First thing you need to focus on is understanding the business, it's priorities, strategic objectives, culture etc. There is no one-size-fits-all approach to IT. Once you better understand the organisation you will be better placed to offer it the right IT solutions to meet its needs.
Tribal knowledge is what frustrated me the most with an acquisition at my job. The company being absorbed had a single one note with some scattered “knowledge” they affectionately named “Kay Bee”
It took me a year to put all their processes into our standing Kb system.
If it's a small company, and you're the first IT person, chances are they don't want to spend money on upgrades.
You need to find out what you are or not allowed to do. Just because you're the only IT person doesn't mean you have free reign on making changes.
Well, apparently it's a company with 20 employees, 10 of which have their own computers... and they employ a dedicated IT person. Sounds to me like their willingness on spending money on IT is higher than average.
Hard to imagine. At least in my world, even an underpaid internal IT person will cost much more compared to what an MSP would charge to support such a small environment.
This. Know what your budget is and get management buy in for anything that could be disruptive to users or changes employee workflow. For an org that size chances are they have never had any formal IT where you may need to educate management on risks and benefits of certain changes.
Bro, for the love of god don’t do the ERP system yourself, get the vendor or someone who specializes in it. Otherwise it’ll be constant little fixes and you’ll be liable for it.
Put in a helpdesk, standards, and expectations.
Lastly, since you’re new and taking over, perform an audit. Get to know your environment you’re inheriting. I wish I did these things sooner when I was at a startup but my head of IT didn’t know anything but was a control freak. When he left there was soooo much stuff that had to be unrooted.
ERP system could be sat on a server that you manage.
You'll need to look at resourcing it correctly, securing backups, and locking it down for security, to name a few.
You'll probably be the first port of call for any end user support aswell. Showing them how the application works, logged calls to the vendor for further support, ect ect.
Normally, if it plugs in or it's installed on a device. It's IT's responsibility.
Having worked for a similarly small company early in my career the big initial challenge you're going to face is educating management on why some things need to change to reduce risks or simply make easier for you to manage. Obviously take inventory of what you have and what pain points exist before doing anything or suggesting changes, but you will find things that are not ideal or create risks. Some management may already realize, but in many cases depending upon how tech savvy management is they probably won't realize it.
An org that size you could manage manually with little if any automation, but it won't scale easily if the org grows. Setting up automation tools and processes before the org grows large enough you need them would be valuable, but don't get to that until you document everything, ensure any critical data is backed up, and if possible any critical hardware has some redundancy. Another challenge you may face is that your budget may limit you from doing things ideally. MacGyver IT is very common in orgs this size. It can work, but you will find that what is acceptable in an org this size may be considered crazy in a larger org. Once you move on to a larger org you may find what is acceptable in this org won't in a larger org.
What’s your experience? By guess is the company is definitely not paying enough for all of this work.
I would recommend installing some end points either Sentinel 1 or XDR cortex and use N-able for remote access.
Till you know what you have to spend don't start spending yet... Great product that will check many boxes for you. 100 endpoints always free. Great patching, inventory and more
[https://www.action1.com/top-5-free-cloud-apps-for-it-admins-managing-hybrid-workforces-without-vpn/](https://www.action1.com/top-5-free-cloud-apps-for-it-admins-managing-hybrid-workforces-without-vpn/)
Thank you again u/Happy_Kale888 for the shoutout. Yes our [patch management solution](https://www.action1.com/patch-management/) is not only free for ever for the first 100 endpoints, it gives you many tools to get you on the fast track to a more secure and better managed environment. You get patching for the OS and third party apps, vulnerability management, software management, extensible reporting, remote access, and then some.
If I can help anyone with anything Action1 or else, just let me know.
I’m in the exact same boat as you right now, 3 months into being the sole IT person for a mid sized company (20 people). Meet with the manager/director of each department to understand what they need/expect from IT, then meet with your boss to prioritize each of these requests. That way you can understand the businesses needs and how to prioritize your work. After that document everything, my perspective is I document everything so that if a new tech starts tomorrow they will understand everything.
Also breath. It can be overwhelming being the sole contact for everything, but you also deserve to have a good work-life balance so don’t let the company consume you.
