Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Linux Business Technology

Replaced by Outsourcing -- What's a Geek to Do? 1166

SafariShane asks: "Yesterday I was fired from my position as 'Network Security Analyst' from a financial institution. I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.' At the time, I thought a vulnerability assessment of our network was a good idea, but in retrospect, it occurs to me that this company, who's other product is 'Outsourced Network Monitoring and Intrusion Detection' may pull this little trick everywhere they go. Has this happened to any other network security folks out there. Does anyone know if this is a common practice, and what's a geek to do if they find out a 3rd party assessment is on the way? If this happens again at another institution, should I just start polishing my resume right away?" Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay? For those of you who feel the threat of Outsourcing breathing down your neck, what are you doing to try and stay in your current job, or even in this current market?

"Here comes the obligatory South Park reference:

  1. Perform Network Vulnerability Assessment
  2. ?
  3. Profit! (Sell Outsourced product)
Looks like they came up with an actual step 2:
Label anyone who is responsible for network security as the risk, and get them fired.
I wouldn't even dream up the above situation, except that when the assessment was done, all results were hidden from me. The company presented the results not to the geeks that can interpret them, but directly to the executives that still think 'Clippy' is a great product.

I'll also note, because people will ask me anyway, if there were other problems. In my year on the job, there was only 1 network intrusion: Welchia, which was contained in twenty minutes. Anyone familiar with Welchia will know that it is no easy task. I was never reprimanded for anything. In fact, I received a 12.5% raise only two months ago for job performance.

I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.

I'd like to hear comments from folks this has happened to, and what did you do as a result?"
This discussion has been archived. No new comments can be posted.

Replaced by Outsourcing -- What's a Geek to Do?

Comments Filter:
  • SafariShane needs to turn around and hack back in to the system in a week and show that the new company's security measures weren't that great. ;-) This will ingratiate himself with the CEO and get the new company kicked out.

    Problem solved. ;-)
    • by VT_hawkeye ( 33442 ) on Friday December 19, 2003 @11:14AM (#7764831) Homepage Journal
      ...and sent to federal pound-me-in-the-ass prison.

      He got hosed by an unethical competitor, but he can't do crap about that now. Time to brush off the resume.
    • by letxa2000 ( 215841 ) on Friday December 19, 2003 @11:23AM (#7764964)
      Hmm, given your experience I would start an 'Outsourced Network Monitoring and Intrusion Detection' and start offering your service to companies in your area. Then, label each responsible network administrator as a security risk and get them fired.

      • by dgrgich ( 179442 ) * <drew&grgich,org> on Friday December 19, 2003 @01:11PM (#7766492)
        This reminds me of the funniest joke on earth.

        Two hunters are out in the woods when one of them collapses. He doesn't seem to be breathing and his eyes are glazed. The other guy whips out his phone and calls the emergency services. He gasps: "My friend is dead! What can I do?" The operator says: "Calm down, I can help. First, let's make sure he's dead." There is a silence, then a shot is heard. Back on the phone, the guy says: "OK, now what?"
    • by mbrinkm ( 699240 ) on Friday December 19, 2003 @11:26AM (#7765027)
      I've heard stories of people doing the "revenge hack" to prove that the new security is worthless, then ending up in jail. Why would anyone want to risk jail time to get a job back at a company that obviously would rather listen to a contract consultant rather than a member of their company?
      • by Glonoinha ( 587375 ) on Friday December 19, 2003 @11:39AM (#7765235) Journal
        Yea that would be a bad idea. A better idea would be to be helpful, like those guys that list all the Microsoft vulnerabilities in a public forum so Microsoft will be able to fix them right away.

        So how about listing on slashdot all the passwords, usernames, maybe the list of salaries of all the employees, ip addresses of back doors, list all that crap here for us and we will politely help the company get back on track to super-security awareness.

        Seriously though, sorry to hear about what happened. Wonder what field the next 'boom' is going to be in ... maybe we can get a head start.
    • by Anonymous Coward on Friday December 19, 2003 @11:29AM (#7765065)
      I'd say he should contact his former employer and offer to perform testing of the outsourced security system as a consultant -- after all, he knows those systems as well as anybody else. Then he should try to hack the system -- since he's working as a consultant, it would be legal to do so.

