Soooo… Haven’t seen anyone ask this. Why DOESN’T he want it updated? Have you checked for running processes, keyloggers (hardware and software), hidden partitions, Veracrypt, etc?
There may be a reason that’s not being shared.
Otherwise I agree with the email routes that get it in writing (or the lack of response as such).
It’s a medical office, $100 says it’s running some outdated software no longer supported by the vendor but must be kept n in operating state because HIPPA requires you to keep patient data of children available until they’re like 25
This is my guess.
You’d think OPs boss would just tell him that though.
“We can’t upgrade because of <whatever software> I’m keen to hear what we can do to mitigate the security risk”.
Some IT bosses aren’t great at communicating why, they just want to stop the convo on things they can’t fix and resume working on progressing things they can
This probably applies to bosses in any role. That said, this boss is not an IT guy, he’s a manager in a “health” business employing an IT guy. Why wouldn’t you tell the IT guy you hired about your IT requirements?
Most IT managers are just techs that stayed long enough to be made manager
That doesn’t sound like what’s happening here. It’s a family business. I think OP is the entire IT department.
Walmart is also a family owned business, that term means nothing in regards to company size and org structure. In another comment OP says there are several leadership tiers including managers, directors, and VPs, those org charts don’t exist in mom&pop health clinics. If OP is a one man IT department then this company is grossly mismanaged and is being negligent with their data by hiring a singular kid straight of college to be their IT department, if he’s one of many like they should be then OP is just a new-hire that needs to pump the brakes and learn to follow direction
Cover your ass, then follow orders. The job is, whether anyone likes it or not, to do what a supervisor tells you. If the supervisor is an idiot like yours, that doesn’t change. Do the job, cover your ass, and hope for the best.
I appreciate the advice. My boss told me today not to ask again about upgrading the desktop and was visibly angry. I’m planning to email him saying I have a preconfigured Windows 10 replacement ready, but I haven’t touched the current setup as per his instructions. If the current computer breaks, we can swap it quickly. Is this a good approach?
Yes. And then polish up your resume. Work experience can trump age/even certs sometimes.
This is an awesome moment in interviews to let them know you try to head off problems before they start.
You said you were young, so you might not fully know your own worth yet. I’d rather hire someone who is forward thinking and preventing problems then someone who might have a cert or 2 more than you.
Windows 10 will be in the same boat again in about a year and a half when Microsoft drops support.
Do you really want to have this fight a second time trying to get him to upgrade to Windows 11?Win11 is already available… Just go to that.
There should be no issues as long as he doesn’t access the internet directly. If you have a terminal server you should be able to set up any web browser and let him use it in a remoteapp mode.
At this point I’d take the malicious compliance route. Make sure you have it documented in a form of writing that shows he is refusing to upgrade his system. Send him an email confirming you the new laptop on standby and would like to know when he’d like to swap it out, he’ll obviously tell you to pound sand. If anything happens, it’s not on you. If you’re worried about getting fired, then it’s not worth it to pursue.
I would absolutely send him an email to the effect of
“Per our multiple verbal conversations, this is just to serve as notice that, in my professional opinion, your refusal to allow me to upgrade a system at risk of multiple security vulnerabilities on a platform that is no longer supported is a risk that you are choosing to accept against my advise.”
with a list of known major vulnerabilities attached if possible.
That way at least if this comes back to bite the company on the ass, he can’t say “Well he never told me this was a problem!”
I disagree. That’s a consultant-style answer. OP is an idiot newb three months into his first job with zero responsibility, and not in any position to “serve notice” or have any meaningful “professional opinion”.
Just post the IP address and we can sort it out for you.
Back everything up first and you will be their hero.
What a disaster. Post IP and system information on 4chan. He will switch after being compromised.
This is (presumably) people’s personal health care information. Please don’t fucking do this, Jesus Christ.
If not just because it’s a really shitty thing to do, I’m pretty sure it’s also at least one felony.
Then compromise the machine yourself without stealing personal data from unrelated people.
You understand that legally speaking this is approximately the same thing as telling your boss that the front door isn’t strong and thieves could easily kick it in, and then when they refuse to fix it, the response you’re suggesting is “show up at 3 am and take a sledgehammer to the door, but just dont steal anything from inside” right?
The point is to cover your ass, not pull your pants down.
The point is to get him to switch so you have peace in your network and don’t have to handle the shit show when someone else does it.
Yes I understand the intention, but in one of these scenario’s I’ve covered my ass legally and if something happens where the company gets ransomware for example, I likely get paid thousands of dollars in overtime restoring backups and the user ends up updating anyway, and in the other I can go to prison, lose my job, and never be able to use my time at that company as a reference on a resume let alone probably easily get a job again because now I have a criminal record.
