SolarWinds Tech Predictions for 2022: Data Governance and Risk Aversion - SolarWinds TechPod 059

Stream on:
Join our Head Geeks in Part 2 of our 2022 Tech Predictions TechPod series where they share their thoughts on the rise of Chief Data Officers and data governance principles, risk aversion, and the need for tech pros to fine-tune nontechnical skill sets for career advancement.  Related Links:
Thomas LaRock

Host

Thomas LaRock is a Head Geek™ at SolarWinds and a Microsoft® Certified Master, Microsoft Data Platform MVP, VMware® vExpert, and former Microsoft Certified Trainer. He has over… Read More
Chrystal Taylor

Guest | Head Geek

Chrystal Taylor is a dedicated technologist with nearly a decade of experience and has built her career by leveraging curiosity to solve problems, no matter… Read More
Kevin Kline

Guest | Head Geek

Kevin Kline is a Head Geek, noted database expert, and software industry veteran. As a 13-time Microsoft Data Platform MVP and with 35 years' experience… Read More

Episode Transcript

Announcer: This episode of TechPod is brought to you by SolarWinds THWACKcamp—our free, annual, digital IT learning event. Join us March 2 and 3 for the 10th annual SolarWinds virtual IT learning event. Register free at THWACKcamp.com.

Thomas: Welcome to SolarWinds TechPod. I’m your host Thomas LaRock SolarWinds Head Geek. Each December our Head Geek team will compile a list of tech predictions for the upcoming year, these predictions have as expected a varying level of accuracy. Today is our second part of the SolarWinds tech predictions for 2022, we will talk data governance, risk aversion, and reducing the skills gap. And here to join me today on this episode of TechPod are SolarWinds Head Geeks Chrystal Taylor and Kevin Kline.

Chrystal: Hello.

Kevin: Always a pleasure, Tom.

Thomas: So let’s just jump right in and talk to the data governance piece. So Kevin, I believe this was your tech prediction regarding “implementation of chief data officers will be on the rise in 2022,” tell me a little bit more about why you believe that to be true.

Kevin: Well, you know there’s a lot of things kind of up in the air that you might notice. So for example, if we were to take a look at just the broader tools market that you and I traditionally as DBAs pay a lot of attention to there’s a whole lot more data governance companies out there. And companies don’t exist because they just like what they are and they want to spend all their money hiring people, they want to sell a product to people who have a need. And so that’s kind of a bellwether when you start to see a lot of new and interesting vendors to answer a particular question or a particular pain point in the world of IT. So that was the first thing that got me noticing that something is up with data governance.

Kevin: And so I started to read and look at a lot of what the analysts are saying from the different major analytics companies like Gartner or Forrester or IDC and so one of the things that we’re seeing is that for the last couple of decades we’ve had so much change in the world of data. There was a time when if you said big data that meant hundreds of gigabytes and now if you say I have a 100-gigabyte database isn’t that big, people will kind of chuckle about, oh yes, of course you think that’s big you poor peasant. But where I’m going at there is that in the ’90s, in the 2000s, it was all about database administration, concurrently in the 2000s and into the teens we started to pay a lot of attention to data visualization, a lot of companies popped up to answer those kinds of needs.

Kevin: And there’s some overlap in these time periods but then in the last five or 10 years we started to look at a lot of analytics applications and a lot of data science applications and then now we’re starting to see all of these data governance applications in the wider market. And so what has basically happened over the experience of decades is that in the ’90s and 2000s people were figuring out how to properly administrate, collect, gather their data, but in the 2010s and into the 2020s what we’re seeing is people are learning how to very effectively apply their data through analytics, visualizations, through data science. And the natural next phase of this is holy smokes, we got to keep a lid on this, we have to make sure that only the right people get the right data, there’s so many breaches happening all the time.

Kevin: We have to make sure that we have an information life cycle management policy, how long before a particular data set becomes unusable or differently usable? And so we have to move that into a different phase of its life, maybe an official time period at which it becomes archival data and you can’t write anything to that archival data, you can only read from it. So, what I believe we’re seeing here is just a broader maturity in what IT teams and in particular data teams do. So, long ago when my career was early we struggled just with storing a lot of data, now we’re struggling with how to make the most of that data and also how to properly control it so that we stay within the bounds of the law and different kinds of regional jurisdictions.

