IT Roles and IT People – an IT Manager’s Perspective Kang Sun1 Smart Energy Woburn, MA 01801, USA Abstract At ISECON Conferences studies and research on various subjects of information technology (IT2) have been reported extensively. As an IT manager and professional with many years’ experiences, I present here my personal view on different IT roles and qualifications for each role. I hope it will contribute to the current curricula reform and inspire new research projects. Some of my real-life experience stories could also be useful in classrooms. Keywords: IT education, IT undergraduate curriculum, IT manager 1. INTRODUCTION Years ago when I was teaching computer technologies, I was constantly asked by graduating seniors what track to take: programming or system administration. It is probably true that most of the entry-level IT positions are either programming or system administration, besides Help Desk technicians. There are other IT roles people can grow into. Educators can help students understand these roles. Prior to a discussion on IT roles, IT curriculums must first be considered. Principles of computer organization, operating systems, and networks are essential for any role. Programming languages and the art of programming (Knuth, Donald), including data structures and algorithms, are indispensable for programmers. They are also important for IT professionals of other roles for scripting and for understanding the performance of applications. For a strong basis for continued career growth (Gorgone 2001), IT curriculums should also cover concepts of System Clustering, Storage Area Network (SAN), RAID Array, Capacity Planning, Disaster Recovery, Web Design, Web servers, Application Servers, three tier E-Commerce model, System and Application Integration. After all, IT curriculum is aimed at preparing students for real world. 2. HELPDESK There are at least two types of helpdesks: internal and external. External helpdesks are usually called Technical Support. Qualification for such position is product specific and technicians are trained for the products they support. An internal helpdesk is responsible for the smooth operation of corporate computing facilities. Job functions include diagnosing office computer problems, hardware repairing, accessory ordering, identifying and escalating network and server questions to system and network administrators. Basic training and experience on PC hardware, operating systems such as MS Windows and Mac OS, Office Suite are necessary knowledge for helpdesk technicians. To be able to diagnose internet connection issues they also need knowledge of basic network services such as DHCP and DNS. Helpdesk is essential to the productivity of the corporate; it is also the division that receives the most praises as well as complaints. Employees may not know your system administrators, but they sure had experiences with your helpdesk technicians one way or the other at some point. For this reason, I pay more attention to the personality of candidates at screening. Technical requirements are minimal and there are many certified candidates available. It takes some effort and luck to find someone with great interpersonal skills and ability to explain a complicated situation in simple terms. A good help desk candidate is also well organized. Tickets are commonly used to track help requests. Help desk technicians need to open tickets when receiving requests, respond to and solve the problem and close the tickets as soon as possible. If the tickets could not be closed for some reason, customers and supervisors need to be notified and the ticket needs to be followed-up periodically until it is closed. Help Desk technicians need to be familiar with corporate computing infrastructure in order to diagnose and to escalate problems correctly and efficiently. Periodic knowledge sharing seminars and talks are good ways to bring up the common ground among people in IT department. 3. PROGRAMMERS AND DEVELOPERS “With all the resources available today, don’t programmers automatically write sloppy codes?” This is a comment from James E. Hoffman, President of Alliant Energy Resources, Inc. and former CIO of MCI, also an IT professional himself years ago. He was referring to the fact that some programmers do not know how to or care about optimizing their codes. I see several reasons for this sloppiness: (a) Hardware performance superiority and affordability greatly compensate and tolerate code inefficiency. (b) The booming of high tech businesses a few years ago demanded quick and massive production of programming codes so that all sort of programmers could survive. (c) Technological advancements – or, to be more specific, academia’s embrace of certain technological advancements – have simply given us more topics to cover (Okie, E. G., Stevens , K. T., Chase, J. D. & Lewis, J.) , as a result, students have less exposure and training on classic art of programming topics such as data structures and algorithms (Knuth, Donald) in schools. Many times hardware advances simply cannot match with software demand as a result of business growth. In such situation, software efficiency is not a luxury but a necessity. One of the companies I worked for is in broad-band software-on-demand business. It needed to extract marketing information from logs of web servers (portals) located at various broadband service providers’ sites. A programmer wrote a Perl script that worked fine during test but was getting slower and slower as customer base grew. I examined the code. The script simply used the built-in sorting function to sort the data twice, by data stamps, and then by customer IDs, without realizing the entries are already chronically ordered due to the nature of web logs. What worse, the whole strings of log entries of about 100 bytes each participated in the sorting. The script ran poorly because its performance is about 2nd degree polynomial while a linear time-performance solution exists. I applied bucket-sorting-like algorithm and used data links in the sorting. The resulting script finished in 10 minutes for a job that used to take two hours and twenty five minutes. I believe that if people know one programming language well, it is easier to pick up other programming languages -- the major difference is syntax. The important thing is to learn to appreciate the art of programming (Knuth). When recruiting programmers, I look for candidates who are experienced with data structure and algorithms; I always ask candidates for a few pieces of smart codes they are proud of; I look for candidates who understand the rational of bucket sorting algorithm, the meaning of inequality or “the sum of squares is less than or equal to the square of sums for positive numbers.” This is not an issue of mathematics, but a common sense application of programming constructs needed to produce good and efficient code. For decision makers, always ask for software solution before hardware upgrade. 4. SYSTEM ADMINISTRATORS System administrators (SA) distinguish themselves by major computer platforms. Many places use UNIX systems as servers, e.g. database servers and web servers, and use windows for office applications such as MS Office and mail. In such environment we need system administrators from both schools. We also need gurus who know both platforms. My observation is that it is relatively easier for a UNIX guru to learn and master Windows, not the other way around. Junior level system administrators have the routine jobs of installation, upgrading, patching, and daily administration of operating systems and clusters. For senior system administrator, there are many challenges. Modern systems often include hardware and/or software RAID arrays, advanced file systems, and storage area networks (SAN). System administrators are also responsible for applications that run on the systems. For example, in typical three-tier E-Commerce model, the front tier contains web servers such as Apache, and IPlanet (Netscape) etc. In middle tier various applications written in Java and JSP are served by application servers such as JRUN, Tomcat, Resin, Weblogic. At the back end, data are stored and serviced in database servers, e.g., Oracle, Sybase, Informix, and SQL server. Like programming languages, if one knows in depth one combination of servers, it is relatively easy to learn other combinations since one knows what to expect in each kind of servers and the communication between them. Dedicated database administrators (DBA) manage database servers. To support DBAs, system administrators need basic training on the concepts of database and the appropriate database management systems. System administrators are responsible for executing disaster recovery procedures, functions that should be well tested and established in IT departments. Parts of the procedure involve enterprise-wide data backup and restoration system and media off-site storage policy in case of site disaster. Some data backup software suite, such as Veritas NetBackup, comes with a Intelligent Disaster Recovery (IDR) utilities for MS Windows. A good system administrator should also be familiar with security protocols, and monitoring tools as indicated later in this article. On-call duties are usually required for system and network administrators. Businesses all have strict tolerance on system or network down time. I used to work for a mutual fund company that demands zero downtime after 3pm, because it has to calculate and report funds price for next day’s newspapers. Fortunately, well-designed and well-administrated systems and networks minimize down-time. Still, candidates should be mentally prepared for on-call requirement. 5. NETWORK ADMINISTRATORS Both system administrators and network administrators have roles in maintaining the operation of computer networks. Since network operation involves many dedicated network devices such as Cisco routers, firewall, VPN servers and switches, network administrators are specially trained for these devices. Some companies have dedicated Network Operation Center (NOC). It is difficult to be creative without a deep understanding how a network works. A device-specific training and certification cannot replace a solid and thorough education. Typically, network administrators oversee the operation of corporate firewalls, VPN servers, routers and corporate top-level DNS servers. They maintain the security of the network, for that purpose they have all sort of tools to monitor and filter different traffic such as unsolicited E-mail and web traffic. Since DHCP and local DNS servers can be local to various departments, System Administrators may also maintain these servers. Microsoft Active Directory Servers (AD) and UNIX Information Servers (NIS) are normally within the corporate