I know this because I have lived scenario A probably 6 times in my life.
I know, I live those scenarios too, I said let some 4chan degenerate do the dirty work, get paid for fixing it and get your network in check - if you morally can’t handle that situation because of the data, then do it yourself and you can ensure that your boundaries are not crossed.
Free pro tip: If you do it yourself, you still get paid to fix it ;D
Yea I don’t trust the opsec of some random 4chan user to cover their tracks and therefore mine in that scenario.
I’ll just take the option that guarantees I can’t go to jail and ruin my entire fucking life lol.
“This is my first IT job, I’ve only been working here 3 months”
Then you need to learn this lesson quickly: YOU ARE NOT THE BOSS. The Boss is the Boss. Not you. You make your concerns known to him then you leave it at that.
“I’m considering talking directly to the owners about this issue” Yeah, going over his head is really going to go down well /s. As you have proven you are hard of learning, let me state clearly: it won’t, that was sarcasm. The owners will see you’ve gone over your boss’s head and when he says “I’ve had enough of this jerk, let’s get someone else in” they’ll be hard pressed to disagree with him.
“my boss’s refusal puts our operations at risk” Your boss already knows this. Especially as you keep banging on about it. What you’re doing here is heading for an unceremonious out-kicking. Your boss also knows a lot more about the business than you do. If he’s keeping that machine on Win7 then he probably has some good reasons to do so.
“I want to ensure I handle this professionally” No you don’t. You want to force your boss to do what you think he should do. If you were being professional you’d state your concerns, in email if necessary, then move on.
“I definitely feel like I’m going to be used as a scapegoat” That’s why you put your concerns in an email (ONLY to your boss, nobody else. Or maybe a sympathetic team member). This creates a paper trail so that if and when they come knocking on your door saying “Why did you let this happen! You’re fired!” you can point to that email which proves you did everything you could. (Which they won’t by the way. You’re an idiot newb three months into your first job. You don’t have any responsibility yet. So this isn’t on you.)
“I’m also planning on seeking employment elsewhere” It doesn’t matter where you work while you have this attitude. Newsflash kiddo: you’re the asshole here. You’re a newb three months into your first job. No matter what you think you know, you don’t know anything. Instead of trying to dictate to others what you think they should do, try to learn why they’re doing it differently from what you expect. Maybe you have to find somewhere else now; that boat may have already sailed. Maybe if you approach your boss saying something like “er, sorry I was an asshole, I thought I knew more than I do, can we start over and I want to learn from you” (but obvs phrase it better than that) then MAYBE you stand a chance of getting through your first year.
[Sympathetic mode on.]
We all have to learn this stuff and it takes time. Your boss also knows this, and remembers when he was an overenthusiastic hothead. So while all the above might seem harsh, especially the YTA bit, hopefully it’ll cause a course correction (which is my intent here) and you’ll be back on track to a successful career in IT. This position may still be salvageable but you need to go in on Monday understanding clearly that it might not be, and that it is your fault. And maybe you need to be fired a few times before this sinks in. Good luck.
lol. no. everything you said, just… lol. no.
I guess this entirely depends on what country you’re from. I’m a developer, and I constantly have to deal with ignorant bosses. They push me to write code faster, sacrificing proper planning, architecture, and testing. Then I’ll be the one sitting up all night fixing a broken release, because my code doesn’t work.
As the professional in this scenario (the one who knows how to develop software), it’s my responsibility to make sure it’s done right. My boss isn’t supposed to know how to do it, so it’s my job to let him know.
Of course, you still have to have your bosses permission to do it, so I totally agree with OP putting pressure on the boss. It’s important that the boss knows what’s at stake, and it’s OP responsibility to make sure he does. But at the same time, it’s important for OP to know why the boss doesn’t want to upgrade, he might have a good reason, or at least it would be easier to argue against.
Again, it probably depends on the country. I work in a country with high job security, but it might be different in other countries (not the responsibility, but the danger of doing your job properly).
The whole point of this post was to get advice, not to be insulted. I’m new to the field, and documenting everything is a valuable lesson I’ve learned. My boss can be unpredictable, and there’s no good reason for not upgrading a system that only runs a single program and has significant security risks. I already plan to send the CYA email tomorrow and then drop it.
I’m not going over anyone’s head. The employee who needs the machine is the one asking for the upgrade because it’s impacting his work. He’s been requesting it for 8 months. Your attitude is unhelpful, and you’re making faulty conclusions. Just because I’m new doesn’t mean I don’t have valid concerns.
I’m looking for advice to handle this professionally, not to be made to feel bad for asking for help. Maybe next time, try offering constructive advice instead of acting superior.