      Then when he's able to hack in through the outsourced security system, he should state that the outsourced company's report was right -- a disgruntled former IT person is a big threat, but since he knows the tricks he'll know how to counteract that threat.
      • by Anonymous Coward on Friday December 19, 2003 @12:53PM (#7766249)
        Yes. Good reply. In fact, this is exactly what I was going to suggest.

        But, it wouldn't suggest that a disgruntled IT guy is a threat, insomuch as the "new-an-improved" security is inadequate. Afterall, he wasn't disgruntled until he was fired.

        His work should indicate that this ex-employee isn't a threat, because he knows too much about the network... It should indicate that the new security company dosen't know shit. Otherwise, you're going to setup a mutual distrust between the company and the IT people. In other words: The IT people won't trust that their jobs are safe, and the company won't trust that the IT people won't fuck them over because they are mad.

        Personally, I wouldn't want to work in a place that's being kept in check by the threat of mutual assured destruction. It's too much tension. Bad for the blood pressure.

        The employees should be working on the same team as the management--with the same goals (higher productivity and profits, and all that garbage) If the managers see this quality in an IT person, they become quite invaluable as a bridge between the tech (which they don't understand), and the money (which they want more of).

        This sort of activity used to be upheld by the promise of profit-sharing (the more the company makes, the more you make, so if you save the company money, you get it back as a NICE bonus in the end). It's all but gone now, but you can use the same ideas to make yourself a truely invaluable person to the company (with a check to prove it).
    • by ToasterTester ( 95180 ) on Friday December 19, 2003 @12:44PM (#7766148)
      Pointed Haired Bosses don't think that way. At my last job (one of the big 3 ISP's) one of the NT admin's screwed up and opened our one internal systems to the whole world. One of our techs studing security discovered the hole and reported it our PHB. Who came to our SA team to check and confirm. They were more concerned about the tech finding the hole, than the idiot NT admin who screw up an NT securtiy setting. They were insisting on firing the tech. They said opening up our system to world was less of and issue, than a employee sniffing our network, even if he reported it.

      I've worked for too many large corporations don't ever think management is going to think logicly.
      • by Anne Thwacks ( 531696 ) on Friday December 19, 2003 @02:50PM (#7767721)
        I had the same experience - recommended a fix for a major problem, and got fired for pointing out there WAS a problem. With hindsight, I'd say it was the company with the lowest employee morale I ever worked for.

        and the lesson is ... If employee morale is rock bottom, there's generally a damn good reason at the top. Look for a job elsewhere before its too late.

        As for offering to work from home in place of outsourcing? Are you nutz You would just be proving that womeone could do the job remotely ... ie in some place that is beyond even the third world. Lets face it, India and China are now complaning about jobs being ousoureced. Obviously the work is being done by krrgs from the planet Zog.

    • by geoswan ( 316494 ) on Friday December 19, 2003 @01:39PM (#7766852) Journal
      SafariShane needs to turn around and hack back in to the system in a week and show that the new company's security measures weren't that great. ;-) This will ingratiate himself with the CEO and get the new company kicked out.

      Shane, this sounds like a truly rotten experience. And some of the advice you have gotten here is pretty crappy too.

      Before you consider taking revenge, do you think there is anyone in management or H.R. to whom you could have a conversation? The idea that management had had a sudden, abrupt reversal in their confidence in your ability and trustworthiness must be a disturbing one. Perhaps there is someone to whom you can turn to for some reassurance.

      "I thought I was doing a good job. I did get a 12.5% merit increase in pay. But the secrecy around how my employment was terminated is disturbing. Is there something in the security report that will cause the firm to give future employers a less than enthusiastic endorsement of my skills? I'd like to know this."

      You don't absolutely know the outside consultant's slagged your performance or trustworthiness. And, if I read your account correctly, you don't know that your former employers turned around and hired the consulting firm to replace you.

      Good luck.

  • I don't trust you (Score:5, Insightful)

    by Anonymous Coward on Friday December 19, 2003 @11:13AM (#7764823)
    I don't trust you to work from home. You will just watch Scooby Doo.