environment, they can also be maintained by system administrators. It is important and sometimes essential for the whole enterprise to have a synchronized time! For example, the backend database collects input from all kind of sources, internal and external. There is no data integrity without valid time stamps. One of the tasks of Network people is to maintain accurate time servers, with Network Time Protocol (NTP), for example. Among all network services including firewall, VPN, DNS, DHCP, NIS, I found the various routing protocols are the most difficult to comprehend and have the most impact if abused. Once one person was playing with a routing program on his computer and interrupted the corporate network for half an hour. From there on I always make a point to distinguish between active services, such as Routing Information Protocol (RIP) and Dynamic Host Control Protocol (DHCP), and passive services, e.g., Domain Name Servers (DNS). One cannot turn on an active service on a live network. When recruiting I look for people with creative minds. He or she may not have done the exact thing in the past but has enough fundamental knowledge to know certain thing is doable or not or how to get round a certain setback. For example, by design many services, such as DNS and NIS, have secondary or slave servers but DHCP services. However, one can build two DHCP servers with the same reserved IP addresses but different pools of dynamic IP addresses. 6. SECURITY OFFICERS There is a new emerging role beyond system or network administration for a security professional. To me there are active security and passive security. We actively design our systems and networks to be secure, from educating users to secure their passwords, to authenticating and authorizing accesses securely, to communicating with secured protocols, to tight down unnecessary services and ports, to employing firewall to block the outsiders and to guard the insiders. However, there is a passive aspect of security. Intruders and hackers employ every loophole in network and systems. For PC viruses, after they are identified, anti-virus software such as Norton Antivirus can be configured to periodically scan for know viruses. Most the time we passively wait for patches that mend the loopholes. System and network administrators make sure they configure systems and networks to the security levels they are designed for and maintain them secured. Helpdesk technicians keep anti-virus program up to date the virus definition. Designated people need to monitor all security issues from security bulletins, many of which are listed in the “WEB Sites Referenced” section of (O’Neil , T.D.). With the onset of Information Technology, your personal data has never been more vulnerable to electronic prying eyes than it is today (O’Neil , T.D.) . In addition to the security actions that where suggested in (O’Neil , T.D.), I would make an effort to encrypt your wireless communication. Typically a wireless router is inside or is part of your firewall. Intruders, once having compromised your wireless device, are actually within your local network where security is usually more relaxed. Like it or not, “Two-thirds of major American firms now do some type of in-house electronic surveillance” (O’Neil , T. D.). This is done in the name of security and protection of the firm’s sensitive and classified information from leaking out. There is another not-so-obvious motivation: to protect the firm from lawsuits, ultimately for the benefit of the firm’s employees. One company that I worked for was planning to put in some kind of surveillance system to monitor incoming and out-going mail. The plan was not very popular and received a lot of resistance at that time. The pro-argument is as follows: E-mail spammer can pretend junk mail coming from our firm, which might bring lawsuits against us. Such lawsuits increase our liability and decrease our asset values. Surveillance system can help to prove our innocence. On other hands, if spam indeed comes from employees, we want to catch it before others do. “It takes a thief to catch a thief!” It means IT professionals need to learn the techniques intruders and hackers use to secure our site. 7. SYSTEM AND APPLICATION INTEGRATORS Rariden (2002) listed two drivers for the needs of system integration: (1) some legacy application may become indispensable to the business operation, and (2) it is not always possible for an organization to purchase a suite of applications that will support its entire scope of operations without modification. There is still a third driver for the need of system integration: partners. It is almost certain that your partner’s software would not integrate automatically with your application suite. Rariden (2002) lists knowledge needed for system integration and current standards for interoperability. The knowledge and standards greatly facilitate the design and implementation the entire business projects at its design phase. There are “unexpected” system and application integration situations. The energy services company I am working for exchanges billing and utilization information daily with the local utility company. The utility company makes data available daily on its website and we designed a script that navigates the website automatically to download data for our processing. When the utility company changed its website structure, someone