Most people are familiar with the saying fake it until you make it. We might even be able to name people who have made it the cornerstone of their career. They get promoted into a new role, and then they act like they know what they’re doing until they actually figure it out.
What’s the worst that can happen, right?
In a lot of roles, not much. Many professions even have a built-in 90 day to six-month grace period, in which new hires are expected to make at least a few mistakes. But, there are other roles where mistakes can be a little more costly, e.g., IT security and compliance.
10,000 Hours Are Never Enough in IT
Malcolm Gladwell popularized the ‘10,000-hour rule’ in his book Outliers. This rule claims that the way to become a world-class expert in any skill is to spend 10,000 hours practicing it. Since the original study, this rule has been applied to skills from politics to painting. But, does it apply to IT?
No doubt, after spending 10,000 hours on an IT skill, such as database management or web development, an IT professional is going to be fairly skilled. Most of you have probably already done the math, but for those who haven’t, 10,000 hours equals twenty hours a week for about ten years. Assuming those 10,000 hours weren’t just the same hour repeated 10,000 times (meaning they actually developed their skill set over those 10 years) they’re now a bona fide expert.
Or are they?
The first problem with developing IT expertise is that most in-house IT professionals wear many hats. They may start out as a DBA, but then they get called in to do a little of this and a little of that. Now, the 10,000-hour timeline takes 20 years. If you count the college years, that means the average IT professional isn’t going to develop true expertise in any one area until their late 30s.
But even then, it’s hard to become an expert at anything when the rules of the game keep changing. Moore’s Law may be dead (or not, depending on who you ask), but with the computing power we have now, we’re already seeing incredible advancements in areas like AI, Big Data Analytics, and Telecommunications. Just wait until 5G becomes widely available! If your focus is on digital transformation, your IT staff is going to be facing a steep learning curve for the foreseeable future.
Callout: While it’s hard to be an expert in any area of IT, we’re living in a time when they are badly needed.
Is There an IT Expert in the House?
We’re living in a time when IT experts are badly needed, especially in core areas such as IT security and compliance. The web is filled with malicious bots that do nothing all day but sniff out weaknesses in your systems so they can create new malware programs designed to bring your business to its knees. It takes a team of full-time experts to just keep up with the current threats.
One mistake in IT security can be incredibly costly. According to Ponemon’s 2018 Cost of a Data Breach Study, the average cost of a data breach had risen 6.4% since 2017 for a total average cost of $3.86 million per incident. As you might expect, these costs were highest in the healthcare and financial services sector, two of the industries with the most valuable data.
In addition, in an effort to protect us all, regulators are hard at work dreaming up new regulations (GDPR and all its offshoots) as well as issuing new guidance on old regulations. Not only do these regulations vary by country, but they can also vary from state to state within the US.
Like security, compliance is a full-time job, and mistakes can be costly. A single GDPR violation can cost you as much as $22 million (USD) or 4% of your annual revenue, whichever is higher. HIPAA/HITECH fines are capped at $1.5 million, but investigations typically lead to more than one type of violation. The $16 million Anthem settlement in late 2018 was the largest to date. PCI DSS non-compliance fines can range from $5,000 to $100,000 a month, depending on the size of the business and the severity of the violation.
Business leaders need to be honest with themselves about their in-house IT capabilities. Specifically, are you giving your staff the time they need to develop true expertise in critical areas? And, do you have the in-house bandwidth to cover these areas adequately? Not examining these two questions critically can lead to significant and costly blind spots in your business strategy.