    I doo trust a company in India, tho.
    • by morcheeba ( 260908 ) on Friday December 19, 2003 @11:38AM (#7765211) Journal
      Not only do they have scooby doo in india, but he's much more evil than he is in the united states [indiantelevision.com] -- he gives kids tattoos and has got them buying 75 gram packages of "krackjack". We americans have to settle for regular crack.
    • Re:I don't trust you (Score:5, Interesting)

      by Anonymous Coward on Friday December 19, 2003 @12:16PM (#7765783)
      My own experience relating to this:

      1) Medium to large size business do not trust individuals: only other businesses are trusted. A local Goodwill (yeah, really, Goodwill) used to outsource work to me on a very regular basis. I'd give them plenty of freebies (again, it's Goodwill) along with the outsourced work. Eventually they hired someone to take care of internal matters and the outsourced work finally stopped (he had a gripe with me apparently). The CEO didn't question his judgment because he was moving to Microsoft products and outsourcing to larger companies. It didn't matter that they were paying six times (I kid you not) as much for the same work, their firewall had been removed (the new guy didn't understand how to manage it), and they removed a perfectly stable Linux box in favor of Exchange (easier to maintain for him, but DID go down frequently). None of this mattered. The CEO and kin felt more comfortable with larger businesses despite the problems. They care about feeling better, not about how much they're paying or how often something goes down. They will excuse ANYTHING if they're happy.

      2) This (security assessment) is a new tactic from a small group of companies/individuals that have been around for a while. Years ago I handled support for a local ISP. The ISP had (shame on them) sold bandwidth to an adjacent office which was plopped right on the main network (no bridge/firewall/etc). This office had a MUD server which was compromised and made a really great packet sniffer. Account info was snagged and used....by a **network security firm** working out of Canada. They changed a few passwords to get attention, then e-mailed the owner of the ISP with a 'Hey, we didn't do anything but we wanted you to know your setup is easily corrupted. We can supply you with services to prevent this in the future.'. It's like, some kind of dorky geek mafia.

      The original submitter could be a dick or a great employee. Either way, it doesn't matter because these security goons are out there and using a much better tactic to get business. It's pathetic, but it's real and there are enough ignorant businesses out there to make it profitable. All the education in the world won't help some employers, they're just too fucking stupid. Maybe the submitter's best bet is to hook up with one of these shitty security firms....join 'em before they beat you out of the market (re: multiple bad security profiles).

      Sorry for the long rant...too much coffee ;-)
      • Re:I don't trust you (Score:5, Informative)

        by Kurt Gray ( 935 ) on Friday December 19, 2003 @01:44PM (#7766898) Homepage Journal
        I think you're right, part of what's going on here is a cultural divide that exists in many companies between the managers in suits and the admins in the back cubes watching the network. In some offices these two types hardly ever speak to each other: no kinship, no trust, no loyalty. Both parties bear the responsibility to walk across the office and speak directly to each other once in a while.

        My years in sys admin middle management taught me that some admins just don't want to speak the managers in suits. They automatically distrust the management, they resent that anyone who knows less about networking is being paid more and is manager of many departments. They view anyone who meets with management and eats lunch with management as a kiss-ass or someone not to be trusted. This to me is exactly the kind of attitude that holds people back from getting promotions, being recognized, and makes one more vulnerable to becoming a victim of downsizing. If management has no idea who you are and what you do all day then you are effectively nobody to them, you are just another labor expense on the accounting books.

        The easiest way to let management know that you have value is find a problem, and don't just whine about, do a little homework and propose a practical solution along with some numbers as to how much it will cost/save the company. If your department manager is the type of prick who would try to steal credit for your brilliant ideas then walk around his desk and talk directly to his boss about your brilliant ideas... if you have enough of those conversations with that boss you may even find yourself being promoted to replace the prick who stole credit for all of your ideas. Don't be someone who complains all the time, try to be someone who has solutions rather than complaints. Leaders have answers, followers have complaints. Managers value people they can go to for answers.

        So in summary if you make no attempt to talk to management then don't be surprised if they become more comfortable dealing with some out-sourced vendor then they are dealing with you... don't be surprised if someday the managers you hardly ever spoke to tell you to pack up your desk.
        • by K8Fan ( 37875 ) on Friday December 19, 2003 @02:54PM (#7767770) Journal
          If your department manager is the type of prick who would try to steal credit for your brilliant ideas then walk around his desk and talk directly to his boss about your brilliant ideas... if you have enough of those conversations with that boss you may even find yourself being promoted to replace the prick who stole credit for all of your ideas.

          The flaw in this plan is that most geeks, in my experience, have no desire to be promoted to management. We just want to do the work. The dream job for someone who is generally attracted to network security work is to be left alone most of the time by a boss who can realize that the fact that they haven't had to concern themselves with network security is a Good Thing. Then they throw more money.

