This Isn't The Job I Was Hired For!

Dear Liz,

I'm in a pretty bad situation at work. I took the job ten months ago and was excited about it. I've been a PC and network tech moving up the ladder for ten years, but I got certified in 2014 for IT Security.

The course was very in-depth and comprehensive and actually kicked my behind since I was working full-time when I went through the program, plus I have a toddler. I was excited to get an IT Security job pretty quickly when I got my certification.

This job was advertised as IT Security Specialist. I jumped at it. When I accepted the offer, they said "We've broadened the role beyond IT Security to include network planning."

That made me a little nervous but it didn't really faze me. Ten months later I have yet to spend ten minutes on IT security issues. The first excuse my boss gave me for keeping me doing standard PC and network support was "you have to learn the ropes."

After that it was "We're in a crunch." I've presented my boss with three different IT security planning processes since I got here. He looks at them and flips through the charts and graphs and says we'll get back to them when we've taken care of some current crises. Then there's another crisis right behind.

Right now I'm a well-paid IT tech. The users like me and I like them and that part is fine. But I didn't get certified to go back to the same kind of job I had before. IT Security changes all the time and I have to do the work in order to stay current in the field. I'm extremely frustrated and angry at the way this has turned out.

What do you recommend I do?

Thanks,

Brian

Dear Brian,

Congratulations on your certification! I'm sorry to hear about the frustrating gap between the job you were hired to do and the one you're actually doing, but you can overcome this challenge, I am confident!

To begin, create your golden IT security plan for the company based on what you know about its needs and vulnerabilities. Go crazy -- create an IT security plan that you'd be happy to show to anyone as a demonstration of your abilities. Next, conduct this planning exercise.

Planning Exercise

The company now has an IT Security Plan. They don't know about it, but it exists. It's on your hard drive, waiting to see the light of day.

What are the steps that will have to be taken in order for your plan to be put into practice? List the steps, and don't include "Hell must freeze over."

Your manager must come on board. His or her managers, ditto. Somebody has to build a timeline. Somebody has to get some money to spend on IT security beyond your salary, presumably.

List all the action steps that have to be checked off to implement your plan.

What's the first step that has to happen? You have to sell your boss on the IT Security role he hired you for!

I know what you're thinking. "I shouldn't have to sell my boss."

Often when our plan go awry, we think "I shouldn't have to do that - it's my boss's fault this happened, not mine."

Fault has nothing to do with it. I don't think your boss is an idiot but if he is, he's your idiot. You interviewed with him and signed up to work for him. You are in a better position to push your IT Security agenda with a job than you would be without one!

So, let's get busy and make this job work the way you want it to.

Your boss got approval to hire an IT Security guy and you got the job. That's the great part of the story! Your boss got waylaid with other pesky IT problems and lost track of the security piece. You're going to bring him back around. You're going to impersonate Babe the sheep-herding pig for a little while.

What made the company decide they needed an IT Security in the first place? Risk. There's a huge risk in letting your IT Security guard down, as Sony and others know too well. Remind your boss of the risk.

Don't lay down and play dead now, Brian! Come at this problem from a higher altitude than "This job sucks and it's not what I was hired for." Put on your consulting hat, and remind your leaders where your company's IT Security holes are and how you can fix them.

You made a plan already -- three of them, in fact. My guess is that you revised your original plan twice because your manager told you to. You're the company's expert on IT Security, Brian -- your boss has a different job.

Take the best parts of each plan you developed so far, and meld them into a strategy you believe in. Your problem is not related to the development of your IT Security program -- it's a sales problem. You are running into the common sales objection "I don't like the plan - do it over!" and you're letting your customer make the rules.

A consultant would say "We've been in conversation for ten months and I'm very concerned about several security holes that could hurt us in a big way."

The client -- your boss -- will say "What are they?"

You'll say "Great question. Let's walk through my IT Security plan together. How is tomorrow? We can look at each of the points of vulnerability and I can get your take on how to address them."

There are other things you can do to grow your IT Security thought leadership flame, apart from your one-on-one sales efforts with your boss.

Create a simple PowerPoint presentation on personal IT security and give it to your HR folks to share with new employees.

Create a lunchtime talk for all interested employees and present it as a brown-bag lunch program. Our bosses don't always pave the way for us to do the things we want to do, even when we were hired to do them!

We have to stir the pot. We have to keep the heat on, not from a low-altitude "Why can't I do my actual job?" perspective but from a higher altitude: "This is what the company needs and I what I do well, so naturally I'm going to push this agenda."

You will grow muscles wending your way back to the job you were hired for from the temp-to-perm PC and network tech job you have fallen into. If you get tired of selling your boss, you will leave and find a new job, but look what you'll have that you didn't have when you took the job:

Resume Fodder!

You'll be able to say "I created the company's first IT Security plan."

You'll be able to say "I also built a mini-training sessions for all the company's new employees, on best practices for IT Security."

You'll be able to say "I presented a lunchtime workshop to raise awareness about IT security."

Everybody runs into a roadblock situation at some point. You can get a new job, but why not stick around at this one and learn how to sell your boss? That is a valuable life and career skill. The number one rule of selling is "When our customers don't buy from us, they made the right decision."

We would never learn how to sell if it were easy! How are you going to job-hunt for a new IT Security Job without having done a lick of IT Security? Stick around and grab the learning and the resume fodder this job provides. It's right there for the taking!

Is your boss a snake in the grass who lied to you about his true intentions, or just another overwhelmed manager who values today's crisis over long-term crisis avoidance? I vote for the latter view.

Six months from now you'll be advising your executives on their IT Security roadmap, mark my words. Your first step -- even before diving back into the sales effort to get your boss on board with your strategy -- is to rise to the proper altitude yourself and look down on the landscape.

There is one clear path forward toward your goal, Brian. Do you see it?

All the best,

Liz

It isn't just IT Security people who can run into Brian's situation. Anyone can! Companies run job ads and then sometimes the job morphs and shifts in ways that don't suit your goals. Can you rise to the occasion and consult with your manager to show him or her why your original job description is still an essential priority for your employer?

I hope so, because we are all consultants in the new-millennium workplace! We all have to sell all kinds of things -- ourselves, our ideas and the plans we design. We are all learning to overcome common sales objections like "Our priorities have shifted -- deal with it!" and "We need you too much over in this department."

Questions and Answers

Is the company legally bound to let Brian do the job he was hired to do?

Not in the slightest. That goes for every working person. If your boss says "Now I want you to clean the bathrooms," you can do that or leave your job. Now you see why I advise people never to get too comfortable in one job. That's not paranoid -- it's an appropriate level of awareness of the changing ecosystem we're operating in!

Who draws the images for Liz Ryan's stories?

Liz Ryan draws them with colored pencils and markers.