Craig Bloem, Founder & CEO of Free Logo Services (which is not his first startup), says,

• Look at code samples – I ask them for their code and have “A” level programmers I trust look at the code and tell me how good it is.
• Similar projects – Have they worked on projects similar to what I am going to have them work on so that they will be familiar with the challenges and the technology.
• Excitement level – Are they excited and challenged by what you will have them work on? Good programmers and IT shops need to be challenged constantly.
• Use their applications – I have them bring in their own computer and show me what they have developed (apps and programs) and tell me about what parts of the programs they owned and what was challenging to them about it. You can also see how they set up their desktop and what tools they use. Look at the programs they have developed. Were they scalable? Do they accomplish their main purpose?
• Personal interaction – How do they communicate with me? Do they
  understand my questions, and what questions do they ask?
• References – I learn more out of references than anything else. Do they learn fast, how is their quality, can they manage deadlines, what are their weaknesses and strengths so I know how to work with them and what to watch out for if I hire them.
• Education – What GPA and schools did they go too. Specifically, how did they do at math?
• Github – Do they have a github account and if so,what have they written?

Ethan Roberts, President of Monkey Mind LLC, says,

• I’ve been on both sides of the fence finding consultants for companies I worked at, and now I’m an independent consultant that other companies hire. From a company standpoint, I looked for a close fit on skillset and then at personality during the interview. If one candidate had better skills but the other one was easier to work with and close on skills, I’d pick the second one because I don’t need a hassle for the whole project. As a consultant I try to have a great skillset and an easy-going personality for exactly the same reasons.

Eric Leland, of FivePaths LLC, says, “We regularly hire consultants and programmers, and help our clients do so.”

• We like to find contractors through peer resources. Partners or clients we work with may have leads or resources they have experience with.
• We trust our partners and clients, and value their experience with the talent they have hired, which makes our vetting process much easier. For some skills, we need to reach more broadly – we use professional networking organizations for various sectors that serve the talent we need. One example is the Nonprofit Technology Enterprise Network, whose membership is experienced with many software packages that nonprofits seek.
• Professional networks exist for many established technologies, helping to aggregate smart talent, not just people who are job hunting. Smart talent, even when they are not available, can lead to great resources, helping to reduce the time it takes to find and review applicants.

Next week we’ll look at what some successful IT consultants and independent programmers have to say about the best ways to get clients. But this suggestion is too good to keep on the shelf for a week…

• Self-described hacktivist Fred Trotter says, “I found that finding clients became much easier when I ‘wrote the book’ on my subject matter”: Meaningful Use and Beyond; A Guide for IT Staff in Health Care

So: Have you considered writing a book about the area where your greatest skills lie? It can be a major career boost.

Alan admits his “trust no one” attitude comes from his New Jersey upbringing and is not common among his Indianapolis neighbors and coworkers. But the essence of computer security is forethought mixed with paranoia. Rather than protecting against what miscreants have done in the past, you must think about what they might do in the future.

Realize, too, that all good things must come to an end. The person you hire today will sooner or later move to another job or retire or even die in the saddle, leaving all his home office desk and all the papers in it (including your corporate passwords) to his nephew who has felony convictions in five states. Or your company may suffer business reverses one day and be forced to let your new hire go.

Think pre-nup. Everything is lovey-dovey today, but will everything be lovey-dovey 10 years from now? We have no way of knowing.

What we do know, however, is that by having security access policies in place, and following them, we can minimize the risk of disgruntled ex-employees sabotaging our IT infrastructure. And rule number one for doing this is to give people only as much access as they need to do their jobs. Alan says he’s not just talking about passwords, but that “key code access to server rooms and external access to IT systems should be limited only to those who absolutely need these privileges.”

He also says:

• There should be well-established, written policies in place for when new employees start as well as for the time of their departure.
• Established policies that are carried out for all employees avoid the chance of missing a critical step.
• Fixed policies do not allow a disgruntled employee the chance to claim unfair polices were directed at him or her.
• Consistent policies also prevent the company from skipping processes because the employee was deemed trustworthy.

Fast-forward nine years

Why nine years? Why not? Anyway, a good long time after hiring, your no-longer-new person may starting coming back from lunch with the smell of liquor on his breath. At the same time, changes in your business make his skills less valuable than they once were, and he has made no effort to learn new ones.

It’s time to say, “Hit the road, Jack.”

But before you say that (or even start humming the famous Ray Charles song), you need to alert IT personnel — especially management — about the impending departure. In confidence. And, Alan says, you need to review “all of the company systems the employee has access to. Make a check list of the affected systems and require a confirmation of action once the employee leaves.”

The check list is important, because forgetting one key or a single obscure password can ruin the rest of your careful security preservation work. And your termination checklist should cover all employees in order to protect yourself from termination-based lawsuits — which might be frivolous, but can still be expensive and should be avoided whenever and however possible. “Consistent policies,” right?

Here’s Alan’s basic “time of departure” checklist:

• Collect all company IT hardware –- computers, keys, fobs, SecureID tokens, and cancel access to any company systems that the employee had access to. This would be internal systems as well as external (i.e., VPN access)
• Inform IT vendors of the employee’s departure –- they might be the target of a social engineering attack if they are not aware the employee has left the company
• Change the passwords on all company email accounts used by the employee. (Alan also suggests redirecting the employee’s email to a manager for a short period of time to detect any suspicious behavior.)
• Don’t forget to change passwords not only to obvious systems but also on seemingly benign Internet applications that the employee might have access to (i.e., company website, Facebook, LinkedIn).
• Consider the employee’s company computer and all computers the employee had access to as possible sources of malware. A key logger or malware might send information from the ex-employee’s former computer to an external hacker when that machine is given to or used by another employee. If possible, have these computers checked.

——-

Alan says that if you learn nothing else from what he’s said here, you should remember two main points:

• Treat departing IT employees with respect — and be consistent, with firm, well-established processes that protect the company.
• Operate your company on a need-to-access policy, not on freedom of information. Most companies do a really poor job of this.

I know the CEO, Larry Augustin, pretty well. In fact, I found out about these jobs because he and I are Facebook friends and he posted SugarCRM’s hiring needs on Facebook.

When you apply, you can tell them I know Larry and that I sent you. It probably won’t do any good, but hey! It’s worth a try, right?