Replaced by Outsourcing -- What's a Geek to Do? 1166
SafariShane asks: "Yesterday I was fired from my position as 'Network Security Analyst' from a financial institution. I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.' At the time, I thought a vulnerability assessment of our network was a good idea, but in retrospect, it occurs to me that this company, who's other product is 'Outsourced Network Monitoring and Intrusion Detection' may pull this little trick everywhere they go. Has this happened to any other network security folks out there. Does anyone know if this is a common practice, and what's a geek to do if they find out a 3rd party assessment is on the way? If this happens again at another institution, should I just start polishing my resume right away?" Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay? For those of you who feel the threat of Outsourcing breathing down your neck, what are you doing to try and stay in your current job, or even in this current market?
"Here comes the obligatory South Park reference:
- Perform Network Vulnerability Assessment
- ?
- Profit! (Sell Outsourced product)
I wouldn't even dream up the above situation, except that when the assessment was done, all results were hidden from me. The company presented the results not to the geeks that can interpret them, but directly to the executives that still think 'Clippy' is a great product.Label anyone who is responsible for network security as the risk, and get them fired.
I'll also note, because people will ask me anyway, if there were other problems. In my year on the job, there was only 1 network intrusion: Welchia, which was contained in twenty minutes. Anyone familiar with Welchia will know that it is no easy task. I was never reprimanded for anything. In fact, I received a 12.5% raise only two months ago for job performance.
I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.
I'd like to hear comments from folks this has happened to, and what did you do as a result?"
Maybe it's time for the technocratic war to begin. (Score:5, Interesting)
I'm on call 24x7x365 while the CEO sleeps.
The none technical types need to understand where info power resides.
Easy solution (Score:5, Interesting)
Get a job working with an outsourcer. Duh.
"Services" is where the IT business is going. And yes, there are outsourcing companies in the USA and various other non-India, non-China nations. Skilled, flexible talent is very valuable to a services company. And it's satisfying work because you're not stuck with one environment all the time -- you get to play with lots of different customer environments, picking up new skills along the way.
Basically, what I'm saying here is, quit whining. Make yourself a valuable person and you will find employment. And don't rest on your laurels, either: you have to constantly adapt and pick up new skills.
Now I shall sit back and wait to get modded down by the unemployed, disgruntled Slashdot hive mind, but my position on this issue stands.
Re:Sounds Like a BOFH episode (Score:3, Interesting)
sPh
Things are looking up (Score:5, Interesting)
Things seem to be looking better out there. New jobs will replace the old ones lost.
What constitutes a "failed" audit? (Score:3, Interesting)
Security is a complex task in any environment (from physical threats, unknown vulnerabilities, social engineering, misconfiguration, etc) and the increased size and complexity of networks and systems means this problem will only get worse.
Having what sounds like a single security / administrator handling a financial computer network does sound risky to me personally (but maybe you were just singled out among you coworkers?)
Your comment about telecommuting is a good one though. No longer requiring physical presence to do a contract or work some other position could free you up for additional tasks at other companies bringing your overall salary to a decent level.
Both parties get what they want in the deal; businesses with inexpensive, on demand services; engineers working an efficient schedule for multiple clients (thus good wage despite lower prices on individual jobs)
I'm not sure what kind of reputable engineer you would need to be to pull this off. Liability is going to be the major sticking point on any contract or work-for-hire (until you get a proven track record of completed, functional projects)
the good, the bad, the ugly (Score:5, Interesting)
- the good : I've had lots of time to play with my 2 year
old son
- the bad : I've got a family to feed
- the ugly : I'm learning that experience in the industry
hurts ones chances te land a job, as we're considered "too expensive"
I've found a few consulting gigs to help, but now I'm moving out of the Bay Area - can't afford to live here anymore.Re:I don't trust you (Score:3, Interesting)
I don't trust you to work from home. You will just watch Scooby Doo.
'Tis true, but a company in India has tons of programmers in cube farms (at least that's what they tell you), so the PHBs feel more secure knowing their new programming staff is being directly managed.
Re:What's good for the goose is good for the gande (Score:5, Interesting)
Then when he's able to hack in through the outsourced security system, he should state that the outsourced company's report was right -- a disgruntled former IT person is a big threat, but since he knows the tricks he'll know how to counteract that threat.
