Replaced by Outsourcing -- What's a Geek to Do?

SafariShane asks: "Yesterday I was fired from my position as 'Network Security Analyst' from a financial institution. I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.' At the time, I thought a vulnerability assessment of our network was a good idea, but in retrospect, it occurs to me that this company, who's other product is 'Outsourced Network Monitoring and Intrusion Detection' may pull this little trick everywhere they go. Has this happened to any other network security folks out there. Does anyone know if this is a common practice, and what's a geek to do if they find out a 3rd party assessment is on the way? If this happens again at another institution, should I just start polishing my resume right away?" Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay? For those of you who feel the threat of Outsourcing breathing down your neck, what are you doing to try and stay in your current job, or even in this current market?

"Here comes the obligatory South Park reference:

1. Perform Network Vulnerability Assessment
2. ?
3. Profit! (Sell Outsourced product)

Looks like they came up with an actual step 2:

Label anyone who is responsible for network security as the risk, and get them fired.

I wouldn't even dream up the above situation, except that when the assessment was done, all results were hidden from me. The company presented the results not to the geeks that can interpret them, but directly to the executives that still think 'Clippy' is a great product.

I'll also note, because people will ask me anyway, if there were other problems. In my year on the job, there was only 1 network intrusion: Welchia, which was contained in twenty minutes. Anyone familiar with Welchia will know that it is no easy task. I was never reprimanded for anything. In fact, I received a 12.5% raise only two months ago for job performance.

I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.

I'd like to hear comments from folks this has happened to, and what did you do as a result?"

I don't trust you

[Anonymous Coward]

I don't trust you to work from home. You will just watch Scooby Doo.

I doo trust a company in India, tho.

Re:What's good for the goose is good for the gande

[Anonymous Coward]

And get sent to jail for breaking into their network?

And then get arrested, convicted...

[VT_hawkeye]

...and sent to federal pound-me-in-the-ass prison.

He got hosed by an unethical competitor, but he can't do crap about that now. Time to brush off the resume.

Re:What's good for the goose is good for the gande

[GeckoX]

Or get him sued into oblivion...

What to do?

[grub]

What do to? Well, you're a casualty of corporate sleaze and politics. Read The Art Of War [gutenberg.net], get back on the horse and don't let yourself become a victim again.

That sounds cold, I know, but what else can you do? Dwelling on the issue won't pay the rent.

A company making a protection racket?

[tomstdenis]

Not like... say virus scanner writers right? [who probably write the viruses they detect...]

I say if your management is stupid enough to fall for the tricks without trusting you then they deserve what they get and you probably shouldn't have been working there in the first place.

Tom

One word:

[Anonymous Coward]

Unions. Baby, it's time. Other than that, you call a lawyer. Now. I'm VERY sure what they did was very much illegal, and since you indicate you have a clean work history, they have no room to fire you.

What did you say?

[jhigh]

Were you given a chance to present an opposing opinion? I am fortunate enough to work for a company that knows the value of having in-house IT. Even when we bring outside consultants in, my boss and those above her understand that you simply cannot replace having someone in-house who knows every intricate detail. I was thinking that perhaps if you were given a chance to present the pros of having in-house infosec you may have been able to make a strong enough case for staying.

Re:Maybe it's time for the technocratic war to beg

[Anonymous Coward]

As evidenced by the story poster, it lies with the non-technical types.

I'm on call 24x7x365 while the CEO sleeps.

You sure have a funny definition of power.

Ummm... get a new job

[tommck]

No offense, man, but if you're good at your job, get a new one.
If your company was willing to do that, you probably don't want to work there anyway.

it sucks, but Ob-la-di ob-la-da life goes on ...

just move on

[gagy]

You can't take things like this personally. If they're outsourcing you, the wheels are already in motion and there's not much you can do to stop them. I have no attachment to my employer. I have an awesome team right now, and I feel loyal to them, but not to the company, but that's what they teach us in Business School. You have a chance of being outsourced, much like you have a chance of getting into a car accident. Nothing you can do once it happens. Collect your insurance and buy a new ride.

Consultancy? Trivial!

[Burb]

You have my sympathy.

In any IT situation, the guy/s who knows the system administration/root passwords is always a potential risk. They've fired you, but they must have someone who knows the stuff you do, root passwords and all.

Hey, wait a minute, now the new guy is the risk. Fire him and pass the root passwords to the next guy. Repeat to fade...

Sounds like someone has been solving the wrong problem.

Capitalism is a funny thing

[wheany]

Capitalism is a funny thing. Well, at least the "modern" capitalism. Not only does your company have to profit, it has to profit more than last year, every year. This is one of the reasons people get laid off even when a company is making record profits.

Editor's comments

[spuke4000]

Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?

Based on the description of the problem this doesn't seem to have anything to do with oversea's labour. It's just that he was replaced by an outsourcing company (in his own country).

About the reduction in pay comment, if you were sent home with a 50% pay cut would you be happy about it? Or would you be hitting monster.com on your 'extended' lunch breaks. I don't think it's really practical to half-way lay-off people, because the employees won't be at all loyal after that.

You were set up

[pegr]

Not sharing the results with the net security people is the giveaway. They wanted to fire you, and told the consultants that that was their goal. I'm in the biz, and what they did was way outside of accepted practice. So who is the company? We'd like to know who to avoid. I know the Big Four play this game, for their love is for money, not the best interests of their clients...

Horrible...

[JanMark]

How some companies can make all the wrong desisions! But let's face it, anyone whos job it is to protect against (insure against, etc.) has a hard time justifying the work he/she has done: The more successfull you are, the more it seems you are not neede. Also, if some expensive advisor labels you, there is pretty little you can do. The combination must be deadly. Not much you could have done. Your former boss will pay the price in a year or so, and he will remeber you. But its not much of a soulace for you.

work from home discount?

[ed.han]

"here's a question i always wish i could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?"

do you think that this would be a good idea, overall? think about where this winds up going if it becomes a trend in, say, 3-5 years time: it becomes a price war, and it's one that domestic employees cannot win. cost of living is just higher here than in a number of other countries.

i think this is a very, very bad idea, and one that's not just bad for you personally, but also for people in the industry overall. it would have the effect of dropping IT salaries across the board. in essence, you would be arguing that you're overpaid. not a good idea, IMHO.

that said: shame the PHBs were the ones making the decision. were there many others affected? this smells like a small bloodletting to help a business in a still underperforming industry cut some heads and increase profitability.

ed

this is what geeks do...

[SQLz]

Geeks buy books and learn more things and get a different job. Faux geeks file for unemployment.

Re:Easy solution

[GeckoX]

Can't beat em, then join em right?

That's all fine and dandy for those whom have a constantly shifting moral stance, or none at all...however some people, like the submitter of the story, would probably prefer to stick to their morals and avoid being a hypocrit.

welcome to life in the 21st century

[56ker]

These days nobody has job security. My suggestion (if you want to get your job back is thus - and should be quite simple as you worked in network security).

1. Perform a "vulnerability assesment" of your own. Possibly even try something similar to Welchia - to demonstate a) that their computer systems are insecure and b) that outsourcing your job is leading to weaker security

2. Point out that in twelve months of you working in the job there was only one network intrusion Welchia and that you dealt with that within twenty minutes!

3. Point out all the flaws in their new outsourced network security

4. Suggest that if they want their network to stay secure that they outsource to you at double or triplr your salary. ;)

My time is as valuable in or out of office.

[Shivetya]

Don't give employers this idea that working from home is a reward. My time is as valuable while in the office as outside of it.

Working from home will already save them money on heating, cooling, parking, insurance, and office space. There are also tax benefits in certain areas of the country for implementing such environment and traffic friendly procedures.

Re:One word:

[clanrat]

I always love seeing the "unjust dismissal" or "simissal without cause" arguement. Listen up people. If an employer doesn't like your shirt, they can fire you. It's that simple. There doesn't need to be any cause. You have no 'right' as it were to be employed by any specific person. Unless you can prove your human rights were violated (they fired you because you're male/female/white/black/red/blue/jewish/catholic/e tc..)you've got no recourse. Things are a little different in a union environment. There, you don't get fired, you get laid off.

Just move on

[Spandau87]

The worst thing you can do is overanalyze the situation. That's not to say you can try and learn something for the events that happened, but the best thing to do is just move on. A similar situation happened to me and it really got me down, but I stepped back reframed everything and realized it this probably was a good thing since the work environment I was in was really going downhill. It sucks, but keep your chin up.

"Security Risk" Label

[richg74]

I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.'

Do you have anything in writing that says this? If you do, it might be worthwhile to have a quick chat with a lawyer. (If you can't afford one, your local employment assistance agency or legal aid society might be able to help.) IANAL, but I would think that making this kind of claim without any evidence to support it might be actionable.

If you pursue this route, I would not try to get the job back. You've found out the hard way that the people you worked for are intellectual and ethical cretins. Try for a cash settlement, and then find another job.

Re:Fashion.

[ThomasXSteel]

Outsourcing is a fashion. It will pass soon.

HAHAHAHA!!!! Tell that to former American steel, auto, textile, and rubber workers. You must not be from the Rust Belt.

Sue them... and find a new job...