Chrystal: Yeah. You mentioned the laws and I think that GDPR especially, but I know there’s a few others that have really prompted higher standards for data integrity and maintaining that. And these chief data officers one of their primary responsibilities is maintaining data integrity and I think that is hugely important. And people are really seeing that as a prompter for making sure especially since we moved to work from home, a lot of people are working from anywhere and all of that, this big remote workplace culture, and I’ve worked from home for more than 10 years now. But with it being more widely accepted and broadly generalized where people can work from home and IT especially you get a lot of fears around integrity.

Chrystal: People are accessing their data from a bunch of new places, especially in the early days of the pandemic where they were just opening up access to get people to work versus really taking the time to make sure that all the responsible measures were taken to where the data was protected and to where access was protected. And I think that also is going to contribute to the rise of the CDOs because they are going to be needed to maintain that integrity and to make everyone kind of reevaluate those standards. And I think right now and in the past maybe two or three months, we’ve really hit a level where they’re reevaluating the measures that were taken at the beginning of the pandemic as sort of a bandaid and going, okay, this isn’t going away so now let’s reevaluate where we’re at, what process and procedures need to be in place? What are the tools we’re using? Are those acceptable? Are those doing the things we need them to do? And are we adhering to all of the regulations that we need to be adhering to?

Kevin: Absolutely, couldn’t agree more. And, in fact, the whole situation that I’m pointing to in my prediction is not that the Fortune 50 companies will do this because they’ve already done that. What I’m thinking of is, in the early 2000s, for example, I went to a regional event for IT leaders here in the Nashville area and I wound up sitting next to the CIO for a big regional plumbing company. And at the time I was thinking, they were in the tens of millions of revenue, and I was thinking, wow, I didn’t expect say a plumbing company to have a CIO.

Kevin: But what I’m now seeing is in the same sort of way where CIOs started to appear on the scene for the small and medium sized businesses, perhaps the kind you would see on the Russell 2000 Index where they make tens of millions of dollars a year but you don’t think of those as having big IT departments. But what we’re seeing slowly over time is that the smart money starts to pattern their behaviors after what the big companies are doing. And so, again, if you’re a small medical company, you have 300 employees, you’re a manufacturer or what have you, you now have enough data that this is something that a person on your staff needs full-time attention and has the ability to make decisions and budgets around that.

Thomas: So Kevin, I wanted to ask a follow up question about something you had mentioned at first that you shared with us your vast experience, which is my way of saying you’re old, and what I noticed is how you said we started with the administration of data then we went into, you said visualization, then analytics, I think visualization and analytics kind of went hand in hand to be honest. But at any rate, it went from administration into this analytics visualization stage and now we’re at say a data governance stage. I was wondering if that’s a pattern, outside of say just the data industry, so to speak, is that a pattern that you’ve seen also through your vast experience and career where it’s about administration first then getting some value from it and then a stronger governance over what you’re doing? And the second part of my question, is it backwards? Shouldn’t strong governance come first and those guidelines be put in place before you talk about the administration and then the analytics.

Kevin: That’s a great point, very, very good point Tom. And so, yes, broadly I’ve seen that kind of pattern repeated over and over again. And for example, let’s take a recent example, there was a time when you could go and you were cutting edge if you went and bought a drone, right? Everybody started to buy drones, I bought a drone. All I did was look at the other houses in my neighborhood, I was like, oh, there’s a pond behind my neighbor’s house, who knew? So, now I’m starting to accumulate data. Then what do I do with this data? It’s fun, it has some use, but not for me as a hobbyist. But then some people start to take their drones and monetize those so you begin to see ads in our little community newspapers about, hey, I’ll do a flyover for those of you who are realtors and I’ll do a fly through of your house, so I’ll start to apply this cool new technology and we’ll start to see some neat things happen.

Kevin: And then what’s happened in the last couple of years is you have to get a license from the FAA to fly a drone. There are local rules that varies from state to state and even metropolitan area to other metropolitan areas and again, in Nashville you can’t fly a drone near any of our fireworks displays at the 4th of July or New Year’s Eve, January 1st. So that is the pattern that we see with a number of technologies as they come to market. First, there’s growth, it begins to become popularized, then people begin to say, okay, now let’s apply what we have learned. And then finally, government and the social scene catches up with it and says, we shouldn’t just let this go willy-nilly so let’s put this in boundaries. So, I’ve seen that over and over again and you can probably think of several examples yourself about that. And then there was the second part of your question which has escaped me.