          The worst bosses I've ever worked for have been fellow geeks promoted above their social skill set. They are usually grumpy that they no longer get to play with the technology, and have to spend their days in meetings.

    • by The_ForeignEye ( 681271 ) <julian@foreign[ ].net ['eye' in gap]> on Friday December 19, 2003 @01:11PM (#7766489) Homepage
      I disagree.

      Sure, I could watch Scooby all day long and you wouldn't know...at first.

      Software projects are tracked and managed. It soon would be apparent that your progress is not aligned with what the initial estimate was, and although you could give some bullshit reasons as to why your progress was not as expected, they would eventually get rid of you for somebody more efficient.

      Working from home sounds like a really good idea, but I don't think it's going to happen (unfortunately). I work for a software consulting firm and we have some remote people that work from home because they have no other choice (they are too far away from the closest office). However, when I (or anybody in the office) asked about working from home, the excuse we were given was that it would break the "team environment". They value person-to-person interaction too much and they don't care whether you could do netmeeting, telephone conference, or video conference through the net.

      Working from home means you don't interact with other team members as much as you would if you were in the same location, and you don't share your knowledge and experience with them. Now, you don't share the comments about last night's football game either, but that's another story.
  • by Anonymous Coward on Friday December 19, 2003 @11:14AM (#7764834)
    The managers and CEOs of this country have no idea about how to make router connection or how to correct a line of code in their payroll systems.

    I'm on call 24x7x365 while the CEO sleeps.

    The none technical types need to understand where info power resides.
    • by Anonymous Coward on Friday December 19, 2003 @11:17AM (#7764874)
      As evidenced by the story poster, it lies with the non-technical types.

      I'm on call 24x7x365 while the CEO sleeps.

      You sure have a funny definition of power.
    • I'm on call 24x7x365 while the CEO sleeps... The none technical types need to understand where info power resides.
      If you're on call 24/7 while they're home sleeping, it sounds to me like they've got a lot better handle on where power resides than you do...
    • by An Onerous Coward ( 222037 ) on Friday December 19, 2003 @12:08PM (#7765658) Homepage
      No.

      Try and hunt down an old sci-fi story called "The Roads Must Roll [wikipedia.org]," by Robert Heinlein.

      Quick plot summary: In the future, American cities are interconnected by vast conveyor belts--called roads--which transports people and goods. A few political demagogues start convincing people that certain segments of society should be rewarded for doing "critical work." For example, the road mechanics realize that without them, society as a whole would be hosed.

      So a faction within this group of mechanics decides to go on strike, shutting off the roads and committing vandalism. Sure enough, everything stops working as the factions battle it out for control over the roads.

      The basic problem with their underlying thinking is this: There is no one ultimate locus of control. Our entire society is completely interdependent. If the network people quit doing what they do, things are hosed. The same goes for doctors, police, firefighters, manufacturers, and farmers.

      Take another example: Miners. There's an old mining slogan that says, "If it isn't grown, it has to be mined." There's a great deal of truth to that. Without mining and miners, we're screwed. But does that mean that the mining industry deserves ultimate control over our society? It's like having your kidneys demand veto power over your brain because the brain cannot operate without them.

      Management types think of themselves the same way you're asking computing types to think. According to their thinking, without a running business, you wouldn't have a job where you could ply your trade.

      Every society strikes a balance between individualism and collectivism. We're all individuals, but we're also functional units within a larger system that keeps everyone alive. I think you've definitely drawn the line in a bad place. Whether computer gurus are under or overvalued is irrelevant; I strongly object to your basic premise: if we have the power to wreck everything, we have the right to do so if the system doesn't give us what we want. It's merely blackmail writ large.

  • What to do? (Score:5, Insightful)

    by grub ( 11606 ) <slashdot@grub.net> on Friday December 19, 2003 @11:14AM (#7764836) Homepage Journal

    What do to? Well, you're a casualty of corporate sleaze and politics. Read The Art Of War [gutenberg.net], get back on the horse and don't let yourself become a victim again.

