IT Admins Need a Vacation

As someone who’s worked in the IT industry for over a decade, I enjoy browsing Reddit’s r/sysadmin, which has become one of the most honest places for IT discourse on the internet. For those who haven’t been in IT, the forum might be jarring. It’s filled with thoughts on inheriting messy infrastructures and dealing with challenging managers.

Unfortunately, I’m not that surprised by these posts, because I’ve felt this way during my time in IT and security as well. People in the IT and security industries have been voicing the need for help and support for years. In fact, the technology sector has the highest turnover rate at 13.2%, according to LinkedIn. The pandemic has only magnified that unhappiness as millions of workers are reevaluating their priorities.

It’s time to take a good, hard look at why IT admins are struggling, and think about how we as IT leaders can reverse the tide of frustrated, unhappy tech workers.

1. Sysadmins are on call

Being on call is often the biggest driver of burnout. As someone who’s done it for 15 years, I can say that being on call isn’t easy. It requires you to make personal sacrifices, which shouldn’t be the norm. IT staff must be compensated, rotated off, and actively supported to maintain mental health and well-being. From a business perspective, it is always more expensive to hire and train than it is to accommodate and plan, but it’s critical for supporting your IT staff effectively.

What’s more, sysadmins on call without adequate support can feel alone and distressed when an incident occurs, because they have no one to contact if -- and when -- disaster strikes.

Many sysadmins on Reddit describe what they call “IT PTSD,” in which the sound of a phone ringing incites fear, dread, and anxiety -- even years after their on-call shifts have ended. I believe all of us who have gone through on-call or critical rotations understand this feeling well and the dread that comes with hearing a Slack, Teams, or PagerDuty notification off-hours.

2. Sysadmins are underpaid

What’s worse than being on call? Being on call and not being compensated for it.

One Redditor said it best, explaining that many employers and managers think being on-call only counts as “work” if actual emergencies arise during the on-call shift. This is arbitrary and outside of the employee’s control, and it’s actually unethical to not compensate workers for their time.

Another Redditor described being a sysadmin as being endlessly underpaid compared to other professions with similar salaries. This is a common sentiment for sysadmins; 43% said that their salary is not enough for the cost of living in their area, according to Indeed.com.

IT classically is seen as a “cost-center” to environments, which often results in poor people management, as there isn’t a focus on quality management in relegated departments. Moreover, people in IT tend to want to help others, which can make the task of self-promotion to an out-of-touch manager even more difficult.

It’s important that IT admins are advocating for themselves -- and for their peers -- so the industry can mature together. You cannot have a secure, mature, and well-running operation if you are underpaying your people, especially in critical positions like IT.

3. Sysadmins are overworked and unappreciated

Many, if not the majority, of sysadmins are stretched thin and must deal with a massive range of responsibilities. The average IT admin handles server maintenance, resolving help desk tickets, hardware upgrades, patch management, software updates, and more. For IT admins on smaller teams, they need to handle security, too. Many sysadmins aren’t even solely responsible for IT; they often have other line-of-business tasks like general operations while also being expected to secure the organization.

In cases of a company getting breached, it’s easy for leadership to point at IT and apply blame. The reality of some of these situations is that poor leadership from the top resulted in security immaturity because of IT burnout.

In addition to this plethora of responsibilities, IT admins work in the background to keep systems operational. People generally like to be recognized and appreciated for the work that they do, but the best-case scenario for a job well done is that nothing emergent happens. And the few instances when sysadmins do interact with other colleagues, usually something is broken, which can create a tense dynamic between end users and IT.

Even more disheartening than unappreciative users are unappreciative managers. On Reddit, many sysadmins have shared that they report to people who don’t see the value of IT or care enough to develop a foundational understanding.

Addressing the Sysadmin Problem

An unhappy sysadmin can breed apathy, and an apathetic attitude is especially problematic when sysadmins are responsible for cybersecurity. Even in organizations where cybersecurity and IT are separate, sysadmins affect cybersecurity in some way, whether it’s through patching, performing data backups, or reviewing logs.

This problem is industry-wide, and it will take more than just one person to solve it, but I’m in a unique position to talk about it. I’ve held sysadmin roles, and I’m the co-founder and CTO of a threat detection and response company in which I oversee technical operations. One of my top priorities is building solutions that won’t tip over and require significant on-call support. The tendency to paper over a problem with human effort 24/7 is a tragedy in the IT space and should be solved with technology wherever possible.

As someone who manages employees that are on-call and is still on-call, I need to be in tune with the mental health of my team members and support them to prevent burnout. I need to advocate for my employees to be compensated generously and appreciate and reward them for a job well done.

One of the most impactful ways to alleviate stress is by arming sysadmins with tools that help do the work for them. IT tools -- specifically security tools -- have historically wasted too much time, with the barrage of constant alerts from noisy security tools. Monitoring, investigating, and interpreting alerts, tuning and configuring detection rules all create unnecessary time and stress that the right security tool can handle for you instead.

Sysadmins aren’t inherently angry. Years of dealing with noise -- from alerts, people, requests, calls -- wears down even the most dedicated, ambitious, and mentally healthy individual. Let’s just give them some peace and quiet and encourage them to take a well-deserved vacation -- without bringing their laptop.