Thomas: Well, the second part of my question was, and actually I want to get Chrystal’s thoughts on this, and see, if Chrystal has an example of something you described Kevin, there’s growth, there’s popularity, and then there’s the say regulation of something. But I’ll ask Chrystal the second part to be, is that backwards? Do you think maybe we should be thinking about the data governance part first or maybe that’s impossible until you know what animal you really have?

Chrystal: Yeah. So, I actually was going to make the same kind of comparison that Kevin made but with a different example of how it is kind of backwards. But it’s because people don’t genuinely think about those things until they’re popular and then you start to see what people are doing with those technologies, right? They use them in unintended ways, right? You created a specific thing for a specific purpose and a lot of times you don’t think about other uses for those things, or if you do it’s one offs and no one is going to want to do that or you don’t think it is enough to mandate different regulations or different protocols in place. And this happens with lots of things and not just technology, not just toys or whatever, I mean, it’s tons of things, right? It gets popular at first. I mean, just look at anything on the internet, look at TikTok, I have issues with TikTok because minors can be on TikTok at any time and it’s very dangerous. The internet is a dangerous place, I don’t think a parent would disagree about that, the internet is a dangerous place.

Chrystal: And unfortunately I don’t think that there’s enough regulation around it, there’s not enough governance being done on the internet. It’s too easy to not only develop those places that are not good for minors or whatever and there’s no real anything behind it. I was recently watching a video about Roblox and how Roblox is completely unregulated, right? Roblox is the most popular game in the world for minors right now, there’s over 40 million users and most of them are underage and there’s not a lot of governance there. There’s not a lot of situations, right? They kind of just said, it’s not in our terms of service or you have to agree when there’s a box that comes up that says you should be 18 or over for this and there’s no requirement to take it back to a parent account to say, yes they can do this or not, they just click the box that says yes and they move on. Yeah. And see, so that’ll be my example of something that is not governance first.

Chrystal: And in an ideal world we would think of governance first and in some cases they do but it’s not enough. There’s a lot of questions, right? You don’t really know how people are going to use it, you don’t know how people are going to abuse it, there’s a lot of idealists out there. People who are excited about the technology that they create they’re idealists generally, they’re not cynics, they don’t think about the bad that people can do with this technology. And unfortunately they either don’t have the people in the room to tell them, oh, have you thought about this? Have you thought about that? Have you thought about this being a thing? And either they write that stuff off because, why would anyone do that? Or they just don’t take it seriously because in their vision for this product or technology or anything is an idealized version, right? It’s what they think that it should be, what it could be.

Chrystal: And we do that with a lot of things in life but unfortunately there are bad actors out there on all fronts and they will do things that you don’t expect. And even just Florida Man or whoever that does something crazy and silly with the thing, right? That you would never have thought to do but turns out can be dangerous so you just don’t know. And yeah, I wish governance was first but I think even if it was first you’d have to continually revisit it. It’s not something that you can do once and then be done because the human mind is a creative place, right? Someone out there is going to think of something that you didn’t already think of and it’s just going to continually have to be revisited. You’re going to continually have to update those processes and those things that you’re doing to say, this is acceptable, this is not acceptable, or this is okay, and it should be, it should be continually revisited.

Thomas: So I do believe that is the first reference to Florida Man on an episode of TechPod and I want that noted and I want to thank you for it. I believe the three of us are in agreement then about this prediction that there’ll be a rise in the implementation of chief data officers due to this emphasis on data and analytics governance. Because there’s a bit of a segue here when talking about data governance I want to talk a little bit about risk aversion, specifically this would be one of my predictions which is revolving around the securing of the enterprise by normalizing risk aversion, right? I believe we can all agree that there’s a rise in cyber crime, ransomware, data breaches, it’s only getting worse, it’s not getting better. And we had this little thing called the IT Trends Report that we do every year, a survey of customers about how organizations are seeing specific IT trends and I think we had a bit of a security focus last year.

