The Limitations of CYA
Wednesday, June 07, 2017
Making the rounds on the internet is a story
about a junior software developer who, on his first day on the
job, got fired after he accidentally destroyed his company's
production database. Commenters at Reddit (above) Hacker News
correctly flayed the executive who fired this sadder-but-wiser
employee. A comment at the latter does a good job of summarizing why
firing this employee was a bad idea:
Sorry, but if a junior dev can blow away your prod database by running a script on his _local_ dev environment while following your documentation, you have no one to blame but yourself. Why is your prod database even reachable from his local env? What does the rest of your security look like? Swiss cheese I bet.Indeed, as business writer Suzanne Lucas notes, it is the CTO who should have been fired for this incident. As it stands, he has harmed a former employee and his employer. And with the attitude towards learning and responsibility his actions demonstrate, if the CTO remains employed, he will continue to be a major, hidden liability of unknown size for his company.
The CTO further demonstrates his ineptitude by firing the junior dev. Apparently he never heard the famous IBM story, and will surely live to repeat his mistakes:
After an employee made a mistake that cost the company $10 million, he walked into the office of Tom Watson, the C.E.O., expecting to get fired. "Fire you?" Mr. Watson asked. "I just spent $10 million educating you." [italics in original]
-- CAV
2 comments:
I think another aspect of this is epistemological. The CTO in this story expected the new hire to know things that the new hire had no way of knowing, and punished the new hire for not knowing those things he couldn't know. Even ignoring the fact that this company was operating in a non-standard fashion, a single day is insufficient time to learn how a company operates, what its protocols are, and what the critical systems are.
To punish someone for not knowing what they can't know is, in fact, to demand omniscience--or at least precognition, both of which are impossible.
Dinwar,
That's possible, although I lean on the side of throwing someone else under the bus or more general incompetence.
Something like that is possible: I've dealt with people who seemed to expect others to know things they shouldn't necessarily be expected to know.
Gus
Post a Comment