No one has asked so... (Score:2, Interesting)
*cragen
All about damage control (Score:1, Interesting)
If inhouse IT causes a security failure (or worse actively compromises something), you have no recourse but to fire them. One can take them to court, but it will be difficult to get any signifigant damages out of an individual. Switch to outsourced security analysts and you get a big corporation to sue should things go wrong.
This has nothing to do with the quality of service, rather it's the ability to do damage control in situations potentially damaging to the company.
Re:You were set up (Score:3, Interesting)
Auditing... (Score:3, Interesting)
Simply put, the idea of a third party review of anything is to get a clear and objective review of whatever is being audited, whether it is a company's financial dealings or it's network security. Now, was your company's third party review objective, no.
I don't know the details, but from your post I do know that the company doing the auditing had a financial interest in giving your network security team a bad grade.
On the bright side of it, the people you worked for seem to be missing the point of auditing (which probably means that they missed that day in Business school or that they are stupid). I mean, a 'financial institution', you would think that they would have learned the lesson of the past few years.
Re:Easy solution (Score:5, Interesting)
What I'd do is file for unemployment immediately. This would be good to find out if they claim they fired you for cause. In Texas at least, if they want to make that claim, it has to be done in writing which means they would have to commit to those statements. If you wanted to pursue it, you could eventually find out why they say you were fired. Likely they will just take the hit on their unemployment insurance and not contest your unemployment.
If you think that something was a little bit shady, like a manager getting a kickback from the consultants you might try to use your current contacts to feel that out. Unlikely you'll find out anything there but if you do you could be a real bastard about it.
I ran into a situation where I was hired by a business consulting group to do some work they normally didn't do. I had contract signed and everything when they never called back with a start date. After two weeks of expecting a firm date, I called them and they said it was a no go. I suspect they filled the position internally after using me to land the contract. They had accidentally let me know the company they were pitching and it turns out the President of that company is a family friend. All I had to do was ask an uncle to ask this guy over lunch if they had someone doing this job from company xxx. After weighing the possibilities of what I would/could do if I was right, I decided I just didn't want to know and time would be best spent concentrating on a job/career instead of money and time lost. When lawyers get involved the only sure thing is that the lawyers make money.
Read 'The Grapes of Wrath' (Score:2, Interesting)
Just like in the book where the price paid for a picked box of peaches went from 5cents then 2.5 cents (for a ton, as I recall), the same is happening to us programmers. A year and a half ago I had a C++ contract working at $40/hr which was easily $10 to $15/hr less than the year before that. Last week I accepted (after not having paying work for over a year) a C++ contract at $35/hr. What will the going rate be in another year?
Global free trade/capitalism is a race to the bottom.
I've had this happen. It doesn't work. (Score:5, Interesting)
In the space of 3 months, two separate consulting firms recommended our tasks be outsourced. We all lost our jobs, and what comes out in the wash? The outsourced monitoring company is a subsidiary of one of the consulting firms. No surprises there.
Now, my employers have gone from having a small dedicated team who treated their equipment as their very own, to having a useless 'monitoring' company who not only can't detect an outage to save themselves (when the most clueless of managers has needed to contact them to ASK if a server is down when it's been out all night, things are bad) but don't actually do fixes themselves, but re-outsource those also
Last I heard email went out for 4 days. Our worst was a 3 hour fix, which was a combination of intermittent server problems and a backup clean slate machine that failed right after install, so we needed to source and rebuild a box from scratch. The new firm's best time is over a day.
The only thing I like about the whole situation is they're getting what they deserved, and are locked into it for another 18 months. Morals be damned, schadenfreude is fun.
Can't beat 'em? Join 'em! (Score:3, Interesting)
SafariShane needs to get onboard with a company that does this kind of work. A buddy of mine ran a one-guy development/network admin company for several years, and got into security as well, picking up a cert or two.
Due to the economic downturn (and his bread and butter client not falling under the Prompt Payment Act), he had to get a job with The Man.
He got a job with these people [ncircle.com], as the tech half of a two-guy sales team, by leveraging his knowledge of Windows and *nix networking and security.
He's working like a sled dog, can't say anything about what clients he's seeing, or much about the product. But he's a very, very well paid sled dog in terms of base salary, benefits and commission; he went out and got a 32" TV and laser-corrected his eyes.
IT going the way of advertising (Score:3, Interesting)
This sounds like where IT is heading. And keep in mind that companies still have marketing departments that interact with the agencies to make sure things work right.