Thomas: So, what I’m seeing when I review these trends reports is I’m seeing that there’s kind of a tendency for people to understand that security is I say it’s a shared responsibility, which may not be the best way of phrasing it. Because it’s not about pointing fingers at somebody else saying that they didn’t do what they were supposed to do, it’s more about understanding that each of us has our own responsibility to do better security for risk aversion like, I shouldn’t click on this link. As much as I want to clicky clicky right there in front of me, I’m the one in a million, I just won a lottery I never entered, I understand I shouldn’t click on it, it’s not worth my time to even be amused by what website or conversation it is. So I think this normalization by just making people aware of the role that each of us play I think will help secure the enterprise a little bit more in 2022. And I’m going to throw it to Chrystal first here to talk a little bit about the prediction and her opinion or response.

Chrystal: Cool. So one of the most surprising things that I found in the IT Trends Report was the high number of people that were accepting that there was medium risk, you’re okay with it being medium risk. You know that there’s a risk there, you think that you have the tools in place for it, but it hasn’t been tested yet. And I think that we should stop accepting medium risk and I know in your prediction you also said the same thing, a medium risk should not be an acceptable level for us. I also think that you’re right that it is in a way everyone’s responsibility, right? Even in small businesses they do phishing tests, right? They have it set up to do a phishing test so that everyone from sales to administration, to IT, to everyone in between, has to go through these exercises. But even at a company where they don’t always pass or whatever, you get another email that just says, hey, you passed, you didn’t pass, this is why people look out for, and it’s once a year, maybe twice a year if you’re in a more conscientious company.

Chrystal: But there’s not really a whole lot beyond that, there’s not really layman’s security training, right? There’s not, there’s not an awareness there that there should be because people think that they’re not important. I have this conversation with my mom a lot which is that, she says that her identity is never at risk because she’s not rich or she’s not important, there’s no reason anyone would want anything. But the problem is that data is of monetary value, any data to someone somewhere, so whether or not you think you’re important or your data is important, you should still be protecting yourself and your data. And that goes for employees at companies and just literally anyone, just anyone, just recognize that your data is of value to someone somewhere. I mean, if it wasn’t we wouldn’t have all these people doing spam calling or they buy lists of phone numbers and emails and whatever and they send you all this stuff, right?

Chrystal: I mean, it’s bad enough when we get advertisements from literally everywhere but when it gets into a bad actor’s hands that can turn into something much worse and people just don’t realize it because they don’t think that they’re important. And I like the idea of, and I hope that this is true, I like the idea of people gaining more awareness, right? To do some more risk aversion which would be just more conscientiousness and more awareness around what is possible and don’t be trusting everything that you get. And people have been saying this for years, right? Don’t trust every link in your email and there’s nothing like chain emails and things like that. And I feel like there is more awareness than there used to be surely but with all the high profile breaches and it’s getting in all the news and all that, people are becoming a little bit more aware, it’s like, oh, well that was just an alcohol delivery service or that was just my banking app or that was just a game I was playing.

Chrystal: So now in their minds it’s no longer just big tech companies who are at risk, people are starting to realize that everything is at risk everywhere. And I think that that means that we’re starting to have a bit more awareness and hopefully more aversion to risk. And don’t accept medium risk, it’s not acceptable, try to do something about it. I mean, there’s never going to be a no risk environment and anyone who tries to tell you that is selling you something, there’s no such thing as a no risk environment but be aware and take precautions where you can. If you’re sitting down and not twiddling your thumbs and saying, well, we’ve got risk but oh well, maybe you should rethink that.

 

Thomas: The IT Trends Report reveals that people have found a medium level of risk to be acceptable, do you feel that’s somewhat new? Is it a good thing that people actually are aware that there is a risk as opposed to 10 or 20 years ago when they probably just didn’t even consider any risk whatsoever? So is just accepting medium risk actually a good thing and is there something you feel might be better? Maybe it should just be unacceptable.