[jorlando]

"I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.' "

If you have been fired with that argument and if you performed your job within the expected parameters find a lawyer and sue them.

Not for vengeance or something like this... just business...

Have you thought about your future employers calling your old job for references? "The old network admin? Well, nice guy, but was fired because he was a security risk"

and move on...

Re:Maybe it's time for the technocratic war to beg

[jalefkowit]

I'm on call 24x7x365 while the CEO sleeps... The none technical types need to understand where info power resides.

If you're on call 24/7 while they're home sleeping, it sounds to me like they've got a lot better handle on where power resides than you do...

Why (on a macro scale) is outsourcing bad?

[otisaardvark]

The tactics of this particular company sound a bit iffy, true. But why exactly should someone equally qualified willing to work for less not get the job?

It is very hard on those who it affects, but the economic reality is that the money saved in efficiencies (even if it only goes towards fat cat bonuses) is very tangible.

There is illiquidity in labour pools because of immigration laws etc., but the internet removes these barriers. The global workplace is here, and as a result the market is freer than before.

It is quite feasible that if (eg) Russia in fifty years time will farm out its "boring" nanotech analysis work to the US. Like it or not, standards of living in 2nd and 3rd world countries are going to improve, sometimes at the expense of sections of the 1st world. However, overall and in the long-term, competition leads to better economies all round.

Perception is the reality

[BigGerman]

Always remember that.
The guy could be right, the guy could be wrong - that is completely irrelevant. The percieved reality is:

the guy was in charge of network security

the third-party audit was performed (why? did they look for an excuse to dump him?)

Vulnerability was found

The guy was sacked.

That is all that matters. Waste your time - blame outsourcing, Republicans, little green men.
Get over it, fix the resume and get back into the game. American corp environment is completely free of common sense and logic.

What I would do.

[Angostura]

You make some extremely good points, and you make them cogently and cooly.

Personally, I would set down my concerns; about the possible conflict of interest in the study; about the lack of technical oversight of the reports findings in a letter and send it to the company CEO.

The letter should be couched in such a way to make it clear that you are writing becauase you are concerned about the company's security; not because you are disgruntled. Make that very clear, mention in passing the facts about your recent appraisals, and bonus payments.

Leave the CEO in no doubt that you are a professional and you are concerned that the company may be being set up. Tell the CEO that (s)he should not hestitate to contact you, to discuss the issues.

At the very least it will make you feel better. It may even get the company to rethink its policy.

Re:Easy solution

[be-fan]

How does working for an outsourcing company violate this guy's morals? Not all outsourcing companies pull tricks like this to get work. On the otherhand, if your morals are "outsourcing is wrong," you have a stupid moral and should reevaluate it.

Re:What's good for the goose is good for the gande

[mbrinkm]

I've heard stories of people doing the "revenge hack" to prove that the new security is worthless, then ending up in jail. Why would anyone want to risk jail time to get a job back at a company that obviously would rather listen to a contract consultant rather than a member of their company?

Wrong war

[lone_marauder]

You are not a casualty of off-shore outsourcing. You are a casualty of the battle between consultants and in-house IT expertise. Not that you're any less screwed, or that I'm any less outraged. And yes, I am a security consultant.

The first thing I would have done is mention the name of the company that screwed you. I think this would give other in-house specialists pause before recommending them to management. Our own company's business model is built around providing the opposite sort of experience from the one you described. When we audit, we work with the IT staff, not against them, and we do so with the understanding of having "been there" (because I have been). We try to position ourselves as the guys who will tell it like it is, without panic, arrogance, or exaggeration, and we tell it to you, not your boss's boss.

I have enormous disrespect for any network security firm who attempts to abuse the politics of their client's business to get ahead. Getting somebody fired in order ro pursue a business opportunity is beneath contempt and possible grounds for a lawsuit. I wish you luck.

Keep an eye on them

[Artifakt]

If the people doing the assesement cut ethical corners to get this contract, then they probably will cut corners in performing this contract. Give the company six months or so, then contact some of your fellow employees who are still there and, at a convenient point in the conversation, steer it towards whether the new service is doing its job well. If the network has been down with a virus five ties in the last six months or so, the board members or minor stock holders might be very interested in your opinion. You won't get your job back, and unless you handle it delicately, you might just get branded as a trouble maker, but if you can stay focused and professional, you might get the people who actually made the decision to join you on unemployment.

Re:If the job gets moved...

[diersing]

Because its not always that easy, considering you may have other ties to the community other then employment (like family, friends) or maybe you just love living where you do and there are other places to work.

I too was 'downsized, right-sized or outsourced' depending on your point of view. In my situation, I was not offered the opportunity to move with my job as it wasn't 'my job' anymore as it now belonged to a 3rd party (another company in town performing those functions that use to be mine).

Because we were 'audited' and told repeatedly it was non-threating and the new CIO was just getting a *pulse* of who was there and what we did... when we showed up for the wrap-up meeting that was to be an information exchange of what was discovered and what the next move was, we were quite surprised to get our walking papers.

Naturally the audit was nothing more then a 'gather all the information you need to support us going forward' project. The better option, IMHO, would have been to tell us what was going on, I would have been more helpful and forthcoming as the enterprise I helped build/design/deploy had many MANY exceptions to standards and rules because of business need. Several weren't documented and as a result the transistion has been painful for them as they discover these exceptions and scramble to fix them. I think a better question to this topic would be... 'when your considering outsourcing, what is the best way to implement?'.

The "keeping the guys in the dark" approach is bad for PR in the IT community. In my situation, the company was very generous with the severance package and if I had known it was to be offered I would have bent over backwards to help make the transition smooth.

Re:I don't trust you

[Anonymous Coward]

I don't trust you to work from home. You will just watch Scooby Doo.

When was the last time you stayed at home and watched TV during the day? The shows on are utter crap. I DREAD getting sick and having to stay in bed because I am bored to death unless I have a book to read. TV is all soap operas and daytime talk shows for middle aged stay at home moms. Personally I do more work at home than I do in the office because I don't get people dropping in on me and disrupting me at home.

PS: Just got a TiVo though so maybe I will have more stuff to watch during the day.

T ypical unrewarded IT geek reponse

[Anonymous Coward]

you sound like you need this, so...[hugz]

Business drives technology, it's not the other way, and never will be. They (your superiors) don't have to care about that crap; that's what you're there for, dumbass. That's what being the boss is all about: hire someone else to do the shit work so you don't have to.

I thought IT folk were supposed to be smart.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:I don't trust you

[arivanov]

Right on target.

And you know why - because I know that I control the life and soul of any of them and they will not object and will only say: "Yes Great White Master".

How true it is in reality is another matter. But that is what many little outsourcing minds think. I had one of these brought in into a company I used to work for 3 years ago. And it was fairly obvious because the first time he mentioned outsourcing was after three people during a meeting showed that one of his ideas is complete and utter bulshit.

This has been happening for a while.

[aml666]

Six years ago the company I was working at hired an "efficiency expert" (yeah... yeah... the Bobs). This person spent three weeks interviewing people and taking notes. In the end he recommended letting our IT Manager go because he was wasteful.

The company did NOT follow his recommendations... one month later the BOB submitted his resume for IT Manger.

People suck.

Re:One word:

[macrom]

No worker's rights?

Can you tell your boss to sod off and never show up to work again? Yes.

Can you find a job at another company, sometimes even a competitor, and instantly go work there with little fear of backlash from your current employer? Yes.

If a company lets you go, are you entitled to unemployment compenstation of some sort? Yes.

Can a company legally tell another company that you don't bathe, you write shitty code and your mother-in-law calls you 17 times a day distracting you at work? No.

We have rights, they just don't seem to be as nice when you're the one getting let go for no reason. Rights go both ways, unfortunately it's usually the employer that is on the receiving end of the benefit.

I am a security consultant...

[JRHelgeson]

We outsource security all the time, and we have our outsourced IDS products, etc.

One of the first things I say when I meet with a company is tell them that it's not the IT persons fault that the company is insecure. Network security is a relatively new field that ALL companies in existance are trying to get their arms around. I do NOT want to put anyone out of a job just for the sake of getting some consulting dollars. I feel that it is my responsibility to train the internal staff to be more aware of security issues rather than to terminate everyone and outsource it all.

How can anyone thats not even on-site on a daily basis make the network more secure? When it comes to real security, you need to start with the folks that know the network the best. If they're resistant to change, then fire them. If they're willing to learn, train them.

Network insecurity is fundamentally a management problem. Security inititaves must come from the top down, not the bottom up. I have never met a network administrator yet that has set out to create an insecure network. They likely were ignorant to the threats - therefore they needed training, which should have been ordered by management. Otherwise, you have security aware employees that are trying to push security up the chain to management, and management is completely unresponsive.

I recently blasted a luddite CEO for not paying enough attention to his IT department. His company was compromised by a hacker and I came in to clean things up. I asked him; "Do you realize that your business relies 100% on what goes on in that server room?"

Things are now changing in that company. We've now established data owners on the executive committee (Those that will hang if the data they own gets compromised), and now the IT department actually has a budget. 80% of the time I spend doing my security consulting is with executives, the remainder is with the tecnical staff giving them direction and training/pointers.

Anyone that preaches anything different is trying to sell a magic fix for security, which doesn't exist.

