How to handle an IT escape room

You didn't signup for this, but yeah ya did

After your first sip of coffee this morning, you turned your attention immediately to work, because you are a great worker. No reading the news, scanning Hacker News, or checking your favorite subreddit. Instead, you immediately grabbed the Next Most Important Card from the Agile Backlog (NMICAB)¹ and read the description.

The card describes a bug that your system is experiencing, with an attached video clearly showing the issue and exact steps to reproduce it. You try to open it, without success. It looks like your company's tool for video capture has implemented single sign-on, but it says you don’t have access and that your system administrator has been emailed. You wonder who that is; over the years you have met multiple people with beards and strong opinions about rare and unimportant things—it could be any of them.

You take a moment to figure out what to do. Your thought process is roughly:

• Wondering if there is a system administrator

• Wondering if he or she ever checks their email for this system

• Wondering how much trouble watching this video is going to be

When you woke up this morning, you didn’t know it, but you were not going to arrive at work today. You arrived at an IT Escape Room, and your mission today is to get out of it before the end of the day (EOD).²

Organization

The tech company you work for is structured, like many companies, into different groups that interact with each other. Some would say in a power dance, or checks and balances type fashion:

1. Application Development, Product Development, Development, Engineering, or Innovation Lab, or The Smelly Room: the people that build the software.

2. IT, Security, DevOps, Infrastructure, Computing Enablement, The Other Smelly Room: the people that must protect the company from #1.

#1 and #2 must live in harmony. By harmony, I mean a culture of mutual disrespect and arrogance expressed in meetings through incredibly stupid nitpicking and over chat via passive aggressive friendly messages.

This tension is natural, based on why the two groups exist:

• #1, AppDev, has been tasked with building things as quickly and insecurely as possible, in order to make money.

• #2, IT, has been tasked with keeping the company secure and predictable, no matter the effect on profits. After all, the best way to make an animal predictable is to cage it.

As your company grows, the Nash equilibrium³ pushes the tension between these two groups towards each other until a frontline is established that can be stomached from both sides. This is sometimes a technical interface and other times a combination of technical and human interface:

• All changes must be pull requests and submitted by Tuesday at UTC midnight.

• All changes must be pull requests, and The Terrible Terry Committee (TTC)⁴ has to review them and Terry and his friends decide if they pass or not.

At some point in the past the TTC has decided that the video capture tool Must Not Be Given to Every Developer (For It Costs Too Much | They Will Misuse It For They Are Not To Be Trusted).

How to Escape and Watch the Video

There are ways around it, however. There are two primary strategies.

Strategy A

1. Document your lack of access and why you need it for your job, and submit a request for permission to what you think is the right place.

2. During the next 7 to 9 daily standups, report that the bug cannot be fixed, because you are unable to watch the video.

3. Wait for someone to get annoyed enough to give you permission, or start a battle to gain access long-term for all people in your role. Multiple things can happen from this step. This might start a war for territory, might be granted immediately, or might kickoff a project that creates a system wherein you can “checkout” access for a temporary period of time to view videos, while a 3rd party auditor takes a video of you which is kept for 7 years.

Strategy B

1. Call up your coworker who is higher up in the food chain (Solutions Architect or Vice President or Nephew Of Big Boss)

2. Have them watch the video while you are on a video call

3. Possibly screen-capture it for later

4. Figure out and fix the bug

5. Wait to get in trouble for this

There is a controversial third strategy, which I will only call Strategy C, because I can’t think of a better name for it, which is:

• Take the card (NMICAB) and flip it to unassigned as soon as you realize you can’t watch the video, and grab another card. If questioned, say that you assigned it to yourself by accident.

You cannot lose if you do not play.

1

This is not a commonly used acronym (CUA) _yet_, but you can make “nimmy cab” happen.

2

Somehow, this is a widely used acronym (WUA), even though it has the same number of syllables. e.o.d vs. end.of.day Madness!

3

The Nash equilibrium. Related: the Steve Nash equilibrium states that your company will be made up of a constant ratio of employees that:

a) believe Steve Nash deserved the NBA MVP during the 2004-5 season (i.e. people who watch basketball)

b) believe that Shaq deserved it (i.e. people who think Airbud was a documentary)

c) do not know who Steve Nash is (people < 30 years old).

4

TTC is typically called CAB - “Change Advisory Board”, because that is what the ITIL framework calls it. I don’t know what ITIL stands for and ABSOLUTELY WILL NOT look it up, per my role’s responsibilities and the prevailing policy documents, which I adhere to. If an exception must be made, you need to write my manager and record the exception in the change log.