Kevin: I think we have a continuation of old habits. For a long time now I’ve been doing a presentation on top 10 mistakes that DBAs make and one of the ones on the list is apathy about security. And I think that continues unto today where, as Chrystal was saying, we have a situation where people know that security is important but the reason they’re willing to put up with medium security risks is because they believe that someone somewhere in their organization is responsible for security and I know it ain’t me, so therefore I’m okay with it because, hey, it’s the active directory and identity management team. Now they are like, okay, we provision new users but we don’t set up firewalls so that must be the networking team, and the networking team is thinking, oh, well, who’s really responsible for this is the developers because they write a front-end app that has a sign in process, and the developer is like, no, we’re not responsible for security because the DBAs create users and give them permissions and blah, blah, blah.

Kevin: And so at the end of the day everybody is like, oh yeah, security is important and I know that we don’t close every possible hole in our security but somebody is taking care of it that’s why I’m willing to be okay with medium. What you see the really smart money doing these days is to say, not only is that wrong, we need to have zero trust in every situation. So if you haven’t heard that term yet you’re going to be hearing it a lot as we move forward. Think of every system that you build for your organization as having zero trust, when you sign in you get a code sent to your cell phone for multi-part authentication and then you sign in and it’s like, okay, now I’ll trust you.

Kevin: So again, it’s one of these situations where people are thinking, oh, it’s like the real world where I can assume that here I am in the parking lot I don’t have to worry too much, I should lock my doors but if I don’t chances are things will be fine, that’s kind of a medium risk. And so they’re accepting that but not thinking about the fact that for an organization accepting medium risk could mean multimillion or billion dollar shutdowns, breaches, it could mean ransomware where nothing in your organization works until you either pay the ransom or figure out some way to remediate. So, it’s the kind of situation where we’re wrongly extrapolating from experience and we think it’s minor but in fact it’s huge.

Chrystal: I’d say that too that that kind of stems from a little bit of isolation, right? People in IT don’t necessarily think about breaches of customer data because they don’t interact with customers, right? They see it all as data. So I think there’s a little bit of a separation of sense of self from those things because you’re just looking at it as data on a screen, right? And so you don’t think about those specifically as being your responsibility because you don’t handle customer data but in reality you probably do. The other thing that I think is a contributing factor to this ideology is that there’s a lot of exceptions that get made, right? Especially in middle and small shops where there’s a smaller IT team so it’s just easier, it’s just easier if I do this myself, it’s just easier, it takes less time, security is a pain in the butt, I don’t want to have to go through it.

Chrystal: But the problem is, even if you make a one time exception generally there’s not a lot of process into the cleanup, right? Going back and changing those responsibilities again, changing those permissions again to where you don’t have them because you no longer need them. And I like to think that that’s going to go away, that people are taking it a little bit more seriously so they’re going to be doing more maintenance practices, right? Regularly doing assessments to see, who has responsibilities? Where do they actually need those responsibilities? And if they don’t, why do they have them? Let’s remove those. Exceptions are made a lot of times for really high level employees, your C-suites and stuff, right? Because they’re complaining and they can get me fired so I’ll just do it, and that is a mistake. And I hope that IT teams and managers are protecting their employees and making sure that they know that they’re protected so that they can actually enforce those security rules that new need to be enforced.

Kevin: And Tom and I from our past as enterprise DBAs we can tell you that this is still an entrenched problem. We would spend a lot of time in my job doing buy-versus-build decisions about all kinds of different products and when we would pay some money to buy a product to answer a specific need I can’t tell you how many times we saw that the vendor had passwords in clear text or all they used for any of the work of this particular app was SA, right? That has permissions to every single thing inside of the database, and we still see that very, very commonly. I’m not sure Tom if you’ve thought about that particular challenge recently but it was one that used to occupy a lot of mind space for me back in the day.

Thomas: I do my best to shed the unpleasant memories of my previous life as a production DBA. But the day I sat in my cube with an auditor who clearly didn’t have a whole lot of experience and we discussed the use of a password in the login and he suddenly realized that this login anybody could connect to the database outside the application because they could configure a connection string and that I suddenly needed to remove this login immediately in the cube, just stop it, you can’t allow. And I’m looking and I’m going, I am not touching anything, this is a trading platform I am not turning this stuff off without understanding what could break.

Kevin: Right. What are the ramifications.