Great Logic.

[Dr. Bent]

Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?

Oh there's a fantastic idea. All I need to do now is figure out how to live without paying for food, clothing or rent and I'll be all set.

Do we really need to go over this again? Repeat after me: You cannot compete with 3rd world labor costs. Ok, now just the guys! Good, now just the girls...Oh right, there's no girls here.

The only way you're going to be able to keep your job is to do something that offshore workers can't do. What is that, you ask? Well, you could start my actually caring about the business that you work for. Too many IT people are so concerned about the technical aspects of thier jobs that they don't take the time to learn (and care about) how the business they work for actually makes money. This may have been OK in the late 90's, but IT people are getting the harsh reminder now that the reason that you have a job is not to play with the latest technology...it's to make money.

It's your job as an IT professional to bridge the gap between business and technology. You need to be thinking about things like Return on Investment. You need to be thinking about the business needs of your customer...keeping in mind that your customer is probably not a techie like you and only cares about things like "How much does it cost", and "Will it work with what I have now" and not whether or not it runs on Linux. Most importantly, you need to be thinking about money first and technology second. Only someone who is physically present at your place of employment is going to have enough information to make decisions based on those priorities, which is why people who ignore them are finding their jobs shipped overseas.

Learning Experience

[GamerDFWM]

Unfortunately, this sounds pretty standard. Having recently left an outsource vendor, I can tell you that all of these "takeovers" start small and innocently. The general rule of thumb is to grasp hold of three of the company's problem or large projects/systems. Once that happens, leaving the vendor changes from painful to nearly impossible. Unfortunately, all I/T personnel are under attack. With recent graduates flooding the market, the cost of employment has taken a sharp downturn. For companies that don't want to bother with training and development or can no longer support dedicated staff, outsourcing is the way to go. Although our jobs are at risk daily, many do not recognize the danger until external factors are added to the equation. You don't need to be paranoid, but you do need to be aware of such changes, decisions, and movements within your organization. To your point about coming back later with another security investigation, just walk away. If you plan on starting your own security firm, you might get away with it, but accept the fact that most people will be suspicious of your intentions. I apologize and sympathize, but you need to move on and learn to watch for the warning signs. We are all replaceable.

Re:You were set up

[Anonymous Coward]

I agree, that was the very first thing I thought of when I read the story. I've heard from friends and coworkers that've had to fire people in the past, and apparently even though in the U.S. an employer has every right to fire somebody under normal circumstances, just about all employers are worried about lawsuits from the ex-employee.

So the solution is to have some sort of paper trail that outlines a cause. That way if it does end up in court, they've got ammunition. In this case it sounds like things happened exactly like the parent poster said-the consultants were brought in to provide justification.

Which begs the question-why did the company decide they needed to let the guy go? It might have been pure numbers ($), but maybe not. Something to think about.

It could have been my company

[LiNT_]

I work for a major MSSP. Yes, it's common practice to try and upsell our managed security services based off of consulting gigs. No, I've never heard of them trying to cut out the local security guy.

I feel safe saying that every engineer I work with understands that our service is provided to supplement existing security practices. We can provide some security services which companies cannot perform on thier own. Whether because of cost or technical reasons. We cannot replace a companies entire security team. There are too many small details which need to be handled which an MSSP cannot do remotely. Nor do we want to. We'd also much rather work with a knowledgeable insider than get an imcompetant IT manager who's claim to fame was programming cobol 20 years ago.

My guess is, some overzealous sales weenie got you canned. He probably pitched the MSSP services to the suits. The suits probably replied they already had in house security expertise. The sales weenie, fearing he would lose the sale, pitched the MSSP as a replacement for you. Something he never should have done. Most sales people will do anything they have to do to make the sale.

Security risk?

[deepvoid]

The real security risk is the outsourcing company. The number one cause of security breaches in the US during the 90's was from outside (foreign) contractors who had access to information of confidential, secret, or restricted in nature. Now instead of having access to the data, the have access to the methods as well. Having a cheaper Software Engineer or Security Analyst does not mean you will get better engineering or more security. As evidence look at the airport system. The wages paid to security personnel are some of the lowest in the country, and hence cannot keep more skill individuals. Ex-convicts and high security risk individuals can be found in those occupations due to the poor fiscal incentives. We all know what that poor security led to.

The lowest bidder does not nescesarily produce a quality product. When is the last time you found real wood in a piece of furniture in our country?

I have heard the statement that the market is moving overseas to customers in China and India, and thus it is imperitive to hire from those localities. But why? If there are no skilled labor or engineering jobs left in the country, what will people do to make ends meet? Occupations at the top of the food chain will suffer as well. Already CEOs in some companies are being replaced by their foreign counterparts, and while the ousted CEO may have money in the bank, his children will end up in a shrinking service industry. Why will it shrink? Because the people they serve will no longer have any money.

When labor went away, blue collar workers were forced to retrain in other fields, many just retired. They pushed thier children to get degrees in engineering, law, and medicine. Now the engineering jobs will be gone.

Who will pay the taxes to support those millions who will retire in the next few years? Not the engineers and laborers, they live in China and India.

What industry would you tell a young adult to get into, if all of them are destined to either be outsourced, or priced out of existence?

Without the brain the body dies.

Re:One word:

[Prior Restraint]

Hear! Hear! What exactly do people think the words "at-will employment" mean?

Topic For Election

[attobyte]

This should be the main topic for this coming election. But I think America is to wrapped up in other politics to worry about the future of thier jobs. We are so wrapped up in BS we don't see that far into the future. I bet the average american doesn't know where they will be in 2 years let alone how America will be.

Re:One word:

[NDPTAL85]

No the US DOESN'T suck because this freedom works two ways. The employee is also allowed to leave the company at will and go work for someone else.

The true story of the OP

[Anonymous Coward]

Lets take a look at the real story.

Kid gets job as security expert at company because he has minor Linux skills and the whole Linux thing is blowing up.

Company comes in and notices that he never locked down the boxes. Tells his boss and offers solution that does not involve him. He gets fired.

Bitter and resentful he writes to /. to complain about his sorry plight.

The truth is if you didn't deserve to get fired you would not have. The economy can not support as many overweight overpaid techs as people would like. IT has nothing to do with your boss and everything to do with you being incompetent.

Re:MOD PARENT UP!

[gcaseye6677]

If you think offshore outsourcing is bad now, just wait until IT is unionized. Several posters have commented on the disappearance of American jobs in textiles, steel, electronic assembly, etc. What do these jobs have in common? They were all unionized, and now they don't exist. I'm not saying I like it this way and that unions would not have some benefits, I'm just saying they would not work and would provide much more incentive to offshore.

Re:First they came for the farmworkers

[tobe]

> "Theoretically it will not stop until an equilibrium is reached and the U.S. standard of living is equal to the African standard of living."

Or vice versa.. is that so bad... ??

Re:You were set up

[nehril]

I work in the biz too, and pegr is 100% on target. The other company's salesmen had already sold the "security outsourcing" product to your management (security outsourcing is real big these days). The assessment was just management's cover to get you out of the picture.

When they say you were the "security risk" they mean that a single person in charge of security is not as reliable as their managed service, because you can become sick, disgruntled or killed crossing the street, but their crack team of mega analysts never sleep, cover for each other as needed and are immune to bus collisions. All for the low-low price of only 3x your salary.

I don't recommend you mention your ex-company's name publically since you have already lost this battle and you do not need to be seen as disgruntled in any way (cut off all contact to save yourself, otherwise the enemy consultants may blame the next breakin on YOU. they might anyway).

However it *would* be nice to know the name of the consulting company that shafted you.

Just Taste the Virtue's of Capitalism....

[zungu]

I am sorry to hear what happened to you. However, it is time the American workers determined what work culture they want to work in. In third world, the foreign specialists come and sign hymns about the great American "hire and fire" system that gives flexibility to the employer to drop you like a used paper-towel. Look at UAW, they have awesome power, but then they are also labelled as evil by the republicans. In Japan, they have a life-time employment kind of system. Yet, they are masters of mass-production and a developed country too. Hence, giving a worker security of job is not a too dangerous things as the right in America would like to believe. Well, next time they tell you about the great American capitalist system on TV are you ready to spit on them? If not then enjoy being fired. TO HELL WITH AYN RAND...

Unethical

[njfuzzy]

That is just profoundly unethical. The phrase floating around at the back of our minds is "conflict of interests". What company would trust a "consultant" that sells a product or service directly related to their consultation? The employer hired the consultant to determine the status of their security. The consultant recommended their own service as a cure. A job was lost in the process. That's just nasty-- the consultant was in a position where it was obviously most profitable to recommend their own product.

Re:Maybe it's time for the technocratic war to beg

[Anonymous Coward]

> There isn't anything my CEO does I couldn't do with half my brain.

Well, what are you waiting for? Start your own company, and never worry about being made redundant again.

Re:Maybe it's time for the technocratic war to beg

[surprise_audit]

You were sleeping when he put the company together, on his time, with his money.

That's not necessarily true anymore. Dick Brown, for instance, was CEO of EDS for only about 4 years. He was recently handed about $36M and told to fuck off, and the company is still playing catch-up.

