IT and HiPPOs

Hippos, OCD, Monsters, and IT

When I was younger, I enjoyed monster movies. As I entered the IT field, I began to enjoy the movies less, but I noticed some lessons from the movies were applicable to my chosen profession. Typically, in the monster movie, the young intelligent, photogenic, hero (or heroine) tries to alert a superior or local bureaucrat to the impending danger. The Hero is always ignored. No action is taken. Welcome to the concept of the Highest Paid Person’s Opinion (HiPPO). Frequently, in my career, I will warn a client or a superior of some security standard or best practice being violated. Frequently the advice is ignored. (I should note, I am not as young or photogenic as the actors in the movies. I hope I am at least as intelligent (I am working without a script), and dedicated).

The victims – the clueless

In the movies two types of individuals typically do not survive to the closing credits. One type, the clueless, will do those things that make you want to scream “Don’t do that!” These are the individuals that even when the realization slowly dawns that something is amiss (blood and body parts lying around, screams, suspicious rustling in the bushes, locals avoid the area), still disarm themselves, reveal as much flesh as possible, and walk INTO the dark. In IT, these are the individuals that download everything. They install applications without prior planning and click next NEXT all the way through the installation. After all, it is is good enough to be the default, it is good enough for me. These individuals either have networks that do not survive till the closing credits, or are only protectd by the efforts of other, better informed IT staff.

The victims – Paranoia

The second group of victims starts out strong. They have multiple weapons. They have almost too much ammunition to carry. This group prepares. They are the ones welding heavy gage metal to all windows and vehicles. They get out of the area, shooting anything that sounds different and gets in their way. This group is the Paranoia group. They constantly prepare and continue to improve their defenses. In the IT field, these are the individuals that research best practices. They install and configure the application in accordance with best practices. If they do not have the budget to purchase necessary monitoring tools, they write their own scripts to read logs and consolidate the information. These are the innovators in your environment. They are the young, hungry IT members. In the movie, it is when this group starts feeling safe they start to become casualties. Typically, one will say, “we are safe now.” In the next moment, that individual is grabbed by whatever threat exists. Another maneuver, is after shooting whatever is the threat, they either walk over to the creature, or they turn their backs on it and start talking. When the members of the paranoia group start letting down their guard, when they start getting careless and stop doing those things that kept them safe in the beginning, they begin to expire. In the IT field this concept is Retired on Active Duty (ROAD). The individual may have been diligent at one time, but is now tired. They system has been safe for a while, so diligence is not needed.

The survivors – OCD

One group tends to survive till the closing credits. These are the characters that will appear in the sequel. (In the IT field, these are the ones that should get promoted). These are the characters with Obsessive Compulsive Disorder. In the IT field this should be a requirement, not a disorder. (Obsessive Compulsive Default?) In the movies, this group learns from and acts like the paranoia group. But this group keeps acting paranoid up until the closing credits. The characters typically close the movie stating something like, “but what about next time?” In the IT field, this group keeps learning. Their systems evolve as the threats and technology evolve. This group maintains documentation. This individual has and uses extensive checklists. This individual obsessively checks logs and monitors his (or her) servers.

Your environment

Every IT environment has HiPPOs. These individuals are the project champions and major stakeholders. Frequently, these individuals balance competing priorities. In the movies, the HiPPO that disregards the warning typically does not survive. In real life, the HiPPO is shielded from the consequences. The true victim in real life when the IT individual makes recommendations that are ignored, are the organization’s data, the network, and frequently the organization's reputation. Unintended consequences frequently include litigation. IT is not necessarily antagonistic to the HiPPO. And informed and engaged leadership will take into consideration the concerns of IT. An organization should seek out the technical individual that fits into the paranoia and OCD groups. Those two groups, as in the movies, will increase the survival rate of the organization’s network and data.

Go to top