Why not embrace this model and start up your own outsourcing firm? It's obviously profitable, and with the growing number of extremely skilled IT workers out there that are unemployed, I'm sure you won't have a problem finding talent.
Maybe it wasn't just your role. (Score:2, Interesting)
If your story is right on accurate, then this is truly a travesty. Sitting on the other side of the desk, though, it may have made financial sense to outsource your responsibilities. If you fail, the company has no recourse. If they fail, it's a civil court problem that brings money back to the company. On another thought, they may have underbid your salary.
Although an important thing to have, the responsibility of network security is basically insurance for the company. The fact that they only had one intrusion in 12 months may have made outsourcing that insurance at a cheaper rate a good idea...after all, historically there hasn't been much threat.
2 questions (Score:3, Interesting)
2) what is your question, "how do I build stable relationships with PHBs so that free lunches and golf outings from vendors dont get me outsourced again" or "how do I prepare for 3rd party assesments/sales pitches to ensure that both they and I can be objectively analyzed"?
Sadly, in corp IT, the answer to both questions is the answer to the first. Face time, "expectations management", proactive education, whispering sweet nothings in the ear, and many other social engineering tactics are how you build relationships with the morons in charge. This is how you will also be better prepared to deal with vendor incursions into your domain.
Technically the way to prepare for this is to do an assesment yourself, early and often, document it, summarize it, broadcast it, and ask for money. You will get ignored and turned down but you will have paper trail and they will remember, vaguely, that you said something about security when the sales pitch comes and they wont be surprised.
In corp IT and much of the world, when dealing with non-engineers, technical merit does not speak for itself but appearance and posturing go a long way. So, in the future, over-communicate and advertise. Remember that most non-technical people get their educations from advertisements and sales pitches so fight fire with fire.
My biggest experience with Outsourcing... (Score:3, Interesting)
I was working for a development firm, we had long term client who had made use of many other development firms.
We landed a big project, the client had us work with another development firm, this one out of India to supplement our skill set, throw more bodies on the project, and so they had a clear understanding of the architecture when they took it over later.
We came to find out that the head programmer working with us would go directly to the client and tell them how poorly we performed, that we didn't know what we were doing and other such niceties.
The PM from the client bought it, and we were removed from the project (an action that within 6 month caused 130 people to loose jobs.)
The other firm left with our architecture, our code, and our self esteem, we left the company with 2 weeks severance.
The most ironic part was that these guys came in with no knowledge of the platform! We taught them to Java as we went! That was the biggest slap in the face that I have ever received.
What are you going to do, hopefully this kind of stuff will run rampant and leave a nasty taste in everyones mouth.
We're not called a litigious society for nothing. (Score:3, Interesting)
Re:T ypical unrewarded IT geek reponse (Score:1, Interesting)
Labor wars have been around for a long time and still management hasn't learned the lession. Now that people are pushing keys, not turning screws, and the workers (geeks) live their jobs, managers find it only simpler to push the employees around.
Do the terms "work stoppage" or "stike" come to mind? Computer don't run them selfs.
Re:Maybe it's time for the technocratic war to beg (Score:3, Interesting)
The flip side of this is that most of the major IT disasters I've seen have been caused by idiot1 getting hired by idiot2 to do a job that neither idiot1 nor idiot2 knew the first thing about.
Re:One word: (Score:4, Interesting)
Sure, if you don't mind not earning money.
Can you find a job at another company, sometimes even a competitor, and instantly go work there with little fear of backlash from your current employer? Yes.
Not if you sign a non-complete contract. Otherwise, they can, and probably will, sue your ass until there's nothing left.
If a company lets you go, are you entitled to unemployment compenstation of some sort? Yes.
Not always. If the company makes it look as if you are the cause of your unemployment status, as this guy was because "he let the company security slide, as was found by the vulerability assessment", then you have fewer chances of seeing anything more then the standard 2 weeks. But there's little chance that government U.I. would kick in. Could you survive 3 months with only 2 weeks pay?
Can a company legally tell another company that you don't bathe, you write shitty code and your mother-in-law calls you 17 times a day distracting you at work? No.
A company can legally tell another company of the reason that you were let go. And since this guy was accused of letting network security lapse, that's not going to sound good when another company calls up.