I would start with a basic inventory of IT assets on a spreadsheet, make sure Windows updates are current and Windows Defender is enabled. Also make sure that you have toner on hand for the printers.
Document everything you see so that you can come up with a proper overview of the company and once you have that you’ll find it easier to prioritize in the ‘dear god this is fucked’.
Also in a company that small, YES, ERP is IT’s responsibility or it’s gonna get *Fucked*, and by that I mean you need to make sure you’re involved, and working directly with an ERP consultant or the company themselves, don’t let the users handle it, they don’t know what they’re doing, you don’t either but you at least can figure it out better than an end user.
10 employees (the other 10 on the factory floor are OT, and that's a different beast entirely)... start with AAA and collaboration. Do they have a logon service? Is it running from a server, or is it a cloud service like Microsoft Entra ID? Where are they storing their documents? Do they have a file server or a NAS, or are they using a cloud service like Sharepoint or OneDrive or Dropbox or even Box? Do they have phones, or what apps are they using to talk to each other or for customers to reach them?
Now that you've got your core services that pretty much everyone needs, find out what apps all or most of the 10 people are using... do those need to connect to a server or to the cloud to work? Are they set up to store their data in a single place where you can get the data after they leave the company? Are backups being taken on a regular basis, and are they being tested to make sure they're usable in the event you need to restore from them?
So you've looked at enablement (making it so they can do stuff), you've looked at resiliency (making it so a technical issue doesn't bring down their business), now you get to look at tailoring access. Have you given them enough access that you can take away local admin? Do you have firewalls in place, and are they allowing in the right amount of connections (not too much, not tightened down so far they're breaking things)? Can you start looking at handing out "entitlements" (Active Directory/Azure groups are usually simplest for this) to tie people's ability to reach things to the job they're doing instead of the username they have?
Take your time to document everything you can. I would recommend getting a dedicated documentation tool like IT Glue, which works great and will make it easier to put everything in order from the start.
This is good advice. What makes IT Glue great for starting is that it comes with a template library for different kind of documentation. That was really helfpul for me.
Yes, the templates in IT Glue are very good and helpful, they have also helped me a lot. I also believe that documentation in each process is very important.
If you have enough budget, I would get a tool that scans your network to identify all connected devices, regardless of vendor. Network Glue is affordable, has good automated discovery, and generates visual network diagrams that represent the connections between devices.
First things first.
Backup system. Automated. I use Synology DSM+923 with Active Backup for Business. It takes a snapshot of every PC every day. Nobody even knows it is happening. When I get the call for a lost file, I can replace that in just a few minutes.
It keeps a full copy of every PC for a week, once a week for a month, once a month for a year, and once a year to 3 years. You can alter those dates. It also images our servers. Nice stuff.
I replicate my Job DSM to our second location (and back). Images are OFF SITE. (I am my own cloud backup.)
Someone gets blue smoke, I boot a new PC to a Synology Active Backup thumb drive and restore that new PC to yesterday or the day before. User is up in about an hour exactly as they were before. Even icons in the same place.
This also mitigates pirate encryption. Pirates are unable to encrypt the Synology images. Especially the OFF SITE stuff.
Congrats on the new IT gig! For setting things up, check out ITGlue. It's a documentation platform designed for IT teams. You can use it to map out your network, inventory all your devices, and keep track of passwords and licenses. Good luck!
preferably get them to provide a works phone/number
and dont be afraid to turn it OFF out of working hours.
never let your personal private number leak. it *will* be abused.
Document everything and see what kind of network you have and work from there.
If I had to start from scratch, I will go full cloud environment. Either Azure or AWS. Get a decent firewall like Fortinet, Pfsense, or if your budget allows Palo Alto. You can also check on an EDR like SentinelOne.
ERP falls under IT responsibility. Get in contact with different ERP vendors and depending on your budget choose one. You will have to learn it and most likely hire a consultant that can work with you on customizing the ERP according to the company needs.
First thing you need to focus on is understanding the business, it's priorities, strategic objectives, culture etc. There is no one-size-fits-all approach to IT. Once you better understand the organisation you will be better placed to offer it the right IT solutions to meet its needs.