    That sounds cold, I know, but what else can you do? Dwelling on the issue won't pay the rent.
    • Re:What to do? (Score:5, Insightful)

      by Fnkmaster ( 89084 ) * on Friday December 19, 2003 @12:03PM (#7765585)
      And more importantly, learn your lesson. Next time some huckster wants to sell you a "security audit", don't buy into it. Use it as justification to do an internal audit, or convince your bosses to bring in consultants of your choosing. Make it a collaborative process with your managers. Prize your relationship with your bosses above all else - don't be an ass kisser, be good, and make them look good. If when they think of you they think of the guy who saved their asses lots of times, they would have to be fools to let you go.


      Control is greatly undervalued in business. Often times, control is more important than your bottom line salary. You want to be in control without people knowing that you're in control - don't play politics or backstab people, just be very important to the bottom line and very trusted. If you are unable to make your boss realize that you are important, you should find another job as soon as possible. Also, ALWAYS keep a backup plan in place, enough money in the bank, and have lots of friends in your line of work to help give you an in to other job openings.


      It's a cheery little Machiavellian world we live in. :)

  • by tomstdenis ( 446163 ) <tomstdenis.gmail@com> on Friday December 19, 2003 @11:15AM (#7764839) Homepage
    Not like... say virus scanner writers right? [who probably write the viruses they detect...]

    I say if your management is stupid enough to fall for the tricks without trusting you then they deserve what they get and you probably shouldn't have been working there in the first place.

    Tom
  • Easy solution (Score:5, Interesting)

    by IGnatius T Foobar ( 4328 ) on Friday December 19, 2003 @11:16AM (#7764859) Homepage Journal
    Easy solution:

    Get a job working with an outsourcer. Duh.

    "Services" is where the IT business is going. And yes, there are outsourcing companies in the USA and various other non-India, non-China nations. Skilled, flexible talent is very valuable to a services company. And it's satisfying work because you're not stuck with one environment all the time -- you get to play with lots of different customer environments, picking up new skills along the way.

    Basically, what I'm saying here is, quit whining. Make yourself a valuable person and you will find employment. And don't rest on your laurels, either: you have to constantly adapt and pick up new skills.

    Now I shall sit back and wait to get modded down by the unemployed, disgruntled Slashdot hive mind, but my position on this issue stands.
    • Re:Easy solution (Score:5, Insightful)

      by GeckoX ( 259575 ) on Friday December 19, 2003 @11:19AM (#7764912)
      Can't beat em, then join em right?

      That's all fine and dandy for those whom have a constantly shifting moral stance, or none at all...however some people, like the submitter of the story, would probably prefer to stick to their morals and avoid being a hypocrit.
      • Re:Easy solution (Score:4, Insightful)

        by be-fan ( 61476 ) on Friday December 19, 2003 @11:26AM (#7765023)
        How does working for an outsourcing company violate this guy's morals? Not all outsourcing companies pull tricks like this to get work. On the otherhand, if your morals are "outsourcing is wrong," you have a stupid moral and should reevaluate it.
    • by Anonymous Coward on Friday December 19, 2003 @11:23AM (#7764962)
      Now I shall sit back and wait to get modded down by the unemployed, disgruntled Slashdot hive mind, but my position on this issue stands.

      A martyr complex and a superiority complex, all in one. Neat.
    • by thrillbert ( 146343 ) * on Friday December 19, 2003 @11:27AM (#7765046) Homepage
      Basically, what I'm saying here is, quit whining. Make yourself a valuable person and you will find employment. And don't rest on your laurels, either: you have to constantly adapt and pick up new skills.

      Wow.. this is some really good advice. If I were any of you, I'd listen to this guy, he really knows what he's talking about..

      Now, would you hurry up and fix me my double tall latte??

      ---
      You can get more of what you want with a kind word and a gun than you can with just a kind word.
      -- Bumper Sticker
    • Re:Easy solution (Score:5, Interesting)

      by haystor ( 102186 ) on Friday December 19, 2003 @11:34AM (#7765155)
      Yea, become a consultant. You've already got one business in your rolodex that will buy a product from the same person inspecting whether they need that product.

      What I'd do is file for unemployment immediately. This would be good to find out if they claim they fired you for cause. In Texas at least, if they want to make that claim, it has to be done in writing which means they would have to commit to those statements. If you wanted to pursue it, you could eventually find out why they say you were fired. Likely they will just take the hit on their unemployment insurance and not contest your unemployment.

      If you think that something was a little bit shady, like a manager getting a kickback from the consultants you might try to use your current contacts to feel that out. Unlikely you'll find out anything there but if you do you could be a real bastard about it.

