Crazy Idea: Trust Employees

From the Brent Ozar PLF mailing list, I picked up a link on offering employees unlimited vacation days.  There are a few companies which do this, and I think that for a small organization, it’s a great idea.  The rub is that your hiring practices have to be good:  you need to find motivated, hard-working employees you don’t feel the urge to micromanage or monitor constantly.  These are people who want to work, who wake up in the morning ready to go accomplish something.  For those people at those places, this is an outstanding idea, and saves time and money (monitoring has its costs).

In general, my business philosophy is to treat people like adults until they prove otherwise.  If somebody wants to come in at 6 AM one day and leave at 9 PM, and then come in at noon and leave at 2 the next day, let them, especially if you’re in “creative” IT (like software development).  Originally, this is how exempt employees worked:  you worked until you got your stuff done, and then you left, regardless of whether this took three hours or fifteen.  Unfortunately, exempt has turned into “you need to work at least eight hours, and just keep working without extra pay.”  Vacation time turns into “yeah, we offer it to you, but we don’t want you to take it.”  Flexible work schedules become “we need you to come in and work from 8 AM until 6 PM and you can’t come in any earlier or later than that.”

Unfortunately, the standard company philosophy when dealing with trouble employees is, rather than focus on the trouble employee, bring the hammer down on everybody.  That way, it’s “fair” (because punishing people for the actions of unrelated others is fair?).  More honestly, that way, their HR and Legal departments don’t work extra hours and managers don’t need to take responsibility for managing people.  As a result of this shirking, good employees get treated the same way as bad employees, leading to good employees having weaker incentives to remain good employees.

So, going back to my original idea, I’d say that it might be a great idea for some people to start taking some risks.  Give your dev team home access and let them come in whenever they want, work whatever hours they want, and work any days they want, just as long as tasks get accomplished.  If they’re already salaried (which full-time employees in IT typically are), it won’t make a monetary difference.  If you did a good job hiring people (or if you can fire lousy employees easily), I’d be willing to bet that you’d see an improvement in performance as people work when they are revved up and don’t when they aren’t.  You can keep somebody in an office for 9 hours, but it doesn’t mean that you’ll get 9 productive hours.  And when coverage isn’t that important, there’s no reason even to have people stick to certain schedules.  As long as they’re productive, that’s what matters.  And if they aren’t productive, then they lose the extra privileges…or get fired.  I’ll grant that this might only apply to certain subsets of the population (and would make people not in that subset pretty angry), but that doesn’t mean that you shouldn’t give it a try.

Speaking of which, any companies hiring that do offer unlimited vacation time—and don’t guilt you into not taking vacation—you’d be near the top of my list if I start looking on the market…

This Week’s Security Notes

Not too much for this round, though I’ll have a few more links later this week.
  • I ignore Google ads in their search results.  Looks like there’s good reason to.
  • Yet Another Cross-Site Scripting Vulnerability.
  • Social engineering on the rise.  People are the weak link in most organizations, and if you are going to target a specific organization, you’re going to target the people who have access to what you want.  If you’re just out to get control of some machine somewhere, or just looking around for things to do, social engineering doesn’t play as strong a role.  But those typically aren’t the threats we really need to focus on; focus on taking care of the tough cookies and the kiddies will be sorted out automatically.  Any time I read about social engineering, I go back to the site. (Via HNTV)

Abolish The TSA

The TSA list of things they’re protecting us from.  If that list doesn’t prove the TSA’s irrelevancy, I don’t know what does.  Well, maybe that they’re gung-ho about protecting us from cupcakes.

Schneier himself doesn’t want to abolish the TSA, but I’d consider that too much faith in a government institution.  At one point, I was kinda-sorta of the same opinion—that security has strong enough externalities that private institutions likely would not hit the optimal point—but there are incentives in place…or at least would be if the government wasn’t too busy screwing around with peoples’ cupcakes.

Mass Effect (PC): A mini-review

Rather than go into a big long post about how awesome Mass Effect is, and it is awesome, I decided to just write a few brief words on it.

It’s a Bioware RPG. It is also the worst Bioware RPG I’ve played. This is no insult to Mass Effect; it is rather an endorsement of a company that’s consistently done very fine work with RPGs.

So why don’t I like it as much as other Bioware games? It’s obviously an RPG for people that don’t play RPGs. I’m not complaining about the setting; it’s not that different from Knights of the Old Republic, for example, and I liked that game better. The characters and story are terrific. As an RPG, in which the idea is to encourage players to completely customize their characters, it’s a little short. There just aren’t enough options.

The part I liked least was the mind numbing scouring of planets by Mako. That got kind of old, and instead of going “Yay! Something new to explore!” I felt “Yay! A slight variation on the same cookie cutter level design!” The non-story missions felt mostly like filler. The game is also a bit unstable, particularly towards the end. I experienced multiple crashes, which were pretty annoying.

It really shines as an action RPG, and the controls were fluid and sensible. The idea of conserving heat, not ammunition, adds a new tactical dimension to the game instead of mere bullet counting. From a gameplay perspective, I would rather the tactics menu be a toggle than a hold, but I understand it from a roleplaying perspective. Grenades seemed nearly useless.

It’s a definite thumbs up for me. It’s very accessible and entertaining; from any other company it would be one of the best games they’ve made. Not from Bioware, and that’s a good thing.

More Of This Week’s Security Notes