I read an article titled "The value of Institutional Knowledge in EMS" this morning, being an EMT Instructor, and wondered how this applied to my IT career.
The gist of the article was how much Institutional Knowledge readily available can help overcome the challenges currently. Those challenges include hospital transfer time, what worked and didn't work historically and culture to name a few. And Institutional Knowledge was defined in the article as business activities, projects, mergers and acquisitions, and overall experiences during the life of the organization.
For a business or IT organization as part of a business, I think we need to expand the definition of IK to include; experience, data, best practices, and other information (contacts, application or infrastructure configurations, etc)
But the question is, do we really need it?
I personally believe, if you are part of a mature IT organization, then Institutional Knowledge is a nice-to-have, but not necessarily required.
We start with a complete, and robust Configuration Management Database (CMDB) that has all apps, all servers, all the configs, and all the design drawings, plus all the contacts for each of those. This is explicit knowledge.
If you have knowledgeable staff that already have the "tacit or implicit knowledge" of their realm (Cisco switch commands, how to patch servers using SCCM, Active Directory, etc.) then providing them the CMDB and the maps and URLs and a list of credentials on how to get into the systems, isn't that enough?
Would you rather have a 30 year employee in your department who started with punch cards and is now your VMware administrator, or someone who has been here a year, but has worked at 5 different companies over the last 10-15 years?
Now, to be honest, no organization is as mature or robust as they should be. BUT, most of the time, I would rather have a domain expert (network, storage, compute, etc) who is semi-familiar with the environment, rather than someone who has been there for 30 years and worked their way up. The reason being, is that they haven't had exposure anywhere else to industry best practices and different tools or ways to accomplish their tasks.
What do you think? Am I wrong in my thinking?
senior security consultant
2moCongratulations bro