Mind you, having a Wall Street analyst downgrade their stock, only later to say "Wups, didn't mean it..." didn't help much either. What exactly is the liability there? EDS stock took a beating mainly because of that one moron, and he gets off with a wrist-slap and an apology?

Re:You were set up

[n3k5]

Post anonymously if necessary.

It would be smarter to send an e-mail to the editor who posted this story, so he can add the company name to the story. That way no one knows from whom the info is, but we know the editor could check it came from the right anonymous 'coward', and not just any anonymous coward.

Network Security Analyst - bad position

[Skapare]

If all you did there was security, then you were in a bad position to begin with. Security should be a part of everything that is done, not handled simply by one person somewhere.

Network engineer - The person or persons responsible for designing, managing, and maintaining the enterprise network should be the ones responsible for its security through all aspects of their work. Security has to be designed in to begin with, so that the network has the absolute minimum exposure and still provides a maximum ability for authorized staff to monitor and control it, while all other authorized staff can make full intended use of the network.

Systems administrator - The person or persons responsible for selecting, installing, configuring, operating, and administering computer systems, both servers as well as workstations and desktops, should be the ones responsible for its security through all aspects of their work. Security has to be part of all the procedures so that the systems have the absolute minimum exposure while allowing authorized staff to perform the functions the systems are intended for.

Programmer/analyst - The person or persons responsible for designing, programming, testing, and deploying new applications, or changes to existing applications, should be the ones responsible for its security through all aspects of their work. Security has to be designed into the way the application works, into its program code, properly and thoroughly tested, and then further verified once the application is up and running. And this has to be done while the application can still be fully used by all authorized staff, clients, customers, etc.

Get the picture?

Sorry to burst your bubble, but there should not be just one person who handles security. Depending on the nature of the business, one person might be the one who handles security coordination, but that isn't a techie/geek job; it should be more along the lines of an auditor who would be a paper pusher kind of person at businesses like banks and investment firms.

As to your current situation I advise the following:

Hire a lawyer. Have this lawyer contact the company pretending to be your new potential employer, and ask them for reference information about you. Actually do this twice (be sure completely different people call and pretend to be completely different companies). In one case your "new" position should basically be described as one similar to what you had at the company that outsourced you out. In the other case your "new" position should basically be central to your non-security skill set, such as a network administrator or network engineer (or whatever is appropriate for you). If they give you a good recommendation, then move on with your life and don't worry about it (just don't open your own personal accounts there, etc). However, if they give you a bad recommendation (such as "he was assessed to be a security risk") then discuss with your lawyer that situation and determine what can be done (you may have a case for a defamation lawsuit against either your employer or the outsourcing company).

Be aware that most companies do tend to try to pretect themselves from lawsuits when giving references. They may very well not specify any problems. But that can also be interpreted by future employers as a problem, if they didn't give you a glowing recommendation. You'll have to determine how that will affect your career future.

You might want to start your own small "security management and monitoring services company". There are lots of smaller businesses that will need this kind of service (whether they know that or not ... but that's a salesman's job to work on), but are too small to hire someone full time, and not big enough to hire the big security contracting firms. In a few years, as the big security firms expand to the smaller businesses (to keep up equity growth as their big business market saturates), they may come along and offer to buy up your business. If you play your cards right, you could end up being more "successful" than the managers of the financial institution that fired you.

Why overseas outsourcing is more appealing

[Anonymous Coward]

Sorry, but this is the hard facts:

I would rather hire 4 developers in India for the price of 1 developer here because the wage I give in India will be at the top of their pay scale and they will stay longer.

If I give an American worker a 50% pay cut, hell, even a 15% pay cut, when the economy starts booming, they will be out of here like a bat out of hell. Programmers in the US think they deserve to be making $100K+. I hired a Berkeley grad 4 years ago straight out of college and I had to pay him $70K. That's the going rate out here in Silicon Valley and I was desperate. Luckily, he was lazy so I didn't give him that many raises and then the dotcom boom collapsed. He had such a feeling on entitlement. I felt sorry for him, because when he graduated, he had literally 10 job offers, so his views on life are completely unrealistic. He thinks he's going to get the multiple job offers and the signing bonuses again, even though I explained to him that those times were a once-in-a-lifetime thing.

Anyway, I let him go a few months ago and replaced him with with 2 hard working guys from our office in Pune, India. Sorry to tell you guys, but they have been great.

I'm not out to screw people over, but frankly, the bottom line does count. If I don't make my bottom line numbers, then I will be out of a job, and better you than me. I know I will probably be out of a job sooner or later, but I'm a manager with transferable skills and the ability to lead projects based with offshore resources, so I'm hoping I can leverage this.

Hate to burst your bubble but it's just a reality check.

Re:One word:

[Afrosheen]

"Can you find a job at another company, sometimes even a competitor, and instantly go work there with little fear of backlash from your current employer? Yes."

This isn't always the case. Some companies have limiting contracts that prevent you from working in the same field in your next job. This isn't legal and binding in ALL states but in most it can be upheld. This prevents YOU from learning skills at X and going to work at Y the same day, with all the knowledge of trade skills, etc. that you learned at X.

"If a company lets you go, are you entitled to unemployment compenstation of some sort? Yes."

This depends on your length and type of employment. Anything less than 6 months at a job does not entitle you to unemployment benefits, and if you were under a contract through a third party such as a temp service you have nothing coming to you.

"Can a company legally tell another company that you don't bathe, you write shitty code and your mother-in-law calls you 17 times a day distracting you at work? No."

Actually that's not true at all. Again, it varies by state, but here in Texas employers are entitled to full disclosure without fear of retribution by law. Anything your PHB tells a prospective employer about you is held in confidence, he/she can say what he/she wants, true or not. There are actually companies that call places you used to work for, on your behalf, to see what kind of things they're saying about you. You hire them to see what mud has been slung by former employers.

So yeah, your final point about employers having more rights than the employed is dead on. It's just sad that most people don't realize just how unprivileged employees are.

Re:welcome to life in the 21st century

[MAXOMENOS]

Don't kid yourself. You're a politically expedient piece of legislation away from getting downsized.

Re:Bigot

[Anonymous Coward]

You're the one that said Indian . . . Who's stereotyping now?

If you were the only Network Security Engineer...

[Wolfstar]

Then actually, you ARE a pretty big security risk.

You are the ONLY one who knows what's going on with the network security-wise. You could have them penetrated 10 ways to Sunday and they'd have to take your word for it that they're secure.

That's the first point. The second point is that you didn't get screwed over by a network security geek, you got screwed over by a salesman who makes money for some hot-shot CEO who pays a few network security geeks to do far more work than they should be handling. I just got myself fired from a job for "not fitting in". This meant that I had personal and professional objections to monitoring network connectivity, security, e-mail, webhosting, and VPN for some 150 customers and 4-500 sites at 50 hours a week as one of 6 people doing the job. Meanwhile, the 10 sales guys have a "Vice President" title hanging off their names, don't have a clue how to use a computer, and are promising the moon while the CEO rakes it in.

This situation is a real issue. Most of these companies are taking advantage of federal legislation requiring a certain level of security for a bank. And while it's not fair to you, you DO constitute a security risk as a sole security person. On the other hand, you also can't go back to your employer in a month and say, "Your security is full of holes now with this new provider, here let me show you." The bank's been swindled, you're unemployed, and an overworked staff just got more overworked. It's a lousy situation all around. The only thing you can do is move on.

Though I don't envy you trying to explain away getting fired as a security risk on your resume. That's probably the second-most unfair thing about the whole deal.

Re:Company names

[leerpm]

They won't sue you. At the very least tell us who the company doing the audit was. If they actually came after you, they would get an incredibly bad reputation for acting in very unethical ways. And you need trust to operate as a security company.

Re:What to do?

[Fnkmaster]

And more importantly, learn your lesson. Next time some huckster wants to sell you a "security audit", don't buy into it. Use it as justification to do an internal audit, or convince your bosses to bring in consultants of your choosing. Make it a collaborative process with your managers. Prize your relationship with your bosses above all else - don't be an ass kisser, be good, and make them look good. If when they think of you they think of the guy who saved their asses lots of times, they would have to be fools to let you go.

Control is greatly undervalued in business. Often times, control is more important than your bottom line salary. You want to be in control without people knowing that you're in control - don't play politics or backstab people, just be very important to the bottom line and very trusted. If you are unable to make your boss realize that you are important, you should find another job as soon as possible. Also, ALWAYS keep a backup plan in place, enough money in the bank, and have lots of friends in your line of work to help give you an in to other job openings.

It's a cheery little Machiavellian world we live in. :)

Re:MOD PARENT UP!

[Afrosheen]

Unionization isn't what's making those jobs disappear, it's overall labor/skill costs. Sure, unions make demands, but in Mexico there are no environmental controls. Union Carbide or Ford or whoever can setup shop down there and dump toxins into the environment all day long and nobody cares. That saves money. Also when Pablo is getting paid $20 US every day, that's a big savings too. The NAFTA is just one wonderful plan that made this possible. Textiles, well again, slave labor in another country takes care of that. Thailand, Bali, Turkey, you name it, wherever cost of living is super low, wages will be low as well.

