Fresh Thoughts #34: Are We Asking Too Much of IT Admins?

people sitting round a coffee table

Recently I conducted a roundtable with a room full of IT resellers.

One who had been in the industry for over 10 years shared a story about what it's like to work in IT today.

"When I started, it was common to have 6-9 months to figure out a new technology. We could get into the weeds and deep-dive into what the product actually did compared to what was claimed.

Now my team has 2 days. At most, we can stretch to 2 weeks if it is important enough. And if we don't have a good enough understanding in that time, there's someone else that will, and we will be replaced."

I remember the pre-cloud era when IT was stable and known. A new operating system was released every few years, and significant updates every 6-months. The cadence was predictable, and the apps were known.

Cloud services changed that, and IT administrators have had to change their skill sets. No longer just working in operations, DevOps has pushed them to learn new development skills - necessary to increase the automation of cloud services.

While change is inevitable and adaption is assumed, it's noteworthy how far we have come in the last 10 years. From what I see, the most talented have thrived in this environment, and business owners are getting the desired results.

Form Fillers

More recently, IT administrators have been pulled in a different direction - filling in forms. As experts on a company's IT infrastructure, administrators have unique knowledge that must be captured for cyber insurance forms and security certifications.

However, in the name of efficiency, the traditional act of merely providing information has morphed. Now IT administrators are responsible for the structured presentation of the data. And the list of forms is ever increasing...

  • cyber insurance questionnaires
  • partner security questionnaires
  • security certification forms
  • R&D tax credits

In my experience, technologists are much more content doing technology than talking about it. The gnashing of teeth, procrastination and demonstrably lower productivity is uncomfortable to watch when there's a form to complete. It always pulls against a company's mission.

Moreover, even with perfect information, communicating effectively via the medium of forms requires experience and a detailed understanding of the author's intent.

Last year while completing a questionnaire for a foreign currency account - the Fresh Security team knew exactly how the account would be used. They had a call with a banking advisor to confirm this was acceptable.

But when the form was completed, one misunderstood question and a wrong number meant a flurry of emails and calls were required to revise the form before approval.

The intent was crystal clear, but the communication was off.

In the case of the bank account, Fresh Security and the business advisor's objectives were aligned. But for security questionnaires - is that always the case?

Yet businesses are increasingly putting the burden of this communication on IT administrators... a role already adapting to the demands of cloud computing and uncomfortable with the art of form filling.

It makes me wonder - are we asking too much of IT admins?

September 27, 2022
3 Minutes Read

Fresh Thoughts to Your Inbox

Fresh perspectives on cybersecurity every Tuesday. Real stories, analytical insights, and a slash through buzzwords.

We'll never share your email.

Related Reads

a stack of books

Fresh Thoughts #30: Spring/Summer Directory 2022

With 29 issues of Fresh Thoughts under our belts, it's time to pause and reflect. Here are the themes we have touched on...

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.


Fresh Security Support

Your Questions


Fresh Sec Limited

Call: +44 (0)203 9255868