I wouldn't trust anything else coming from this company if I were him. I would try to minimize any contact with this company by future potential employers. He really is in as bad a position as he thinks. What's worse is that probably none of it is deserved. Good luck buddy, because you're going to need it...
Re:One word: (Score:3, Interesting)
Re:Capitalism is a funny thing (Score:1, Interesting)
The number of Americans who owns stocks, directly or indirectly, is indeed impressive. The number of Americans who owns a significant amount of stocks (say 10% of their annual revenue), on the other hand, is extremely small.
Not just in IT (Score:5, Interesting)
Many hospitals are contracting with large national companies to provide physicians services that were traditionally provided "in house." This is most easily done for things like Radiology, where films can be digitized and shipped anywhere in the world to be read by a room full of radiologists. It's also being done (and has been for years) with Pathology services... send your slides and tissue specimens to a big lab to be examined rather than the employing a bunch of local pathologists. Admittedly, there are some economies of scale that enter into the picture... "sending out" can be more efficient.
This is also a big deal in my own specialty (emergency medicine); competition is brutal. There are large national "contract management" ER groups that are constantly approaching hospital administrators with sales people, brochures, and a pitch about their high-quality, lower-cost emergency medicine care. Contracts change hands in ER all the time, which is why a lot of ER docs live like gypsies... if your hospital outsources their ER services, you get fired, and have to find another job (if you live in a smaller area with only one or two hospitals, you can be SOL... time to uproot the family and move.)
How do I/we fight it? Relationships and service. We make ourselves available to the administration to address concerns and problems. We build relationships with the community physicians, so that they KNOW who's taking care of their patients in the ER, and KNOW they can trust us to take care of the critically-ill. We integrate ourselves into hospital committees, and get involved in the community. We implement Quality Assurance and Peer Review to ensure that we're practicing up to the standard of care. It can be a lot of work trying to keep your job (never thought you'd hear a doctor say that, did you?).
In ER, losing your contract/job or not usually has nothing to do with bad medicine... it's failure to "play the game" that sinks you. There may be a parallel here for the infosec geek that was fired... If there's one area where the prototypical "geek" personality probably hurts the most, it's in the eschewing of those critical relationships. It's great to have m4d 5ki11z in the server room... but a little face time with the powers that be could make the difference between paycheck and pink slip...
There's no guarantees, however... even with all my efforts, I can still get sold out if my hospital administrator gets a wild hair, or just plain doesn't like me.
It's business reality for lots of folks, not just IT.
Re:Easy solution (Score:2, Interesting)
I recently relocated, and took a job for a consulting agency, for about 10% less than I was making in my previous job (but COL is lower here).
I've been at the same client for 6 months now, and I do a little of everything (coding, admin, PM, sales) so they like having me around. To me, it's beginning to get boring, so I may look elsewhere.
But the nice thing is, if the client decides they can't afford me any more, my employer will find me a new placement (hopefully) -- so there's less risk of being suddenly unemployed.
Comment removed (Score:2, Interesting)
Workers Rights (Score:5, Interesting)
Corporate America has as much to do with the Adam Smith model as the Bolshevist U.S.S.R. It's not even related to Marx' model of capitalism, for in Corporate America, capital is as alientated from controlling the means of production as labor is. Instead, what you have is a management class which calls the shots and enriches itself at the expense of both workers and owners - can you say Enron, Adelphi, Worldcom etc etc.
Sure a worker has the "freedom" to say "fuck you" to his boss and look for another job. In theory. In practice, as the job market shrinks despite the "improving" economy (i.e. the management class being further enriched) those jobs are very hard to come by. So the worker has to bite his tongue as his workload is doubled, as her boss wittles away more and more of her "perks," as the threat of outsourcing is used to bludgeon him into obedience.
Saying to someone "go out and upgrade your skills" is also BS. A friend of mine is in his mid-40s, extremely talented, engineer/MBA out of work for a year and a half. Who's going to hire people in their 40s and 50s, no matter how much talent and experience they have, no matter how upgraded their skills are? And you young 'uns are going to get there faster than you think.
Corporate America demands obedience, makes people work like slaves, uses them, chews them up and throws them out when they no longer are useful. Maybe we should just kill off laid of workers so we don't have to worry about unemployment insurance and welfare?
And no I am not speaking out of personal bitterness. I have a successful consultancy business and work for myself. But even if you believe in ultra-selfishness, a society with many poor, disaffected people is a very scary and dangerous place to live in. This is an issue that effects all of us, not just the laid off.