Globalization helps YOU by bringing down the cost of goods. Globalization helps THEM by lowering costs. The only people it hurts (ultimately) is the third world country that the actual manufacturing takes place in. Some companies have been known to buy land in these countries, destroy the local economy by buying up farms and razing them, then dropping in a factory. The people work in the factory right away just to survive.

Re:Maybe it's time for the technocratic war to beg

[An Onerous Coward]

No.

Try and hunt down an old sci-fi story called "The Roads Must Roll [wikipedia.org]," by Robert Heinlein.

Quick plot summary: In the future, American cities are interconnected by vast conveyor belts--called roads--which transports people and goods. A few political demagogues start convincing people that certain segments of society should be rewarded for doing "critical work." For example, the road mechanics realize that without them, society as a whole would be hosed.

So a faction within this group of mechanics decides to go on strike, shutting off the roads and committing vandalism. Sure enough, everything stops working as the factions battle it out for control over the roads.

The basic problem with their underlying thinking is this: There is no one ultimate locus of control. Our entire society is completely interdependent. If the network people quit doing what they do, things are hosed. The same goes for doctors, police, firefighters, manufacturers, and farmers.

Take another example: Miners. There's an old mining slogan that says, "If it isn't grown, it has to be mined." There's a great deal of truth to that. Without mining and miners, we're screwed. But does that mean that the mining industry deserves ultimate control over our society? It's like having your kidneys demand veto power over your brain because the brain cannot operate without them.

Management types think of themselves the same way you're asking computing types to think. According to their thinking, without a running business, you wouldn't have a job where you could ply your trade.

Every society strikes a balance between individualism and collectivism. We're all individuals, but we're also functional units within a larger system that keeps everyone alive. I think you've definitely drawn the line in a bad place. Whether computer gurus are under or overvalued is irrelevant; I strongly object to your basic premise: if we have the power to wreck everything, we have the right to do so if the system doesn't give us what we want. It's merely blackmail writ large.

Re:A company making a protection racket?

[Elwood P Dowd]

Not like... say virus scanner writers right? [who probably write the viruses they detect...]

If better coders were writing viruses, Sobig and Klez would be the least of our worries. If virus scanner writers were writing viruses, every machine that didn't pay their dues would be infected. It's not that hard.

Re:Capitalism is a funny thing

[Afrosheen]

That has nothing to do with capitalism and everything to do with shareholder expectations. Once the shareholders have your publicly held company by the short hairs, anything goes. Economists have shown that downsizing ultimately hurts companies in the long run (retraining costs, hiring costs, etc. etc.) but they'll do it to shave fat for the quarterly reports. This makes shareholders happy because losing employees=lowering costs=raising stock price or perceived value. Even if sales are flat companies will still drop 5000 people off the roster to boost their stock price.

My advice to you is stick with privately held companies. They don't give a shit about the stock market or whims of the shareholders, they are only in business to make money.

Re:Lemme get this straight....

[Anonymous Coward]

He's not seeking technical advice, but sympathy and coping advice. Lighten up.

Re:this is what geeks do...

[Wolfstar]

...and intelligent geeks file for unemployment, then use that to go out, buy more books, and learn more stuff, all the while taking a short and relaxing "vacation".

Implying that filing for unemployment is only for those people who aren't legitimately interested in their field is obnoxious, insulting, and incorrect. What Unemployment allows you to do is find a DECENT job while boning up on your skills.

Re:What to do?

[starcraftsicko]

This Book [slashdot.org] might have been helpful for the dearly departed geek.

Even paranoids have enemies. They really are out to get you. Remember this as you stab them all in the back.

Just a thought... if the company prepared a report naming you (by name) as a security risk, you might have grounds for a libel lawsuit... IANAL, but in the US, folks do sue and win for much less.Sue the security firm for libel and fraud. Sue your employer for wrongful termination. It's the American way!

Re:MOD PARENT UP!

[Anonymous Coward]

You are only half right.

You forgot one extremely important thing: union or not, jobs get lost. The moment a CEO decides it's advantageous to move production overseas (or overborders), Americans can kiss their jobs good-bye.

Bringing down the cost of products is good of itself. The problem is that the cost that ends up eliminated is the salary of the local person who made it. Now that it's cheaper, that person can no longer buy that product, or any other.

There is no solution, except the elimination of outsourcing. Like that'll ever happen.

Thank you, to those who elect based on friendliness to business. Your friends will soon be unemployed, and will soon be ex-friends.

Re:I don't trust you

[lightsaber1]

How badly do you want to work for a company like this anyhow? Seems to me if your manager absolutely refuses to listen to his employees and just wants people to do what they're told, then maybe outsourcing is right for them, or perhaps a trained monkey would work, but I'd say their company is going down soon enough and you'd be out of a job anyhow.

One of the most important things a manager must do is listen to his/her employees' ideas and criticisms, whether valid comments or not, they must be at least considered. If this doesn't happen, how can there be any chance for a) advancement, or b) true improvement of the product?

The problem is the Bay Area (for some)

[Anonymous Coward]

That's your problem. You're in the Bay Area.

If you were adding workers or starting a company, why would you add them in Northern CA where costs are out of control?

It's looking like the answer, more and more, is to start your own business.

Re:What's good for the goose is good for the gande

[rutledjw]

Revenge? you want revenge? Just sit back and watch as the security for that company gets pummeled.

I've rarely seen outsourcing go well. Now we're talking about info-sec? You're going to outsource the "guardians at the gate" job to a company whose tactics should be seen as seedy by the dumbest of Pointy-Haired-Bosses??? They'll get what they deserve. Maybe not sooner, but certianly later. Considering they are a financial company, the PR cost alone could be disasterous.

Pardon my language, but f**k 'em. I'd leave cordially but expressing reservation about their tactics and ability to execute. IMHO there's no reason to burn bridges, IT is too close knit to do that. Plus there's no benefit for the guy who got canned. They could come back and beg him to return if there's a bridge left standing

Finally, companies who act like greedy sheep are inevitably led to slaughter. I know, I work for one and we're getting killed for bone-headed accountant-driven decisions very similar to those decribed here...

Re:What's good for the goose is good for the gande

[Anonymous Coward]

Yes. Good reply. In fact, this is exactly what I was going to suggest.

But, it wouldn't suggest that a disgruntled IT guy is a threat, insomuch as the "new-an-improved" security is inadequate. Afterall, he wasn't disgruntled until he was fired.

His work should indicate that this ex-employee isn't a threat, because he knows too much about the network... It should indicate that the new security company dosen't know shit. Otherwise, you're going to setup a mutual distrust between the company and the IT people. In other words: The IT people won't trust that their jobs are safe, and the company won't trust that the IT people won't fuck them over because they are mad.

Personally, I wouldn't want to work in a place that's being kept in check by the threat of mutual assured destruction. It's too much tension. Bad for the blood pressure.

The employees should be working on the same team as the management--with the same goals (higher productivity and profits, and all that garbage) If the managers see this quality in an IT person, they become quite invaluable as a bridge between the tech (which they don't understand), and the money (which they want more of).

This sort of activity used to be upheld by the promise of profit-sharing (the more the company makes, the more you make, so if you save the company money, you get it back as a NICE bonus in the end). It's all but gone now, but you can use the same ideas to make yourself a truely invaluable person to the company (with a check to prove it).

Re:One word:

[gentlewizard]

Here's another: WRONG.

Using unions to try to solve the "problem"of IT outsourcing is like trying to use a locomotive to solve the "problem" of a postal worker being replaced by UPS and FedEx.

First, because it is a solution that is obsolete for the times we live in, and second, because it won't work anyway. The trend toward outsourcing and globalization will not change or go away, no matter how many cardboard signs we carry in front of a company's entrance doors. It will not change or go away by turning our power over to union leaders whose primary agenda is building a power base for themselves and collecting dues. It will not change or go away - period.

The only sane response is to accept the situation for what it is, admit that yes, it sucks, but then look around for opportunities. And then look for the next ones after those.

Unfortunately, it's going to get a whole lot worse before it gets better - and it's only going to get better when enough people have adapted to the new economic conditions that systems are in place that make the new way easier. Fasten your seat belts - the next decade is going to be a bumpy ride.

Re:Maybe it's time for the technocratic war to beg

[proj_2501]

you mean like a STRIKE organized by a UNION?

I probably just started a flamewar.

Re:The true story of the OP

[Anonymous Coward]

So that's *your* story?

The truth is if you didn't deserve to get fired you would not have.

Obviously, you are completely clueless about how the real world works. When you grow up and move out of your parents basement, you might find that out for yourself.

Re:You were set up

[theLOUDroom]

I don't recommend you mention your ex-company's name publically since you have already lost this battle and you do not need to be seen as disgruntled in any way (cut off all contact to save yourself, otherwise the enemy consultants may blame the next breakin on YOU. they might anyway).

What kind of crazy stance is this? Fear, fear and more fear?

If he didn't attack them, they can't do @#$%, meanwhile he can sue them for slander if they try to claim he did.

Re:Great Logic.

[pjkundert]

Finally, someone who has a clue! Thanks, Dr. Bent, for the insightful command. They are few and far between in on this topic.

I can't believe how many times I hear people that are supposed to be independent, free-thinking professionals use the term "PHB", referring perjoratively to their managers, and then complain about getting let go!