Thomas: Right. And I’m like, I’m not as young as you so I have enough experience to know that this would be a wrong thing to do. And he went off and I’m not sure I really heard from him again. But I think he understood that it just needed to be reviewed what was really happening and understand the risk and report on that and figure out what to do next but you can’t just be turning stuff off. So yeah Kevin, every now and then those unpleasant memories come back so thank you for that. I liked how you said the zero trust and I think zero trust ties to the prediction I had about the normalization of risk aversion because we have more tools in our toolbox these days.

Thomas: So for example, let me walk you through a scenario that as a DBA or an IT professional you probably don’t think about and that is, if you are a data professional and you’re working with this data all day and the idea that somebody else is in charge of security which is the bad definition of security being a shared responsibility where you think somebody else is doing it. My definition I try to tell people is that you have a responsibility, we all share it, but you specifically have something to do. And, in our case, the tools we have available these days for encrypting data at the column level is far easier today than it was five, 10 years ago. Data masking, something very simple, this is the one I try to tell people, masking data is one of the easiest things you can do to protect your data from this scenario where an employee leaves a laptop on a bus or a plane, or has it stolen out of the overhead bin before they get off the plane, things like that.

Thomas: This stuff happens and now that laptop has company data on it that’s unencrypted or unmasked and this is a bad thing, and it could be easily preventable and so that’s when I talk about normalizing the risk aversion. If somebody stands up in a meeting today and says, whoa, whoa, whoa, whoa, that data that you’re collecting there tie it to data governance, you see this is a priority or tier one or whatever, this is labeled confidential or sensitive data that means we need to do something, we need to take action upon this in order to prevent it from leaking and what are we going to do about that.

Thomas: And I think those conversations are being more normalized because if I had back in the day stood up and said, we can’t do this because security, I was basically told to sit down, worry about the security later, we really need to move forward with what we’re doing, don’t worry about that, what’s the worst that could happen? Well, we found out in a lot of different ways the worst things that could happen and it’s a painful lesson to learn. And I just think that in the coming year we’re going to see more and more of this normalization of the risk aversion. So, being my prediction, I’ll just ask if you both agree.

Kevin: Yeah, hands down, it’s becoming much more. And the key thing too that is driving a lot of this urgency is actually coming from outside of the C-suite, it’s coming from the legal environment, right? So when a CFO sees that we could be docked up to seven, I believe the GDPR allowance is up to 7% of your yearly revenue, not your profit, your revenue, and if you have a 10% profit margin that can take you from being profitable one year to unprofitable, I mean, that has teeth. And so when we see a situation where there is real potential punishment, really painful punishment, people start to pay a lot more attention.

Thomas: So let’s talk a little bit about the final prediction which is around say fine tuning your skill sets, right? How do we put it here Chrystal? The prediction itself is tech pros will start to fine tune their skill sets and focus more on non-technical skills to enhance their career. Now, you notice I didn’t say soft skills.

Chrystal: Yes, because you know I hate it.

Thomas: Yeah. So we don’t call them soft skills anymore. So we’re going to get your thoughts here Chrystal on what you’re looking for, what the prediction is really about, and talk to us a little bit about this shift for tech pros in general to be focusing on these non-technical skills.

Chrystal: Sure. So, I talk about non-technical skills a lot, I’ve talked about it on this podcast before and webcasts and webinars and writing and everywhere because I think they’re very important. And I think that they’re often overlooked especially by IT pros as a thing that can learn, right? A lot of people I know who are IT pros think that they can’t learn non-technical skills, right? They’re more difficult for them to grasp the concept of and so it’s very difficult for them to learn them, that doesn’t mean there’s no ways to get there. But I think with the advent of the Great Resignation or the Great Migration or whatever you’re calling this, shortage of talent and shifting of talent in IT right now where people are more and more coming over from other disciplines, other walks of life, and joining the IT community and people who are in the IT community are realizing that they have value beyond where they’re currently sitting and so they’re moving around.

Chrystal: There’s a lot of shifting, a lot of shifting jobs, shifting responsibilities, and I think that that also means that they’re realizing that these non-technical skills can make a big impact in their careers, right? Without the non-technical skills, without the people skills, the talking to people, the management of processes, without those ideas, those things that are not technical processes, but organizational processes and those kinds of things, how to write a well worded email, how to have those communications with customers where they aren’t scratching their heads and not understanding anything you’re saying, being able to break things down from technical jargon to understandable by any layman, right? Those skills, those things.