Re:I don't trust you (Score:5, Interesting)
1) Medium to large size business do not trust individuals: only other businesses are trusted. A local Goodwill (yeah, really, Goodwill) used to outsource work to me on a very regular basis. I'd give them plenty of freebies (again, it's Goodwill) along with the outsourced work. Eventually they hired someone to take care of internal matters and the outsourced work finally stopped (he had a gripe with me apparently). The CEO didn't question his judgment because he was moving to Microsoft products and outsourcing to larger companies. It didn't matter that they were paying six times (I kid you not) as much for the same work, their firewall had been removed (the new guy didn't understand how to manage it), and they removed a perfectly stable Linux box in favor of Exchange (easier to maintain for him, but DID go down frequently). None of this mattered. The CEO and kin felt more comfortable with larger businesses despite the problems. They care about feeling better, not about how much they're paying or how often something goes down. They will excuse ANYTHING if they're happy.
2) This (security assessment) is a new tactic from a small group of companies/individuals that have been around for a while. Years ago I handled support for a local ISP. The ISP had (shame on them) sold bandwidth to an adjacent office which was plopped right on the main network (no bridge/firewall/etc). This office had a MUD server which was compromised and made a really great packet sniffer. Account info was snagged and used....by a **network security firm** working out of Canada. They changed a few passwords to get attention, then e-mailed the owner of the ISP with a 'Hey, we didn't do anything but we wanted you to know your setup is easily corrupted. We can supply you with services to prevent this in the future.'. It's like, some kind of dorky geek mafia.
The original submitter could be a dick or a great employee. Either way, it doesn't matter because these security goons are out there and using a much better tactic to get business. It's pathetic, but it's real and there are enough ignorant businesses out there to make it profitable. All the education in the world won't help some employers, they're just too fucking stupid. Maybe the submitter's best bet is to hook up with one of these shitty security firms....join 'em before they beat you out of the market (re: multiple bad security profiles).
Sorry for the long rant...too much coffee
A question for the audience... (Score:1, Interesting)
Anyway, somehow someone (rather curious about these two points...) at work found the site and they found one little sentence that they didn't like. They hauled me into the presidents office and fired me. It was over in maybe 15 minutes. The thing was, they had no proof that that nickname was me. They wouldn't tell me how the site was found. And they even went so far as to call my opinions illegal.
What can I do about this? Has anyone had this happen to them or know someone maybe? What can be done? Anything? They even mailed me a letter that suggested rather rudely and directly that I should seek a professional councilor to discuss some of the things I had written in my diary!
Comment removed (Score:3, Interesting)
Trick to keeping your job (Score:1, Interesting)
Wishing you great success with your future endevours!
Re:What's good for the goose is good for the gande (Score:5, Interesting)
Of course it all depends on what context he was fired for. Are we getting the whole story here? Did you do any activities that could be considered a security risk?
me too is all I can say (Score:1, Interesting)
This was done shortly before I arrived and the previous two IS managers quit 1. when it looked like the county was about to purchase this package 2. once the system was purchased and she saw the daunting task of maling the thing work. (Oh, did I say the fiscal officer was a real good friend of the consultant for this company)
I, while working out an annual budget, informally (warning, nothing is ever informal) noted that over the next year or two we needed to be phaseing out these expensive consulting services. Next, the consultant is salled to do a review of my work performance. No supprise, I was doing every single thing wrong. Even my backups were wrong, I was doing full backups every night while she noted that relative (full, differential, incremental... relative isn't on that lest girl) backups should be done instead because they are significantly easer to restore from. The whole review was like that. Bull from a vendor who had a interest (kickbacks almost) interest in getting rid of me.
Well, I am back to repiring copiers, faxes and printers for about $10 an hour and hating every minute of it (oh, and I still "get" to do network installs of devices and troubleshooting for that same $10/hr). All I can say is what a waste.
Unions (Score:4, Interesting)
India has much much stronger labour laws than the USA on most issues (although enforcement has problems sometimes). Indian IT workers sometimes do belong to unions or labour groups. Interestingly some of them chose not to use the word "union" because they wanted a labour group but didn't want the conflict the word union implies in some parts of the world, but to imply constructive working together
The jobs that went from the USA and EU have something much more important in common. They are low skilled, highly manpower intensive and not subsidized. It has a lot to do with wage costs and very little to do with unions.
