It’s important for a new IT administrator or manager to hit the ground running. Yet often in startups, IT is brought on board late in the day. This can lead to fragmented systems, few discernible processes, and no strategic plan for the incoming IT specialist to follow. Their predecessor may well have been a freelancer with little appetite, time, or authority to do anything more than firefight day-to-day problems.

With potentially so much on the to-do list, how can a new IT manager maximize their impact? AccessOwl sat down with several IT experts to compile these top six tips:

1. Asset discovery and management

It all starts with visibility into the organization’s IT assets — which is sometimes easier said than done, says Alex Gogun, IT Specialist at Cymulate.

“When no one is managing anything, the biggest problem comes from your assets. There may be employees around the world with laptops, monitors, keyboards, and other IT assets. When that happened to me, I just had to try and message each user, person by person,” he explains.

Qwilt IAM Security Engineer Iliya Tsvibel agrees, arguing that incoming IT admins should “perform asset management before they start building any access management.”

For Tsvibel’s colleague and Qwilt Head of IT and Security Valery Levchenko, this is the first crucial stage to gaining situational awareness, but it must be backed by a more holistic understanding of how the business runs.

“You need to have eyes and ears in every place in your environment,” he says. “Start with visibility, and then go over the dependencies. But always have the business processes in mind.”

2. Understand the SaaS environment

This information gathering should include a clear method of calculating which software assets the company has invested in, says Jakub Łączak-Król, IT Asset Manager at XTB. This is important for several reasons, most notably cost management, he says.

“At my previous employer, there was nothing to help senior management understand how much the company was paying for its licenses, which in that case was a huge cost, because we gave employees access to all the tools they wanted,” he says. “So one of my first responsibilities was to talk with people and try to understand what we were paying for, why we needed it, how we used it, and who was administering it.”

3. Manage the company’s devices

Several experts AccessOwl spoke to highlighted the importance of mobile device management (MDM) tools in helping them to make an impact early on in new roles. These tools can help minimize security and compliance risks, enhance employee productivity, and optimize costs. But care must be taken to find the right tool for the organization.  

“Most of the companies I joined didn't have any MDM — or if they did, it was messed up, because there were two or three MDM solutions at work,” explains Syed Faizan Ul Haq, Senior IT Administrator at Journee.

Solidatus IT Support Manager Peter Fallowfield says he was forced to change MDM tools soon after starting.

“It was something that I'd used in a previous company, but that was for around 4,000 people, whereas we had about 60,” he says. “It’s more like an enterprise product, and the amount of administration I had to put into it was just too much, on top of everything else I was looking after.”

4. Manage access and on/offboarding

Once there’s a clear picture of all IT and software assets, the focus should turn to ensuring that users can access their SaaS apps in a streamlined but secure manner. Liam Williamson, IT Manager at TrueLayer, says that new, transitioning, and exiting employees are a critical consideration here — that is, onboarding new staff members, supporting those who require access to different apps, and offboarding recently departed users.

“One of the first things we did was understand the existing processes we had in place. But when you’re a team of one, there’s only so much you can do,” he says. “I put together a massive to-do list for things that needed improving, which I put into what we call ‘the backlog’. Once there was a reasonably large list, it was a case of reviewing those and trying to prioritize them.”

Chris Kalanderopoulos, Senior Manager, IT & Cybersecurity at Synctera, advises going after the “low-hanging fruit” first, which in his case was enabling single sign-on (SSO) functionality in apps.

“Around 80% of them would offer Google SSO, but I found that for half of the tools it was available on, we just hadn't implemented it,” he says. “Tending to the little details like this was presumably one of the reasons they hired me.”

Picus Security IT Engineer Emre Kurt adds that the entire on- and offboarding process is something that new IT managers would do well to rapidly familiarize themselves with.

“The first thing I did was learn about the process, write it down, and then sit with other people, like HR and finance, that are involved in the process,” he says. “I tried to make sure that everyone was on the same page for this.”

5. Sort out the service desk

From day one, a new IT administrator or manager is likely to be bombarded with requests and problems to solve from their users. So a service desk and fully functioning ticketing system are important to help bring order to what could otherwise be a chaotic environment.

“Setting up an IT service desk would be my number one job, because you should be managing all of these issues via specialized software, not Slack messages,” says Journee’s Ul Haq.

Maxio IT Senior Manager Shane Fritts adds that this kind of formalized setup can also benefit ongoing efforts to maintain situational awareness of assets, access, and new/departing users.

“I’ve used Jira, ServiceNow, Remedy, homegrown solutions — all kinds of ticketing systems,” he says. “Start tracking your on- and offboarding, access requests, and even hardware requests — and align that into some sort of asset management system as well.”

IT leaders can also take the pressure off the service desk by empowering employees to self-serve where possible, says Picus Security’s Kurt.

“My main idea was to create a documentation space, so that people can do some easy things — like resetting a password — by themselves,” he says. “Whenever someone needs something, I'm guiding them to that support portal. People can find articles there that I wrote, about very specific things that they may need to know.”

Standardizing IT equipment can also reduce the workload for the service/helpdesk, especially if it’s being managed by an IT admin with multiple other tasks to juggle, according to Airtower Networks IT Manager Derek McGee.

“As a department of one right now, I have to handle all helpdesk questions. But this has gotten better, because I’ve standardized equipment and laptops with reliable vendors,” he says. “A lot of them have great on-board diagnostics. But I also have extra parts, so if a computer breaks I can ship another one out with an image already on it, and all they have to do is sign in.”

6. Remember: Everything starts with security

Operational and commercially minded initiatives are worth little if the organization is not secure, argues Christian Holton, Senior System Administrator at PortX. That makes the most important task for incoming IT Managers to ensure networks, devices, and cloud infrastructure are properly configured and protected, he says.

“The company that I worked at before PortX was basically a 20-year-old startup. Everybody was either on a MacBook or some flavor-of-the-month Windows laptop. There were several users running Windows 7 Home. There was no standardization, no anti-malware, and no password policy. It was a nightmare,” he adds.

“So the first thing you need to look at is the health of your cybersecurity estate. Then you can start considering how much everything is costing.”

Kaia Health Certified IT Manager Lukasz Jaroszuk agrees. He says that a priority should be gathering data on security posture, in line with any relevant auditor requirements.

“We set the priorities. We told our managers that we need to secure our hardware, we need to know where our hardware is and — and what it is. And we need to make sure that everything is visible in our MDM solution for reporting, so we can get control,” he says.

“We imposed a very unpopular policy of company-wide restarts to deploy patches. It’s about putting basic security first. That was our priority.”

The time is now

That’s a potentially large number of items for the to-do list. But depending on the type of startup, how highly regulated it is, and the maturity of its IT policies and processes, some of the above may not be applicable to your organization. But whatever your workload, the first few months of a new role offer a unique opportunity to impress.

Tools like AccessOwl's free shadow IT scan can provide valuable insights into your organization's software usage, helping you start off on the right foot. Don't waste this opportunity to make a significant impact.