Chrystal: And I never will say that those are not skills, those skills, those abilities to be able to do those things are more important than ever. It can make the difference between choosing you as a candidate for a job and choosing someone else because you can have the same qualifications but, hey, you’re more charismatic, you’re more personable, you can explain this to me and I’m just a manager I don’t understand or I’m just the recruiter and I don’t know what you’re talking about, but I kind of understood what you were talking about, that can make all the difference in their recommendation to the next person in the line to say, hey, this person they really made me understand what they were doing, they really made me understand what they were talking about.

Chrystal: And with all this shuffling in the career space right now I think that it’s gaining more and more intention that those non-technical skills are really important, there’s a lot of presenters, there’s a lot of speakers at that avenue. And just look at the growth of IT on YouTube and Twitch, tutorials and conversations and that right there it takes non-technical skills. To become popular in those kinds of spaces where you’re doing all of those things and a lot of people do them as a side hustle where you have all of that and then you can use that to give forward momentum to your career, right? When you’re applying for a job you can have that, your YouTube, your Twitch, or whatever, and say, I do tutorials, I do speaking engagements, whatever, and it looks really good, people are looking for those skills.

Chrystal: And even if you don’t go to a speaking role, right? Even if you’re just moving up, you’re trying to move into management or something, those non-technical skills are essential, they’re essential to be able to communicate with business leaders and stakeholders and customers. Your ability to translate your technical knowledge into something that someone who’s non-technical can understand is a big benefit. I think everyone is kind of getting to a point where they’re recognizing the value behind those from managers to just everyone, IT pros being in IT starting to recognize the value. And there’s a lot of options out there, even free options online, to help you get better at those skills. So I’d really encourage everyone to try and recognize where you have some faults and look at ways to improve them just as you would any technical skill.

Thomas: So Chrystal, when you say non-technical skills do you mean just communication skills or something else besides communication?

Chrystal: Not just communication skills, I think communication is the big one but there’s lots of skills you gain from customer service. I like to recommend people who have worked in retail or collections or any of those jobs where you have to work with people on a regular basis, just that ability to work with people and sometimes let somebody yell at you while you maintain a straight face and professionalism, it’s somewhat communication, it’s your body language, it’s your face expressions and that kind of stuff, but those skills are important. But also things like project management, also things like leadership skills, team building skills, those things are huge. Being able to delegate is a skill that not enough people have, you get a lot of burnout because that it’s either easier to just do it myself or you’re getting pushback.

 

Chrystal: And so you’re not pushing back in return to say that this is your responsibility or you’re not communicating effectively that responsibilities are somebody’s or your not communicating appropriately with whoever your stakeholders are asking for this thing, right? That this is not your responsibility. You get a lot of burnout because people just genuinely don’t want to deal with it and I think that that’s a mistake. I think that that is a non-technical skill, being able to delegate responsibilities, as a manager especially I think that is key. Being able to recognize that you may not be the most technical person on your team, you need to recognize the skills of the people around you and delegate appropriately and have those communications. So communication is really big for me in non-technical skills but it is a factor in so many other things that is just huge.

Thomas: So here’s a question for you Kevin is, where can a person go to learn these skills? I have some thoughts that I’ll share later. But just in general, if you looked at somebody and said, hey, you need these non-technical skills that Chrystal talked about, here is where you go, where would you send them?

Kevin: Well, I always say that you need your hard technical skills to get the job, you need these non-technical skills to get the promotion, right? And so there’s a number of websites, a number of experts on YouTube and things like that that can really help. I actually have developed quite a lot of non-technical skill sessions for IT pros and that grew, Tom, out of our time on the board of directors for the Professional Association for SQL Server, we have a number of those actually on the SolarWinds website if you’re interested in the content I’ve developed around that. We have a three part series that is being completed around New Year for persuasion, for influence, and for actually making proposals to your C-suite and how to successfully pull those kinds of endeavors, pull them off, it’s not something that comes natural to us. So, that’s a plug for myself, shameless for us in SolarWinds. So where do I read? I would point you to a couple of different resources.