Software is manpower intensive, not subsidized and the skills are being developed rapidly to a high level in other countries. The rest follows logically enough.
Welcome to globalization of production. Unfortunately globalisation of buying is a different matter (eg DVD prices in europe , US text book costs, US v Canadian medicine prices).
Had this happen to me! (Score:2, Interesting)
Re:You were set up (Score:3, Interesting)
1. Security is tough.
2. It is best left to professionals.
3. You are better off hiring those professionals rather than trying to develop it yourself.
4. You should hire us.
Re:Topic For Election (Score:3, Interesting)
It makes the point you are making and points to how Democrats and notably Dean could seize this winnable Issue
Re:What's good for the goose is good for the gande (Score:5, Interesting)
I've worked for too many large corporations don't ever think management is going to think logicly.
Re:Network Security Analyst - bad position (Score:3, Interesting)
Do you think that somewhat indepedent review is unnecessary, especially in the area of security? And who decides where required security features are implemented? Just to give an example: Sometimes, it's not cost-effective to provide the required protection level entirely on the network layer, but it can be implemented on the application layer (or by using operating system features) in a straightforward way.
Re:Maybe it's time for the technocratic war to beg (Score:3, Interesting)
Until the people that provide that support decide they don't want to do it anymore and go off to another career, leaving a shortage of people to do the job. Not saying that this will happen anytime soon, it's mostly to make the point that people in power must derive their power from somewhere. Things don't happen in a vaccuum.
Re:Security risk? (Score:2, Interesting)
And don't think a management job will be safe. As soon as the foreign company realises that they have all of the workers, what effort will it take to "fire" the parent company and hire their own managers? Not much. American companies are merely feeding their replacements and will find themselves outsourced with their employees. There is no way for American companies to avoid this outcome. It is one thing to sell an invention, and another to sell the inventor.
He who feeds a dragon, does not love his children, for the beast will quickly tire of his master's fare, and soon turn on his master.
Re:What's good for the goose is good for the gande (Score:3, Interesting)
A company I used to work for had 2 IT guys: the manager and the worker, and laid off the worker. Before leaving, he fired off an abusive companywide email, messed up the servers, and changed the root passwords. When management found out that the manager couldn't fix the problems, they fired him and rehired the worker, who made less money anyway. No charges, no retaliation, just business.
I always thought it was a good decision.
Re:And then get arrested, convicted... (Score:5, Interesting)
Courts tend to look at libel related to employment very favorably. He should contact a lawyer.
Get a lawyer! (Score:3, Interesting)
A company who chooses to terminate your employment because of research or inquiries, the results of which are not told to you, sounds quite... well illegal. Were you a regular fulltime employee? Did you sign some sort of disclaimer because you were in "security" that they coudl at any time terminate you because you could be terminated as a "security risk" ???
Get a lawyer now!
Re:What to do? (Score:2, Interesting)
I worked for a company that did similar work... (Score:2, Interesting)
Re:What's good for the goose is good for the gande (Score:5, Interesting)
Here in Canada, you also can't get fired on the spot (well, not for this). You have to receive at least a verbal warning and/or a written warning first, outlining what it is you are doing wrong.
I don't know what the laws in the US are (or even if you are in the US), but you might want to check with a lawyer. A quick consult shouldn't cost you much, if anything.
HOWEVER he may have civil court case (Score:3, Interesting)
While geeks are smart they dont know the law. If this new company wrongly accused him of incompetence or negligence he has have every right to sue them. The sooner the better..... He doesnt sue his employer thats bad for future employment. He sues this third party and then subpoenas exactly what they told his employer about him.
In addition to libel, and defmation there is also tortious interference with business relation(ie your employment with this company)
Id say he needs to consult with a lawyer
Re:One word: (Score:2, Interesting)
But it works both ways. Witness recent strikes in France over pension plans. Citizens feel it is "their right!" to retire at 55 and get a full salary for the rest of their unproductive lives. That's not going to work either and there will be consequences down the road as this 'entitlement generation' is forced to get a life. The rest of the citizens of France simply cannot afford to keep the boomer generation in the style to which they have become accustomed.