Do you need to be beaten with a Clue Stick?

I ran my own consulting business for 6 years (not in the computer industry), and one thing I learned -- the vast majority of people don't take responsibility for their actions, don't invest the time and effort to learn the business they are in, and blame others when things go wrong -- especially when you have to let them go. I finally folded my business, because I figured out that I would rather program than lead people. But, I learned a few things along the way by wearing the "leadership" mantle.

If you are in the technical industry, and are competent, and are working for a manager who is incompetent, it is YOUR FAULT! Do you know why? Because it is always your fault. Period. No matter what happens. It doesn't mean you are a bad person. It's just the way it is. Life isn't fair. After I shut down my business, me and my wife were 1 week away from living in a ditch. Was it my fault? Yes. Could I have blamed my people, my mentors, my wife, someone 3000 miles away that could convince someone that they could do the same think I do, but cheaper? Sure! What the heck good would that do? Oh right, it would make me feel better. But, we'd still end up living in a ditch.

However, would you get into a car with a drunk behind the wheel, then complain when the car crashes, and you get injured? Hmmm....

First, start of respect your leadership. Even if they are "PHB"s. Because, like it or not, they know how to do some things better than you -- maybe only the ability to bullshit and shmooze their way to the top -- but they are there, and not you. If you are so smart, go and take their jobs. If you are even smarter, arrange for someone better than you at leadership to take their jobs. If you don't want to do that, shut your pie hole.

Second, get a clue about your business. If you can't present yourself in such a way that you are not perceived as more valuable than some faceless name 3000 miles away, then you need to take a serious look at your skill set -- and not just your technical skill set. Do you know what your manager finds most important about the area your are involved in? If not, Why Not? If your boss doesn't realise how important your position/department, are you embarking on an extended, intense education campaign to make certain he learns this? If not, once again: Why Not?

Or, are you like most people, and believe that the "Education Fairy" is going to sprinkle magic "Clue Dust" on your boss?

Re:Capitalism is a funny thing

[Reziac]

Maybe if we just looked for steady earnings, instead of earnings GROWTH, there'd be fewer companies going tits-up due to managers who can't see beyond this year's bottom line. Sure, lay off all the people who built the company and save a ton of money, looks good on the balance sheet and in the dividends column. Until next year, when the company goes out of business.

Re:I don't trust you

[The_ForeignEye]

I disagree.

Sure, I could watch Scooby all day long and you wouldn't know...at first.

Software projects are tracked and managed. It soon would be apparent that your progress is not aligned with what the initial estimate was, and although you could give some bullshit reasons as to why your progress was not as expected, they would eventually get rid of you for somebody more efficient.

Working from home sounds like a really good idea, but I don't think it's going to happen (unfortunately). I work for a software consulting firm and we have some remote people that work from home because they have no other choice (they are too far away from the closest office). However, when I (or anybody in the office) asked about working from home, the excuse we were given was that it would break the "team environment". They value person-to-person interaction too much and they don't care whether you could do netmeeting, telephone conference, or video conference through the net.

Working from home means you don't interact with other team members as much as you would if you were in the same location, and you don't share your knowledge and experience with them. Now, you don't share the comments about last night's football game either, but that's another story.

Re:What's good for the goose is good for the gande

[fastidious edward]

Yes, choose a legal option... do not endanger your future.

But something I'm confused is your say this was a major financial institution (well, the story seems to have been edited to remove major, but it was major on first read :) ). Does this company have only one 'Network Security Analyst'? Even a small company should have at least 2, from a contingency perspective. My financial company employer has a team of 20 on network security, though headcount of the company is under 2000. So what are the rest of your team doing? If they really only had you then they ran a poor show, and if completely outsourced (bad practice IMHO, in-house monitoring must exist at a minimum) a case can be made to monitor.

Well, you have my sympathies, if this 3rd party consultant really does urge firing all staff (well, replacing staff as the security risk with a 3rd party as the security risk) and not keeping anything in-house as you suggest, then I urge you to name them, sir.

Re:I've had this happen. It doesn't work.

[Perl-Pusher]

I currently work for an oursourcing company

My experience has been that outsourcing companies (at least the one I work for) and their employees take BETTER care of the systems than in-house employees.

No conflict of interest there! What crack are you smoking?

The companies you outsource to have different priorities than your company. How many of those companies are going to work extended hours to rush deployment of a new system the company needs?

These companies have more than one client and the biggest fish will always get priority. Things always work great the first 90 or so days till the contract becomes secure and then the priorities of the 2 companies diverge.

I have seen this happen time and time again. The stupidest decision a company can make is to outsource anything central to the companies well being. I know of a company that was a web based database of travel deals. They outsourced their web and database hosting and development to another firm. They only kept the business side (getting the travel deals from the airlines, customer service etc.) After awhile they had problems with the getting the database updated timely, couldn't connect (oracle always was the scapegoat) etc. The company had to go through 3 different companies, until they figured out how much of a mistake it was and brought everything back in house. Guess who is their biggest competitor now? The very first company they dealt with!

The flip-side's opinion.

[gerald626]

I work for a company who provides 'Outsourced Network Monitoring and Intrusion Detection' services. Whenever I'm doing a 'vulnerability assessment', or VA, I almost always work with the security professionals at the client site. My job is to help them do their job. The company I work for does a lot of things wrong, but (so far) they haven't pulled that one. If we've provided outsourcing to a client, it's been for something that they don't do already. Take intrusion detection (IDS) for example - most of my clients don't or can't do it effectively. So we come in and do it or them. They look good, we look good, everyone's happy. But your situation royally sucks.

I would brush off the resume and start lookin'. Just don't say that you got fired for being the security risk ;)

The Cycles of Outsourcing

[TempusMagus]

I thought I'd share something I've observed about outsourcing and it's cyclic nature. I base my comments on having seen this from the design/marketing side as well as the technology side.

On one hand you have frightened entrenched management reacting to what they think is the best fiscal course of action. They are making decisions out of fear. They will outsource like crazy and force domestic rates for similar services to drop as a result.

What will then happen is that the supplying companies will start raising their rates as their clients become more dependent. Additionally, companies will become frightened about increased project management burdens, tying important business-critical development to minimally invested 3rd parties and decreased savings.

Even when the economy is good, we all used to laugh about Coke and IBM who both did the following: One manager gets hired, wanted to pee on every post in sight and exclaim "Oh my god! We need to get rid of these people and outsource it all. It's not our core business. We can save tons in HR costs. We'll save BIG!". Then the next person who sits in his chair comes in, wants to pee on every post in sight and exclaim "Oh my god! Do you realize how much our vendors are ripping us for? We need to bring this work in-house. We can hire the best people for a fraction of the rate their consultants/programmers/etc charge! We'll save BIG!". Rinse. Wash. Repeat.

I think there will be a great balancing out soon. As soon as people get-over the knee-jerk reaction of outsourcing, esp. to India, you'll see things settle down a bit. It's so not the cure-all that desperate managers think it is, but it does have it place.

NE QUID NIMIS

Re:Network Security Analyst - bad position

[jonesvery]

Hire a lawyer. Have this lawyer contact the company pretending to be your new potential employer, and ask them for reference information about you. Actually do this twice (be sure completely different people call and pretend to be completely different companies). In one case your "new" position should basically be described as one similar to what you had at the company that outsourced you out. In the other case your "new" position should basically be central to your non-security skill set, such as a network administrator or network engineer (or whatever is appropriate for you). If they give you a good recommendation, then move on with your life and don't worry about it (just don't open your own personal accounts there, etc). However, if they give you a bad recommendation (such as "he was assessed to be a security risk") then discuss with your lawyer that situation and determine what can be done (you may have a case for a defamation lawsuit against either your employer or the outsourcing company).

Good theory, but I suspect that a lot of lawyers might balk at misrepresenting themselves in this way. The other issue it that it likely won't get any information. Because of this very scenario, many companies will not offer "recommendations" for former employees; they'll verify start and end dates for employment, salary, etc. -- factual information -- but won't provide anything that might be considered subjective for fear of a lawsuit like this.

I'll also echo another poster in saying that while your situation does suck and was clearly handled badly, it may not be that you personally represented the security risk. If (and I don't know this to be the case) you were the sole person responsible for security, or your group couldn't provide 24/7/365 active monitoring (real eyes reviewing data at all times, not just responding to specific types of alerts), then the very existence of your job could be viewed as a security risk. It's the company's fault for setting things up that way in the first place, but they may well be right to change their approach to security management.

This doesn't mean that the company will provide better services, of course, simply that the decision may have reflected an attempt to correct a bigger problem...only time will tell whether the correction itself creates more problems for them.

Re:Maybe it's time for the technocratic war to beg

[rnd()]

Every society strikes a balance between individualism and collectivism. We're all individuals, but we're also functional units within a larger system that keeps everyone alive.

Interesting way of phrasing that. I would phrase it as follows:

In a society, individuals most choose to specialize in order to obtain the economic benefits of specialization. This requires a degree of trust and cooperation, all of which is motivated by self-interest. Price signals efficiently allocate labor to its most productive role.