Kevin: So there’s a great website called TechRepublic that has a whole section for IT leadership and when I say leadership I really mean all things non-technical. So, I need help with this particular kind of setting a budget, for example, a lot of us have never done that and when we get a promotion we have no idea what to do now that we have control of a budget, so there’s lots of that kind of content there. Also, I actually read a couple of the big kind of not management company but rather schools for business management. So I read the Harvard Business School Review, hbr.org, that comes out a couple of times a month and has fantastic content for IT teams. There’s also MIT Technology Review that has good content for those of us who have to… It’s not necessarily just for IT people but let’s say you’re a chemical engineer or a mechanical, so it’s oriented toward people who are technological but not necessarily just information technology, so there’s a lot of great resources like that. There are few though that are just for us technologists so TechRepublic is typically the one I’d point people to.

Thomas: I like how you said hard skills get the job, non-technical skills get the promotion, I love that. It also explains a lot of my career and so that really hit home for me and I think that really does sum it up. So as far as Chrystal’s prediction goes which is tech pros in 2022 will start focusing on these non-technical skills I think we’re all in agreement.

Chrystal: Yes. I do have something to add though as far as another place to learn from, I think that you should look around you when you get emails from even your sales department or whatever, within your organization, see people who have better communication skills, learn from people around you, network with these people. You never know where your next opportunity is going to come from and if you make friends with people and you learn from them and then allow them to learn from you back, everybody can learn something from somebody else. You help build those connections and so they might move on to another company and then they’re looking for somebody with your skillset and they go, oh, I know a guy, I know a gal, I know someone who can do this and do this really well, and that’s really huge, I think that’s good for your career, I think that’s good for expanding your skillset, non-technical or technical.

Chrystal: Spend a little time, take someone to coffee, take them to lunch, take them to a virtual happy hour, whatever, to talk to them in some capacity. And spend a little time getting to learn how they think, especially communication wise, how they take their words and put them in a way that’s different than yours and makes a bigger impact, it can be really big just if they can explain to you or you can watch them write an email and they explain it as they go. All of those things are very easy to do, it takes a few minutes and you can pick up on those things, pick up on those little non-technical skills a little bit at a time and improve yourself as you go while you’re also making connections for potentially the next big thing in your job.

Kevin: Chrystal, you reminded me too that somebody once asked me, if you could tell a new DBA or a SysAdmin, what would be the best thing you could do to help advance your career? My advice is always, I have two parts there so, but I’m just going to hit the first one which is, my advice is always look around in the organization you’re at, see if you can identify a person whose career you would like to emulate and ask them to be your mentor. And there’s nothing that’s going to help you more than having a good mentor who knows the ropes, not just technologically but of your organization, who to watch out for, who you can approach, who is approachable I should say, and that sort of thing. I was lucky to have a person like that in my life early on and I just can’t say enough about it in terms of the goodness it can do to help you get better quickly.

Thomas: And just to make sure we definitely speak to it and I think we’ve hinted at it but I don’t know if we were explicit enough, but these non-technical skills are what you need to help foster and build better relationships. And then that Great Migration that we’ve seen and talked about here the idea is, I think some people maybe right now are realizing that the people that have been able to kind of go in and out of different jobs, maybe have had one or two jobs over the past 20 months now, those are people who were really good at building those types of relationships and so they had a landing spot somewhere else if they needed it.

Thomas: And for the rest of us we’re probably starting to realize maybe we haven’t been as good at building that network or fostering those types of relationships and it’s something to revisit. So that’s one of the biggest reasons I think Chrystal’s prediction is absolutely true, I think there’s a large group of people out there just now realizing that they need to be better at building and maintaining those relationships and those are part of the non-technical skills that we’ve been talking about.

Kevin: Yes.

Chrystal: Yes.

Thomas: Well, thank you both Chrystal and Kevin for joining me today for this discussion on our 2022 tech predictions, it was wonderful spending time with you both.

Kevin: You too, Tom.

Chrystal: Yeah, it was great.

Thomas: And also thanks to the other Head Geeks, Sascha and Liz, for their time in doing these TechPod episodes reviewing our predictions so thank you to all the Head Geeks. And I also want to make mention of, if you want more information for some of the topics that we’ve talked about in reference, you should find the IT Trends Report, we should be able to provide a link to that in the show notes as well. If you enjoy SolarWinds TechPod we’d love for you to follow, rate, and review the podcast. Thank you for listening and until next time I’m Thomas LaRock.