The only time this doesn't work is when there is not good communication/transportation between high and low pressure areas. In the comm area there are few barriers left. If there IS a flow, wind is created, and the high pressure flows to the low pressure until they equal out. In other words, it sucks. If there IS NOT a flow because of barriers (like oceans, for example), then artifically high pressure areas remain. Witness the lock the US West Coast longshoreman have on shipping. There a data entry clerk makes $120K per year. Is that efficient? Hell No. It can't last, but there will be hell to pay to make it go away. And it's the exact same hell the EU faces with artifically high pensions. It's the same dynamic at work.
One commonality between the US and the EU is the rights of workers in government, and the resulting inefficiencies and bureaucracy. Both suffer enormously from it and as a result government not only has a hard time being productive, it becomes a drag on the economy of the respective countries.
It matters not whit what country you're from or what philosophy you espouse. The equation is this: More coddling of workers leads to less accountability, efficiency, and productivity. Compare the civil service of ANY country to the self-employed and figure out just who is more motivated.
The American Way - Sue! (Score:2, Interesting)
If your employer told you (or better yet, put it in writing) that you were fired because you were a security risk, then you may be able to sue. Here is why:
You can be fired for making false statements on an employment application. No matter why you were fired, if you lie on your application your case is lost. So, when filling out future employment applications for the position of security admin you must say you were fired from your last job because they thought you were a security risk. Of course no one will hire you. Get any of them (but perferably four or more) to put in writing you were not hired because your application says you were fired for being a security risk.
Now sue your previous employer and the security company for $10,000,000. Even if your employment was "at will" you can still sue in this instance because they have effected your future employability by claiming your were a security risk. If you are lucky, the security company put in writing (very stupid) that you were a security risk but it isn't necessary that they did so. People frequently win this type of case. Lesson to employers - "NEVER TELL SOMEONE WHY THEY ARE BEING FIRED".
There is only one catch. If you have bad credit then that is proof you are a security risk. You could still win (think jury trial), but it would be harder.
Have fun, be American
Re:What's good for the goose is good for the gande (Score:5, Interesting)
If that's possible then yes, he should sue. It might be extremely difficult however.
I have some experience in this as I was fired as a security risk. The cause? I installed a firewall on my PC. The formal letter stated that this could interfere with their network firewall (a Cisco box that was very over-the-top for a small development company of twenty people).
Of course that wasn't the real reason. It was the refusal to work unpaid overtime and perhaps a tendancy to correct my boss that got me out. However, how do I go about getting this fixed in court? No matter how expert I am in IT (and I am quite expert), they can through an 'expert' back at me in court, and how will a judge know the difference.
And aside from that, what would be the charge? I'd already resigned and was working out my notice. The sole result is that any reference from my former employer now states that I was fired for 'Gross Misconduct.' The burden is on me to convince people that it wasn't fair.
A very nasty situation all round.
I wish the poster good luck if he finds a way to sue, but beware of getting into a credentials battle with various "experts," because most courts wont be able to assess your case on the basis of technical details.
Re:What's good for the goose is good for the gande (Score:4, Interesting)
and the lesson is ... If employee morale is rock bottom, there's generally a damn good reason at the top. Look for a job elsewhere before its too late.
As for offering to work from home in place of outsourcing? Are you nutz You would just be proving that womeone could do the job remotely ... ie in some place that is beyond even the third world. Lets face it, India and China are now complaning about jobs being ousoureced. Obviously the work is being done by krrgs from the planet Zog.
Re:And then get arrested, convicted... (Score:3, Interesting)
Report the SOBs to the certifying agencies (Score:2, Interesting)
Comment removed (Score:2, Interesting)
Why business's exist (Score:3, Interesting)
Anybody who doesn't see it this way should try to put themselves into the position of the owners. Try to imagine owning a company. If you are the boss and you don't want a particular person working there any longer, you would fire them, right?
If you don't like people having that sort of power over you, start your own business.
Now, don't get me wrong, I do feel that what the company did was most likely a bad move, and certainly was not a good way to repay a person who seems to have been a good employee.
Any way you look at it, the management is responsible to the owners, be it private parties or stockholders. Their job is to make money for them. It is not to provide the employees with work.
Sorry for the rant, but I get irritated when people think the their employer OWES them a job, they don't.
