work
I’ve gotten 4 plausible recruiter cold emails today. Nature is healing.
Simply Sabotaging an Office
The US Office of Strategic Services, the precursor of today’s CIA, wrote the Simple Sabotage Field Manual in 1944. Its goal was clear:
The purpose of this paper is to characterize simple sabotage, to outline its possible effects, and to present suggestions for inciting and executing it.
The target audience was people living in countries occupied by foreign armies, and it aimed to give them tools to surreptitiously fight back against the invaders. You should go read it now. Go ahead. It’s not long, and the manual’s packed with clever and fascinating ideas for gumming up an organization’s plans.
But as I read it, some of its suggestions sounded a lot like things I’ve seen at the office. This is a great analogy for technical debt:
(1) Let cutting tools grow dull. They will be inefficient, will slow down production, and may damage the materials and parts you use them on.
By section 11, “General Interference with Organizations and Production”, the analogies became concrete behaviors we’ve all seen:
(a) Organizations and Conferences
(1) Insist on doing everything through “channels.” Never permit short-cuts to be taken in order to expedite decisions.
“Channels” are there for a reason, and large organizations have to have certain formal processes in place so they don’t devolve into chaos. However, don’t let hidebound processes block progress. They’re supposed to make work possible, not completely block it.
(3) When possible, refer all matters to committees, for “further study and consideration.” Attempt to make the committees as large as possible–never less than five.
When an excited and competent colleague asks to improve something, and it’s not going to require the rest of the department to change their plans, find a way to let them. Nothing kills enthusiasm like scheduling a preliminary pre-meeting planning session a month later.
(6) Refer back to matters decided upon at the last meeting and attempt to re-open the question of the advisability of that decision.
Settled business should say settled. If new information has come to light, then that’s a new discussion. Once a group has reached a decision and started making plans on top of it, it’s too late to re-litigate old complaints.
(7) Advocate “caution.” Be “reasonable” and urge your fellow-conferees to be “reasonable” and avoid haste which might result in embarrassments or difficulties later on.
That sounds like excellent advice, doesn’t it? How insidious! Saying “no” incurs less personal risk than saying “yes”, but it stops all progress. Find a way to say “yes, but make sure to…” instead.
(b) Managers and Supervisors
(2) “Misunderstand” orders. Ask endless questions or engage in long correspondence about such orders. Quibble over them when you can.
No one enjoys having to explain all their ideas repeatedly. Sometimes it’s better to say “fine, go build it and show me”. Painting a picture is more fun than writing encyclopedic descriptions of what it will eventually look like. Trust smart people to do smart things.
(7) Insist on perfect work in relatively unimportant products; send back for refinishing those which have the least flaw. Approve other defective parts whose flaws are not visible to the naked eye.
Is there a meaningless typo in internal documentation? Did the author give something a name that’s accurate but not the one you would have chosen? Is their style different from your own, yet reasonable and understandable by their coworkers? Resist the urge to “improve” their work. Let it go. Save that political capital for when something’s objectively wrong.
(11) Hold conferences when there is more critical work to be done.
There’s nothing I can add here.
And for individual contributors:
(d) Employees
(5) Do your work poorly and blame it on bad tools, machinery, or equipment. Complain that these things are preventing you from doing your job right.
Granted, some tools are genuinely awful. If that’s the case, speak up and suggest good alternatives. Better, whip up a demonstration. Endless kvetching has never improved the situation.
(6) Never pass on your skill and experience to a new or less skillful worker.
Ineffective employees sometimes purposefully worm their way into critical business processes. What a miserable way to live! If you’re the only person who can do a certain important thing, you’ll never get to fully leave your job behind. Who wants to get called on vacation? Do yourself, your coworkers, and your company a favor: teach other people how to do your job. Make yourself valuable by excelling at it, but let other people help you carry the load.
None of the behaviors above are inherently malicious. Most can be explained by well-meaning people trying to do their jobs. That’s what makes them each so dangerous to an organization. A coworker who regularly schedules vague meetings to rehash old problems when you’re trying to get work done probably isn’t a deliberate saboteur. And yet, they’re following the CIA’s best advice on how to grind work to a halt.
Read the manual. Remember it. And when you see those behaviors pop up in your office, put a quick end to them.
Security training for the masses
My company is going through its annual HIPAA privacy and security refresher training. This is a good thing and I wholeheartedly support it, as it’s always nice to be reminded of some of the details. “Oh, I forgot that we’re allowed to do X! That’s good to know.”
But the most irksome thing in the world is when you know the right answer to a test question but are required to give the wrong one to pass it. For instance, we were asked:
If you then connect with a VPN, will that ensure a file sent via email will be secure all the way through to its destination? Yes / No / Maybe
Test says: maybe! If you change nothing about your setup except adding a VPN into the mix, you may now be able to send email securely.
I say: The correct answer is “of course not”. Our company uses a “split tunnel” VPN so that only connections to certain services go over the VPN but the rest of our traffic goes over the open Internet? Do we need to route someone’s after-hours Netflix viewing through an encrypted connection? No thank you. But even without that, once you send an email to your own server, you have no control over what happens next. Does the recipient’s server support TLS connections? Are emails stored on that server encrypted at rest? Does their email app require TLS? Who knows! You sure won’t. So no, a VPN absolutely does not guarantee an email will be secure all the way through to its destination.
If you encrypt the file you are emailing, will that ensure a file sent via email will be secure all the way through to its destination?
Test says: yes! If you encrypt an email to an employee at another company, it’s guaranteed to be secure.
I say: Maybe, sure. I’d even go so far as saying it probably will. However, for all I know the recipient’s company uses some key escrow thing that lets them decrypt and analyze all inbound mail, and Joe from IT occasionally sells the interesting ones to North Korea.
Thing is, our particular training program is for the most part pretty decent, as far as such things go. Again, I’m glad we’re doing it. I just wish their post-training exams were a little more carefully worded.