I’m fortunate enough that the deployments that my employer puts me on are always fun and interesting. It’s like changing jobs every year
Currently I’m running a operational team at a financial institution (no more details needed), and it’s interesting to note the different styles of management. Being 38years old, I would like to consider myself a adult, and the youngest person in my team is 24years old. Also someone I would regard as an adult. Now, I’m billed out for 8 hours a day, so I make sure I work the 8 hours, even if I’m on site for 9 hours since I can’t bill the client for my lunch hour (that would not be ethical, even though 50% of the time I eat my lunch at my desk).
Yet, the team spends quite a substantial portion of their day doing timesheets on various systems. As team leader / manager, I’m now required to verify those times to clocking system etc, and report on deviations (either over or under). Essentially, this reminded me of the time I was with <my old employer>, and we were religiously “clock-watched”. You could sit nearly 3hours in the canteen and talk to your buddies drinking coffee, spend another hour smoking, and no-one would be the wiser. If you arrived 8:10am, you were frowned upon It almost reminded me of my national service days, where we stood roll-call every day twice a day. This is not school, we are not children, please treat us like adults. A concept that never seemed to take hold.
Now, here is my question to my fellow Info-Sec practitioners. Do you work on timesheets, or output-based delivery? Yes, there are scenarios where services are outsourced, and the company pays for 40hours a week, thus the person needs to be on site for that amount of time, but I find that I am more and more leaning to the output-based delivery for the team not based on hours billed.
If you want to come in at 9:30am, leave at 5pm that is your prerogative. If I ask you to do something by a certain date or time, and you don’t, then I’m going to be annoyed. If you want to do it at 9pm while at home while VPN’d in, that is your bad planning (or maybe your choice). You committed to deliver work at a time and date, and how you manage your time is up to you. If calls are piling up, tickets are unresolved and service to the business suffers, then those timesheets are not going to mean anything. You have bigger problems in your team(s) which need addressing.
When you manage your teams, do you clock-watch, or do you measure them on delivery?