I am approaching my four-year milestone as a full-time employee. When I joined OCD-Tech, LLC I wrote a blog explaining why I was making a career change after working twenty years in another industry. It’s now time to evaluate that decision and share some of what I have learned.
I work on the PAM (Privileged Access Management) team for one of our larger clients. When I joined full time I quickly realized that many of my coworkers were obviously very knowledgeable on all IT tasks and that I could learn quite a bit from their tutelage and work product. But then what could I offer the team? Over time I leaned into my personal work experience (department manager) and began to offer project and task management suggestions when I could.
This eventually grew into a team management position with three or more coworkers on our team. We were assigned specific tasks to monitor which previously were completed by the employees who were assigned to this separate group. While managing this group I focused on three core principles:
- Knowledge is not proprietary
- Question everything
- Think like an auditor
All of our staff have either years of experience in the field, degrees in the subject matter that we use every day, or in most cases, both. However, that knowledge is meant to be shared. Having only one employee that knows the task or process is not beneficial to the team or the client. All tasks should have backup personnel assigned that can complete the task to the same level of confidence as the primary contact. The client deserves this level of production. To accomplish this, we frequently cross train our tasks using short meetings (30 minutes or less). We also have SOPs (Standard Operating Procedures) written for all tasks that are tested and reviewed by our staff. This helps ensure the client tasks are completed as required.
Second, we question everything, but in a professional manner. When we say “question everything”, it simply means to confirm the process or the product that is being produced. It does not mean to question the person doing the task, or their product. The task owner should be able to thoroughly explain why their daily output file is correct, and why the process used is correct and thorough. If a teammate has a question on part of the process, and it cannot be answered, then it is discussed, and the SOP updated as needed.
Finally, we train to think like an auditor. What type of questions has any type of auditor (internal or external) asked about the PAM recon process? How have we answered those questions? We use those experiences to our advantage by updating our SOP’s when necessary, and train new employees via the eyes of an auditor. Good auditors can find the one outlier example of a recon that “doesn’t look like all the others”. When that occurs, is the team prepared to explain the example to satisfy the auditor? Documentation is key when completing the audited tasks. This saves hours of time in the future when the inevitable audit requests are received.
In summary, I have learned that a trained and experienced team should satisfy the client task requirements. Consistent effort to train and expose your staff to all of the recon processes ensures you can complete the work timely, even when someone is out of the office. It also allows you to identify those team members that may be capable of additional work, or work in another division that has a need. Frequent review of team members is beneficial to the employee and the manager. I may not have had much IT experience when I started this job, but any good employer will recognize the strengths of their employees and use them as building blocks for a solid team. This has occurred at OCD Tech, and I’m so happy I took the leap into this new career.