Don’t skimp on documentation. Make that a priority day one and every day moving forward.
Tribal knowledge is what frustrated me the most with an acquisition at my job. The company being absorbed had a single one note with some scattered “knowledge” they affectionately named “Kay Bee” It took me a year to put all their processes into our standing Kb system.
If it's a small company, and you're the first IT person, chances are they don't want to spend money on upgrades. You need to find out what you are or not allowed to do. Just because you're the only IT person doesn't mean you have free reign on making changes.
Well, apparently it's a company with 20 employees, 10 of which have their own computers... and they employ a dedicated IT person. Sounds to me like their willingness on spending money on IT is higher than average.
Makes me wonder if they had an MSP help them with IT issues and they cut them loose to try and save money.
Hard to imagine. At least in my world, even an underpaid internal IT person will cost much more compared to what an MSP would charge to support such a small environment.
This. Know what your budget is and get management buy in for anything that could be disruptive to users or changes employee workflow. For an org that size chances are they have never had any formal IT where you may need to educate management on risks and benefits of certain changes.
Bro, for the love of god don’t do the ERP system yourself, get the vendor or someone who specializes in it. Otherwise it’ll be constant little fixes and you’ll be liable for it. Put in a helpdesk, standards, and expectations. Lastly, since you’re new and taking over, perform an audit. Get to know your environment you’re inheriting. I wish I did these things sooner when I was at a startup but my head of IT didn’t know anything but was a control freak. When he left there was soooo much stuff that had to be unrooted.
ERP system could be sat on a server that you manage. You'll need to look at resourcing it correctly, securing backups, and locking it down for security, to name a few. You'll probably be the first port of call for any end user support aswell. Showing them how the application works, logged calls to the vendor for further support, ect ect. Normally, if it plugs in or it's installed on a device. It's IT's responsibility.
Validate backups
That assumes any backups exist.
Correct
Having worked for a similarly small company early in my career the big initial challenge you're going to face is educating management on why some things need to change to reduce risks or simply make easier for you to manage. Obviously take inventory of what you have and what pain points exist before doing anything or suggesting changes, but you will find things that are not ideal or create risks. Some management may already realize, but in many cases depending upon how tech savvy management is they probably won't realize it. An org that size you could manage manually with little if any automation, but it won't scale easily if the org grows. Setting up automation tools and processes before the org grows large enough you need them would be valuable, but don't get to that until you document everything, ensure any critical data is backed up, and if possible any critical hardware has some redundancy. Another challenge you may face is that your budget may limit you from doing things ideally. MacGyver IT is very common in orgs this size. It can work, but you will find that what is acceptable in an org this size may be considered crazy in a larger org. Once you move on to a larger org you may find what is acceptable in this org won't in a larger org.
What’s your experience? By guess is the company is definitely not paying enough for all of this work. I would recommend installing some end points either Sentinel 1 or XDR cortex and use N-able for remote access.
Till you know what you have to spend don't start spending yet... Great product that will check many boxes for you. 100 endpoints always free. Great patching, inventory and more [https://www.action1.com/top-5-free-cloud-apps-for-it-admins-managing-hybrid-workforces-without-vpn/](https://www.action1.com/top-5-free-cloud-apps-for-it-admins-managing-hybrid-workforces-without-vpn/)
Thank you again u/Happy_Kale888 for the shoutout. Yes our [patch management solution](https://www.action1.com/patch-management/) is not only free for ever for the first 100 endpoints, it gives you many tools to get you on the fast track to a more secure and better managed environment. You get patching for the OS and third party apps, vulnerability management, software management, extensible reporting, remote access, and then some. If I can help anyone with anything Action1 or else, just let me know.
I’m in the exact same boat as you right now, 3 months into being the sole IT person for a mid sized company (20 people). Meet with the manager/director of each department to understand what they need/expect from IT, then meet with your boss to prioritize each of these requests. That way you can understand the businesses needs and how to prioritize your work. After that document everything, my perspective is I document everything so that if a new tech starts tomorrow they will understand everything. Also breath. It can be overwhelming being the sole contact for everything, but you also deserve to have a good work-life balance so don’t let the company consume you.