has to write new script to integrate their website with our applications. On-the-fly integration jobs, such as this one, although mostly small, often do not fit in any standard model. Someone needs to come up with widgets that fasten all components to make the business project work. System and application integration requires broad knowledge and understanding of all components involved to come up with a solution, ad hoc it may be. [0]What do you look for in a good systems integrator? I look for people who can utilize scripting languages, have a good grasp of how to link or hook components together. I look for people who have developed code that acts as a function and passes parameters. These are the mechanisms to integrate code. Then you need someone with some ability to understand and see the potential points of integration – you have to consider how the code can be cohesive and yet independent. 8. OTHERS Database-related jobs seem to be a category of its own. The database administrators (DBA) need to cooperate with system administrators. For example, to optimize the performance of a database, busy tables should be located on different spindles (disk drives). DBA knows tables and SA knows the storage space arrangement. DBA needs to know enough about systems on which the database is run. Companies expect their business to grow. Capacity planner or capacity analyst collects current system performance data and predict future need for computing hardware according to business grow trend and forecast. Tools are available for such purpose. Years ago I worked on BGS’ Best1. It creates a queue with certain service speed to simulate each and every resource in a computer. It then gives recommendations according how busy these queues would be if more business transactions are conducted. People do not need queuing theory or statistics to understand the recommendation from the package, but it certainly helps to understand the insight. Webmasters could be System Administrators who mange web servers. Web designers need to have artistic talents. The web contents are filled by developers. For technical track, probably the climax is architect of some sort. An application architect is responsible for the overall planning of business project: its scope, data flow, interfaces, computation logic, etc. An infrastructure architect designs network and system infrastructure that supports the business project. Considerations include system and network load and capability, security, overall reliability and availability, load-balancing, disaster recovery etc. A solution architect does both of the above. A data architect does data modeling for databases and data warehouses. There are also managerial roles one can advance to: group lead, project lead or manager, IT manager or ITS director and chief information officer (CIO). As one climbs the corporate ladder, communication, interpersonal, organizing skills become more and more important. But one still need to catch up with the state-of-the-art of IT technologies. 9. CURRICULUM REFORM As I discussed earlier, data structure, algorithms and performances are essential to programmers as well as other IT professionals. A one-semester course on programming (IS 2002.5, Gorgone 2001) is definitely not enough to cover necessary knowledge and skills needed to be good programmers. I would suggest an elective course on advanced programming. IT curriculum is aimed at preparing students for real world. However, real world job requires experience, which is something most of new graduates do not have. Some schools send students to companies for internship. Should curriculum or accreditation require schools to have internship programs? 10. CONCLUSION IT is a fast growing field and dedicated roles are evolving daily. No matter what role one takes, fundament knowledge of computers and networks are indispensable. It is also worth emphasizing that social skills such as communications, organization, interpersonal skills are as important, for IT needs spirits and practices of cooperation and team works are essential for success. 11. ACKNOWLEDGEMENT The author likes to express sincere gratitude to James E. Hoffman, President of Alliant Energy Resources, Inc., for permitting me quoting his comment, to Debora Jackson, President and CEO of The Renewal Group, for her suggestions and comments, to Emil Boasson, Assistant Professor of business administration, Ithaca College, for introducing me to ITECONF, and finally to my wife Feng Wang for her constant encouragement and inspiration. 12. REFERENCES Gorgone, John T., Gordon B. Davis, Joseph S. Valacinch, Heikki Topi, David L. Feinstein, and Herbert E. Longenecker, Jr, (2001), “IS 2002 Model Curriculum and Guidelines for Undergraduate Degree Programs in Information Systems.” http://www.acm.org/education/curricula.html#IS2002 Knuth, Donald E., “The Art of Computer Programming, Volume 1: Fundamental Algorithms” (3rd Edition). Okie, E.G., K.T. Stevens, J.D. Chase, and J. Lewis, (2002), “Supporting CC2001’s Endorsement of a Three-Course Introductory Sequence,” ISECON 2002. O’Neil, T.D., (2002), “Cyber security: Awareness, Prevention, Action,” ISECON 2002. Rariden, R., (2002), “The Missing Link: Systems Integration in the Curriculum,” ISECON 2002. 1 kang.sun@aya.yale.edu 2 Information Technology (IT) and Information Systems (IS) refer to the same academic discipline (Gorgone, 2001).