Saying that this is due to collectivism implies that people do not participate solely for selfish reasons. I don't think that is the case. Cooperation can be 100% selfish. This is a good thing.

Were you a security risk?

[winkydink]

While it seems everybody wantd to give you the benefit of the doubt, is it possible the 3rd party company was right?

I'd suggest taking a good hard look at yours skills versus your peers and make sure you measure up. Human nature being what it is, we are inclined to having a higher opinion of ourselves than that which others may hold.

Companies don't pay for 3rd party assessments unless there is some compelling, underlying reason. Most likely, the reason for your replacement is not black and white.

Make it a learning experience for you. Improve any deficiencies you may have. You'll be a better employee and person for it.

Re:What's good for the goose is good for the gande

[Curunir_wolf]

Duh! *ANY* network administrator is a security risk, because (by necessity), they have access to:

• Look at and modify every file on the servers (changing ownership first, if necessary)
• Change anybody's password
• Shut down services at will
• Open up services and ports to the Internet, or elsewhere
• Modify firewall rules

The list could have been very long. Can you imagine the reaction of the executives when they saw that list?

"Oh my god!!! That's a gaping vulnerability! Get rid of him, right now!"

Idiots

Re:What's good for the goose is good for the gande

[geoswan]

SafariShane needs to turn around and hack back in to the system in a week and show that the new company's security measures weren't that great. ;-) This will ingratiate himself with the CEO and get the new company kicked out.

Shane, this sounds like a truly rotten experience. And some of the advice you have gotten here is pretty crappy too.

Before you consider taking revenge, do you think there is anyone in management or H.R. to whom you could have a conversation? The idea that management had had a sudden, abrupt reversal in their confidence in your ability and trustworthiness must be a disturbing one. Perhaps there is someone to whom you can turn to for some reassurance.

"I thought I was doing a good job. I did get a 12.5% merit increase in pay. But the secrecy around how my employment was terminated is disturbing. Is there something in the security report that will cause the firm to give future employers a less than enthusiastic endorsement of my skills? I'd like to know this."

You don't absolutely know the outside consultant's slagged your performance or trustworthiness. And, if I read your account correctly, you don't know that your former employers turned around and hired the consulting firm to replace you.

Good luck.

Better Lawyers than thugs

[adamy]

People used to brawl out their differences.
So people banded together. THey called them gangs. Go watch gangs of New York. Tell me if that is how you want to live. Or in the days before The U.S.A split of from the U.K. look at how every major (present day) democracy in the world treated its own citizens. There was a reason the French started axing their own Aristocrats.

Yes, it is still about money and power. But lawyers and insurance firms are a vast improvment over roving gangs with knives and clubs.

It ain't perfect, but it is an improvement.

Re:Network Security Analyst - bad position

[TheBitterRaven]

Security as everyone's job is an admirable idea, and one that I'd love to see implemented everywhere. My experience, though, as a security analyst myself has been that if security gets in the way of a project, then there won't be any security unless someone insists.

Re:What's good for the goose is good for the gande

[saden1]

Don't get bitter, it is not good for the health. All ways keep your bridges open because you never know. If I were you I would go to the executive/manager and simply say "even though you might think outsource your network security, I respectfully disagree and here is why." Point out what the potential problems they will face with this new company and simply tell them that your services will be available to them as a contractor. Walk away with your dignity and their respect and you'll probably get a call from them if they ever need you. Of course next time they call, you'll be pulling the strings. In the mean time collect your unemployment check and look for new job. Maybe it is time to start a new hobby or learn something new and expand your horizons.

Regarding the resume...

[c_dog]

"Just don't say that you got fired for being the security risk" brings to mind another problem, which is one of the dreaded "bad" reference.

In this particular scenario (I'm no lawyer), wouldn't it be true to say he was "fired for cause"? When asked the question why he left his last place of employment, he'd almost certainly have to answer honestly because when his former employer is called (and most certainly will be...especially if not listed on references), and asked the question, "Could this person work there again", there answer would have to be, "No".

Of course (I remind you, I'm no lawyer), I also believe that if you are fired for cause, you have a right to see the documentation associated with the decision. Failure to produce that information (granted that it will be used against you for the remainder of your career), if not illegal, is just plain mean.

Re:Maybe it's time for the technocratic war to beg

[j3110]

Actually, that statement is a little untrue from two angles.

1) Shareholders and shareholder agreements do have clauses for removing CEOs.

2) If a significant amount of unemployment in IT crops up, it's quite likely they will work on some project just for something to do. So, this security guy that lost his job, might find a band of other people that have lost their jobs, and join to form their own security company to discredit the first, and take their business.

What if 10% of the people who's job was shipped to India by MS actually work on other projects. The end result is MS's move to India actually had a hidden cost in competition. The question is, how much business do the people take away from MS with their competing projects vs how much MS cuts by moving to India. Immediate gains will be much greater than the long term. Linux doesn't need many more man hours of skilled labor to cause MS harm. This isn't true for just MS, but any company that ships overseas, they leave people unemployed that know how to do a portion of the work that company does.

Also, consider it's not terribly hard for IT people to make a living just by running a computer shop. Hell, even if IT people work at Wal-Mart, they'll be taking some of their frustration out in code.

I've never seen it a wise decision for any company to ship jobs overseas. Forming new companies and devisions overseas is great, but cutting workforce that already knows what they need to be doing is the stupidest idea I've ever heard. As soon as you train these Indian workers, they become more valuable, and thus you have to pay them more (maybe not significantly, but you do). Also, you are driving up labor costs in India via supply and demand. There are WAY to many variables to make that a justified risk. I'm all for expansion, new contracts, etc. taking the cheapest route at the time, but this is just madness so someone can line their wallets with probable kick-backs from Indian CEO's/government. 4-5 people loosing their job from the same company is enough to cause competition. There are successful businesses today that are spinoffs of companies where the employees quit to form their own company, then the parent company had to compete with them. That's why they try to put non-compete clauses that outlast work duration in employment contracts.

Re:What's good for the goose is good for the gande

[Sanksa Wott]

Absolutely True! It's the hardest thing to do at the time not to strike back, but I've been asked to return to mis-managed projects that I started on several occasions. Geeks tend to be one of society's less-agressive (at least on the surface) types.

Americans! Accentuate your strengths!

[AtariDatacenter]

Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?

My entire team of systems administrators work at home for 100% pay. In fact, we're a bit of pioneers in this regard, but we've been on this track for a year now. Maybe 1% work from office. If we get just as much work done, and we're highly available, why not? And the company does acknowledge the money saved in office space. And that we're more able to work during sick time. Mind you, this isn't company policy, but a pocket within a very large company.

Part of what we do, as a team, is to emphasise the benefits of having American employees. Good relationships with our customers. We question things that are given to us and not just blindly follow orders. We collaborate to build best of breed policies and designs.

I personally think that Americans in fear of outsourcing are missing the boat. They shouldn't become more like their foreign cousins. They should embrace and accentuate their own cultural strengths (which they themselves may not even understand).

Stay American, and become Ultra-American. A cultural change is an important part of that, but I enjoy being part of an environment where there isn't danger in speaking out... in fact, the danger is in NOT speaking out!

There's a policy that doesn't make sense? Talk about it. A subject which is difficult to talk about? Acknowledge it is a difficult subject, and give it a try. Someone posts a document to the group? Read it, critique it, and add to it.

I think that an ultra-American can beat outsourcing becaue you're no longer comparing apples to oranges. Foreigners have a much tougher time questioning 'authority', even after assertiveness training. We can produce a different intellectual product which exceeds the value of what they produce.

Re:What's good for the goose is good for the gande

[hoegg]

That was a risky play. Don't try this at home kids, you could end up with legal problems. Criminal and civil.

Free != equal

[Dr. Bent]

Well maybe some of these libetarians should find out what Adam Smith was really about. His model of capitalism is based in an agrarian society with independent artisans and traders. His idea of a free market is exactly that - where everyone has equal access to market and equal information.

Equal and Free are not the same thing. A free market is one in which individuals are not prohibited from taking action based on their own personal information, opinion and resources. "Equal access to market and equal information" flies in the face of a Free market because in order to make everything equal, you have to take from some in order to give to others.

Without inequalities in the market, there would be no oppertunity for profit, and no motivation for anyone to do anything. Adam Smith was most certianly not talking about an "equal" market. That is much closer to Marx's notion of "From each according to his abilities, To each according to his needs". And if you want to know why that is bad, follow the link in my signature...

Re:I don't trust you

[K8Fan]

If your department manager is the type of prick who would try to steal credit for your brilliant ideas then walk around his desk and talk directly to his boss about your brilliant ideas... if you have enough of those conversations with that boss you may even find yourself being promoted to replace the prick who stole credit for all of your ideas.

The flaw in this plan is that most geeks, in my experience, have no desire to be promoted to management. We just want to do the work. The dream job for someone who is generally attracted to network security work is to be left alone most of the time by a boss who can realize that the fact that they haven't had to concern themselves with network security is a Good Thing. Then they throw more money.

The worst bosses I've ever worked for have been fellow geeks promoted above their social skill set. They are usually grumpy that they no longer get to play with the technology, and have to spend their days in meetings.

Assess, communicate, learn, then move on

[slouie]

First off, sorry to hear you lost your job. The economy is biting a lot of folks in the ass.