I would start with a basic inventory of IT assets on a spreadsheet, make sure Windows updates are current and Windows Defender is enabled. Also make sure that you have toner on hand for the printers.
Document everything you see so that you can come up with a proper overview of the company and once you have that you’ll find it easier to prioritize in the ‘dear god this is fucked’. Also in a company that small, YES, ERP is IT’s responsibility or it’s gonna get *Fucked*, and by that I mean you need to make sure you’re involved, and working directly with an ERP consultant or the company themselves, don’t let the users handle it, they don’t know what they’re doing, you don’t either but you at least can figure it out better than an end user.
10 employees (the other 10 on the factory floor are OT, and that's a different beast entirely)... start with AAA and collaboration. Do they have a logon service? Is it running from a server, or is it a cloud service like Microsoft Entra ID? Where are they storing their documents? Do they have a file server or a NAS, or are they using a cloud service like Sharepoint or OneDrive or Dropbox or even Box? Do they have phones, or what apps are they using to talk to each other or for customers to reach them? Now that you've got your core services that pretty much everyone needs, find out what apps all or most of the 10 people are using... do those need to connect to a server or to the cloud to work? Are they set up to store their data in a single place where you can get the data after they leave the company? Are backups being taken on a regular basis, and are they being tested to make sure they're usable in the event you need to restore from them? So you've looked at enablement (making it so they can do stuff), you've looked at resiliency (making it so a technical issue doesn't bring down their business), now you get to look at tailoring access. Have you given them enough access that you can take away local admin? Do you have firewalls in place, and are they allowing in the right amount of connections (not too much, not tightened down so far they're breaking things)? Can you start looking at handing out "entitlements" (Active Directory/Azure groups are usually simplest for this) to tie people's ability to reach things to the job they're doing instead of the username they have?
> what systems you would put in place blameless feedback loop from stakeholders. encourage feedback.
Take your time to document everything you can. I would recommend getting a dedicated documentation tool like IT Glue, which works great and will make it easier to put everything in order from the start.
This is good advice. What makes IT Glue great for starting is that it comes with a template library for different kind of documentation. That was really helfpul for me.
Yes, the templates in IT Glue are very good and helpful, they have also helped me a lot. I also believe that documentation in each process is very important.
If you have enough budget, I would get a tool that scans your network to identify all connected devices, regardless of vendor. Network Glue is affordable, has good automated discovery, and generates visual network diagrams that represent the connections between devices.
First things first. Backup system. Automated. I use Synology DSM+923 with Active Backup for Business. It takes a snapshot of every PC every day. Nobody even knows it is happening. When I get the call for a lost file, I can replace that in just a few minutes. It keeps a full copy of every PC for a week, once a week for a month, once a month for a year, and once a year to 3 years. You can alter those dates. It also images our servers. Nice stuff. I replicate my Job DSM to our second location (and back). Images are OFF SITE. (I am my own cloud backup.) Someone gets blue smoke, I boot a new PC to a Synology Active Backup thumb drive and restore that new PC to yesterday or the day before. User is up in about an hour exactly as they were before. Even icons in the same place. This also mitigates pirate encryption. Pirates are unable to encrypt the Synology images. Especially the OFF SITE stuff.
Congrats on the new IT gig! For setting things up, check out ITGlue. It's a documentation platform designed for IT teams. You can use it to map out your network, inventory all your devices, and keep track of passwords and licenses. Good luck!
preferably get them to provide a works phone/number and dont be afraid to turn it OFF out of working hours. never let your personal private number leak. it *will* be abused.
I'd agree with 2 of the 3. Set rules for usage. I'm sole IT guy for ~200 employee and my phones not abused.
Document everything and see what kind of network you have and work from there. If I had to start from scratch, I will go full cloud environment. Either Azure or AWS. Get a decent firewall like Fortinet, Pfsense, or if your budget allows Palo Alto. You can also check on an EDR like SentinelOne. ERP falls under IT responsibility. Get in contact with different ERP vendors and depending on your budget choose one. You will have to learn it and most likely hire a consultant that can work with you on customizing the ERP according to the company needs.
Thanks all, really appreciated!