Re:What's good for the goose is good for the gande (Score:5, Interesting)
That's what I did. My former employer of five years spent several times my salary-to-date on consultants from Gartner, who convinced management that everything I'd built was wrong and they should spend my salary for the next five years on Microsoft products. I helped them roll it all out, they showed me the door... and now (from what I hear from a few friends there) they are hurting. {shrug}
Not a security geek, however... (Score:4, Interesting)
On the other hand, I do have some thoughts on increasing your likelyhood of finding or keeping a job in this tough IT marketplace, that can be found here... [slashdot.org]
The executive summary: diversify your skill base, and become a jack of all trades; coupled with that, look at other means to increase your ability to satisfy your user community better and faster than the competition.
Maybe your employer didn't have a choice (Score:2, Interesting)
Re:What kind of lawyer handles this? (Score:4, Interesting)
IANAL (but I've paid for their kids' dental work and sailboat), but there are two issues here: I think you have excellent grounds for proving damages to your reputation in the industry (from both the consultancy and your employer), in addition to wrongful termination if you were let go with prejudice (fired for false or misrepresented cause and denied unemployment). However, the real money is in the first part, so go for a libel/slander lawyer with knowledge of labor, not a labor lawyer who's heard of slander and will sue to get your job back. What you really should want from this is to (a) clear your name, (b) collect monetary damages, and (c) walk away. Dunno about FL law, but you should get all your lawyer fees back as well if you file the suit properly...
I have (unfortunately) some experience in picking a lawyer for similarly hostile and unpleasant situations. In a recent situation that involved an insurance company, I turned to my own insurance carrier (home, personal liability, auto etc) and asked to be put in touch with a couple of senior examiner/adjusters. When I reached them (no easy task), I asked them the following question:
"Who is the meanest son-of-a-bitch you never want to be across a table from?"
Both people gave me the same name, and I hired that person as my lawyer. Yeah, the hourly rate was kinda frightening, but when your lawyer scares the piss out of the other party simply by name, the proceedings tend to be much shorter, and more to your advantage.
How does that apply to your case? Call a libel/slander *defense* lawyer, and ask him/her the question above. Two votes for one name, and voila, you have your counsel.
My personal advice is not to be shy about this. There's a time to shrug and walk away from an employer who lays you off for stupid reasons (I did a few months ago), and there's a time to fight like hell against something that could drown your career. This seems to me like the latter. What will you say in a few years, when a potential employer asks "If you weren't a security risk, why didn't you fight it?"
Jon Espenschied
Win wars before they start. (Score:3, Interesting)
This is gonna sound syndicalist (though it isn't, really, just basic strategy): the wielders of tools can exercise final power over those tools, even if they don't officially own them--because posession is more powerful than abstract ownership. Of course, being a social species, working in concert makes us far more powerful.
I did assessments (Score:3, Interesting)
I decided to get some certs and marketability and find a job less 'stressful'. In studying the Code of Ethics for the CISSP, I realized that it should be my job to help dedicated people hang on to their job with instruction, training, learning, awareness.
I now work at companies with the idea that I will locate 'vulnerabilities' and correct them with the resources they currently have. I know its a stretch for some to adopt that line of thinking but in the long run, this attitude is paying off.
Comment removed (Score:2, Interesting)
Redundant not sacked (Score:2, Interesting)
From the point of view of the sacking the company is legally obliged to tell you in detail what you did wrong so that you can study and correct those faults and not be doomed to repeat them. Ask for an "exit interview", this interview should discuss in detail the technical reasons why you failed to provide the service. You could ask for a copy of the security report under a non-disclosure agreement to supplement your knowledge of what went wrong. The company may (rightly) refuse to provide a copy of the report but you should ask.
Discuss with management that you were "outsourced" not fired and discuss with them that they should correctly reflect this to potential employers. Advise them that if you caan you are willing to assist them with problems or provide independant audits of their security at a reasonable consultant rate. It is better to leave them in a friendly frame of mind:
a) It will be reflected in your reference.
b) It gives you a slim chance of picking some extra consulting work.
c) Asking for details of security problems is a positive and should be reflected by you to your potential employers.
Don't under estimate the fact that you may have been a problem. You have given us no indication whether you followed security alerts, whether you configured your boundaries properly, etc. This may not be the case but we cannot judge your performance.
Re:What's good for the goose is good for the gande (Score:2, Interesting)
A(nother) suggestion for your problem would be to watch for up coming security matters that might effect them such as an exploit or virus and warn them of it right away. Just be careful how you warn them, some warnings can be taken as threats. You might even add how to combat the threat.
Just a thought... it worked for me.