An article just surfaced on CNN where the top executives of SolarWinds essentially shifted the responsibility of a password leak to an intern. This infuriates me, but I think it serves as an excellent reminder of some hard truths about working for a company.
Oh, if you think this is isolated, think again.
SolarWinds made the news after a breach was discovered due to a weak password that protected a publicly accessible server. SolarWinds is a company that many other companies and government bodies use, so it made headlines.
Blame the Intern
Imagine you’re that intern right now. While your name isn’t in the news yet, you are infamous.
Interns are eager folk looking for a chance to hone their skills and ultimately get a job. Companies enjoy interns because they often get paid very little compared to non-interns and are highly disposable.
So imagine you’re that intern, and your chance to work at a major company resulted in infamy because the company you work for decided to blame you for everything, including things that happened before you worked there.
Companies Protect Themselves
The hard truth is that no matter what language like “Be part of our family” type language companies use, companies will do what it takes to preserve themselves.
You may have heard that HR doesn’t work for you. It works for the company. The same holds here.
You work for the company’s benefit, which includes them blaming you if it benefits them.
I bring this up because many people put their faith and loyalty in companies, and while I don’t want people to be cold-hearted and cruel, it is always worth thinking about how far your company would go to protect you. How many people would give up their paycheck, so you keep yours? If a SolarWinds incident happened, how hard would they work to protect you from exposure?
I think it is beautiful to realize that each job is an opportunity for wonderful things to happen. Things you’ll remember and treasure for your whole life. However, the foundation of that opportunity is a business transaction and not a relationship.
Bad Things Happen Everywhere
We make mistakes. We ship bugs. We don’t take forever to secure everything. We assume things will be fine. We trust our peers and superiors to give good guidance.
It doesn’t always work out that things add up.
A few years ago, there was a famous case involving Volkswagen and faking emissions information. Guess who they tried to send to jail? The engineers.
Now in these articles and the case of VW, things are a mess. Multiple things are going on that led to a single moment where things fell apart.
What is so hard about this is that people always know the problems well in advance. SolarWinds knew they had a dumb password on the internet long before the intern showed up. The bad UI that cost Citibank existed before someone clicked the wrong button and two people signed off. People knew they were going to fake emissions in VW before it happened.
Admittedly many developers I work with believe things like this aren’t ultimately their fault. After all, they did their job to the best of their ability.
So when did these two worlds meet? The knowledge of something bad, and the belief it isn’t their problem or responsibility?
What would have happened if the people who saw the problem took responsibility to prevent something worse from happening? What if someone who knew the password was bad stopped and said they can’t let something like that continue and fixed it? What if the unusable UI was thrown out because it makes no sense? What if the engineers at VW refused to break the law?
While responsibility like this feels costly, in my opinion, it is what is needed most in our field. We need to recognize and take responsibility for the impact we have on millions. We love that we can build products that are available so wildly, but we shy away from acknowledging our part to play in its disaster.
My challenge to you is this: Take responsibility for one thing going wrong, and start trying to fix it in earnest.