Second, see if you can get an assessment of the nature of the security risk. They are probably show you as a "single point of failure" (ie. exploitable either financially or otherwise).

Third, write a counter proposal to the security consultant's assessment. Be sure to include any achievements, successes, etc. that your time there. It may be too late for this one.

I think that being a "security risk" is only part of the reason you got. Office politics and the economy being what they are, you need to constantly sell yourself to your manager and show the benefits of having someone like you around. Lots of geeks are really terrible about the interpersonal skills and with a title of "Network Security Analyst," you're ripe for being downsized. You're only visable and important to them when they get attacked. They don't alwasys know or understand what you're doing in the background. It's up to you to sell yourself and keep your supervisors and managers up to date on what tasks you are performing and how that benefits the company. Without it, you're just a guy taking up a high salary for doing nothing.

Forget revenge. Forget the other company. Leave your number with your manager and ask if you can use him as a reference. See if you can improve your skills between jobs.

Remember this experience and build on it.

Best of luck.

Re:What's good for the goose is good for the gande

[DA-MAN]

> Before leaving, he fired off an abusive companywide email, messed up the servers, and changed the root passwords.

That cocksucker is a major liability, and not someone I'd want working on my network. What if I had a legit reason for firing him, say he installs WinXP on my Linux cluster, then I gotta worry about passwords and e-mails, etc.

Re:And then get arrested, convicted...

[jordandeamattson]

I have to say that I agree strongly with this position. If they identified him as a security vunerability, and did so with mailice and an intent to profit, then they have done him harm (known in legalise as a "tort") and he does have ground against them.

That said, he probably doesn't have grounds against the employer (though if he is in California, with its loosey/goosey definition of "at will", he is sure to find someone to take his case).

I would have him contact an attorney who specialize in employment law in his state (contact the local bar association for a referral).

I would then put together a very clear and concise summary of his involvment in the situation starting from the begining and running through to the end. Start with his hiring and running through to his termination. Put dates, summary titles, and then details. Be dispassionate. If there are any warts (do you gamble, drink to excess, use controlled substances, surf porn sites at work, in heavy debt, previous convictions, etc.) be honest about them.

This summary of your situation would be the backbone of any suit. I would send this to the attorney prior to meeting with them with a note saying, "please review and then lets meet for you to ask me questions of clarification and to discuss the chances of this proposed action."

The author of the parent post is correct: once you get into a suit, you will be able to get into discovery and will be able to ask for the report, any communications related to the report, commmunications related to yourself, etc. This would be a potential goldmine.

Re:What's good for the goose is good for the gande

[Nitewing98]

Did you do any activities that could be considered a security risk?

Good question. I mean, if the outsourced company found his unsecured FTP address that he used to up/download his MMORPG character stats and his biology homework, he probably *was* a risk.

However, I tend to think that the sort of scam he got burned by is real. And management is usually stupid enough to buy into crap like this. But I doubt it's actionable, since the outside company would have a valid argument that because he knows the network and all the passwords (or other entry methods/points) he IS a risk, even if he isn't INCLINED to use the information in a negative way.

However, by the same argument, THEY are now the biggest security risk to the network and because they are not employed, they have little interest in protecting the network (at least, less than HE did, since is only paycheck was derived from protecting that network). If his former company were to suffer an intrusion and as a consequence go belly-up, the outsourced company merely loses a single client, not their entire livelihood.

Re:Capitalism is a funny thing

[toganet]

I think you're right, though I refrained from carrying the argument that far out, for fear of scaring the 14-year-olds who read this site.

Truth is, we're pretty much screwed. Our culture is at about the same level of development as a 16-year old kid. We think we know everything, and that everything we do is right, and we really like doing things that make us feel good.

Unfortunately, we are going to end up unemployed and pregnant, probably on welfare to the uncaring 'state' of our robot children.

Pass the booze, TGIF & all that -- I just depressed myself.

Re:Ummm... get a new job

[k12linux]

If you can't find a job, then that is just the market at work. You may be great technically but not have people skills, or whatever.

While I'm feeling a bit old today, I've actually only been in the tech job market for about 15 years. And through all that time, no matter the market, the ones who were good (fresh out of college or not) always seemed to have a job. Sometimes it meant moving half a state away (or more) but they got good paying jobs.

During the tech job slump, I didn't know a single highly competent tech person who didn't have or couldn't get a job. I knew a few who were laid off but got jobs immediately. The only tech people I knew who had trouble getting work sucked at the job.

I'm sure there are some (maybe many) who were pretty hot stuff but lost their job due to layoffs or a company going out of business. While I feel for you, were you willing to relocate? Do you have people skills? Did your resume show how you could be an assett to the company, or did it just tell them you knew C/C++? (If you don't know it, there IS a difference. The really good paying jobs usually want to know how you can help them more than they want to know what you can do.)

During the very worst of the tech job market, we had a postition to fill and could only find ONE qualified applicant and he already had a job. (You would think that at least one more applicant would have had certification or at least experience in what was listed on the job posting.) The only difference between that and when the market was hot was that we had the one qualified applicant. During the tech boom, we wouldn't have had any and would have just had to pick the least unqualified.

In college, there were people who got their degree only because they got tons of tutoring by other students. One gal in C class never did quite get "the whole variables thing."

One day just after starting a new job, a coworker was telling me that the company would pay for each of your tests three times but that you could take them as many times as you wanted to... you just had to pay after the 3rd. I said, "Well, if you can't get it in three tries, maybe this isn't the right line of work." The reply was, "Oh no, I've taken my TCP/IP test 5 times now, next month will be the sixth." I just kept my mouth shut.

Should those two people even be doing tech work? Is it in a company's best interest to hire them?

Before I get moded as flame-bait or told by 100 people that they were top-notch and lost their job, let me say that I know it happened to some of you. It sucks. Move on. It's especially a problem if you were ultra-specialized . Maybe you spent the last 5 years designing phone system line cards... yeah, the market on that is pretty small. But a really good programmer or sys admin should be able to find something somewhere. (Again.. that "relocate" word.) And if you really are as good as you say, why not pick up a couple new languages... or study up and get certified for LPI or RHCE (or Solaris, or CNE or MCSE?)

A "Diplomatic" Geek.

[Anonymous Coward]

"At my last job (one of the big 3 ISP's) one of the NT admin's screwed up and opened our one internal systems to the whole world. One of our techs studing security discovered the hole and reported it our PHB. Who came to our SA team to check and confirm. They were more concerned about the tech finding the hole, than the idiot NT admin who screw up an NT securtiy setting. "

Then one of two things.
He could have gone to the "idiot"(a hint here. It's not good to go to a person with your prejudices. It could have been an honest error), and told him about the problem and let him correct it, with the boss being none the wiser, and his "image" intact.

He could have fixed the mistake, with no one the wiser. If everyone is as clueless as you state? Then this should have been an easy task.

The main thing that stories like the above demonstrate is that geeks make lousy diplomats. There's a right way and a wrong way to present "difficult" news. Learn how (among other things) and you'll do well in life, and work. Forget how, and you're the subject of a story on Slashdot.

Re:Well... Sorta!

[loraksus]

But the flipside of this is that you could end up with total incompetence in the workforce.

And this is different from the USA how exactly?
No, seriously, I'm posing a valid question. If you've worked in IT or virtually any other job, you seen a plethora of incompetents in virtually all areas. There isn't any push to remove these people because companies generally don't push their workers 100% and management is clueless about the actual workings of the company. "Time estimates by Scotty" also seem to work well.

I dunno where you're getting the 75% tax rate either.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Capitalism is a funny thing

[Anonymous Coed]

First, standards of living in other parts of the world will continue to rise. Those people will want (and more importantly be able to afford) more and more U.S. goods.

Why do you think those goods would come from the USA? As long as production costs are lower elsewhere than in the USA, consumer goods will continue to be made in places like China and Indonesia, and perhaps later on, in Africa. People in these areas will be both making and consuming these goods, rather than just building for export.

Essentially what we are looking at is a levelling out of the world economy which will almost inevitably involve a decline in the standard of living in "the West." Another way to put it is that the entire world will be divided into only two classes, the super-rich and the rest of us schlubs, with the distinction of "rich countries" and "poor countries" becoming less apparent.

Cowardly Security Risk Accusation

[Anonymous Coward]

I don't know if you have any recourse at this point. I think this one is a real STINKER. Since the risk criteria were withheld from the employees, I think you should definately visit a lawyers office who deals in employee and HR actions and see whether you have an actionable case. The fact is the job stream is a huge pipeline out of the country right now. It began with computer programmers, extended to hardware and chip engineering jobs (as large companies IBM, HP, SUN follow the software thread) and is continuing now with securities analysts with no end in sight. The Security Risk BS sounds like a convenient ruse especially if it's being applied to high-cost or older employees or some other notable demographic group. Sit idly by and you'll hear nothing but that giant sucking sound that H. Ross Perot described prior to the enactment of NAFTA. You and your other coworkers deserve to know on what basis you are being accused of being security risks. I dare say that exporting the work to other places that are considerably less visible to the management is not helping the security issue as much as it is helping someones bottom line.

• This sounds like a gross conflict of interest to me.