      I ran into a situation where I was hired by a business consulting group to do some work they normally didn't do. I had contract signed and everything when they never called back with a start date. After two weeks of expecting a firm date, I called them and they said it was a no go. I suspect they filled the position internally after using me to land the contract. They had accidentally let me know the company they were pitching and it turns out the President of that company is a family friend. All I had to do was ask an uncle to ask this guy over lunch if they had someone doing this job from company xxx. After weighing the possibilities of what I would/could do if I was right, I decided I just didn't want to know and time would be best spent concentrating on a job/career instead of money and time lost. When lawyers get involved the only sure thing is that the lawyers make money.
    • Not just in IT (Score:5, Interesting)

      by The Tyro ( 247333 ) on Friday December 19, 2003 @12:00PM (#7765529)
      medicine has become the same way.

      Many hospitals are contracting with large national companies to provide physicians services that were traditionally provided "in house." This is most easily done for things like Radiology, where films can be digitized and shipped anywhere in the world to be read by a room full of radiologists. It's also being done (and has been for years) with Pathology services... send your slides and tissue specimens to a big lab to be examined rather than the employing a bunch of local pathologists. Admittedly, there are some economies of scale that enter into the picture... "sending out" can be more efficient.

      This is also a big deal in my own specialty (emergency medicine); competition is brutal. There are large national "contract management" ER groups that are constantly approaching hospital administrators with sales people, brochures, and a pitch about their high-quality, lower-cost emergency medicine care. Contracts change hands in ER all the time, which is why a lot of ER docs live like gypsies... if your hospital outsources their ER services, you get fired, and have to find another job (if you live in a smaller area with only one or two hospitals, you can be SOL... time to uproot the family and move.)

      How do I/we fight it? Relationships and service. We make ourselves available to the administration to address concerns and problems. We build relationships with the community physicians, so that they KNOW who's taking care of their patients in the ER, and KNOW they can trust us to take care of the critically-ill. We integrate ourselves into hospital committees, and get involved in the community. We implement Quality Assurance and Peer Review to ensure that we're practicing up to the standard of care. It can be a lot of work trying to keep your job (never thought you'd hear a doctor say that, did you?).

      In ER, losing your contract/job or not usually has nothing to do with bad medicine... it's failure to "play the game" that sinks you. There may be a parallel here for the infosec geek that was fired... If there's one area where the prototypical "geek" personality probably hurts the most, it's in the eschewing of those critical relationships. It's great to have m4d 5ki11z in the server room... but a little face time with the powers that be could make the difference between paycheck and pink slip...

      There's no guarantees, however... even with all my efforts, I can still get sold out if my hospital administrator gets a wild hair, or just plain doesn't like me.

      It's business reality for lots of folks, not just IT.

  • by tommck ( 69750 ) on Friday December 19, 2003 @11:17AM (#7764879) Homepage
    No offense, man, but if you're good at your job, get a new one.
    If your company was willing to do that, you probably don't want to work there anyway.

    it sucks, but Ob-la-di ob-la-da life goes on ...
  • just move on (Score:5, Insightful)

    by gagy ( 675425 ) on Friday December 19, 2003 @11:17AM (#7764885) Homepage Journal
    You can't take things like this personally. If they're outsourcing you, the wheels are already in motion and there's not much you can do to stop them. I have no attachment to my employer. I have an awesome team right now, and I feel loyal to them, but not to the company, but that's what they teach us in Business School. You have a chance of being outsourced, much like you have a chance of getting into a car accident. Nothing you can do once it happens. Collect your insurance and buy a new ride.
  • by Burb ( 620144 ) on Friday December 19, 2003 @11:18AM (#7764888)
    You have my sympathy.

    In any IT situation, the guy/s who knows the system administration/root passwords is always a potential risk. They've fired you, but they must have someone who knows the stuff you do, root passwords and all.

    Hey, wait a minute, now the new guy is the risk. Fire him and pass the root passwords to the next guy. Repeat to fade...

    Sounds like someone has been solving the wrong problem.

  • by wheany ( 460585 ) <wheany+sd@iki.fi> on Friday December 19, 2003 @11:18AM (#7764889) Homepage Journal
    Capitalism is a funny thing. Well, at least the "modern" capitalism. Not only does your company have to profit, it has to profit more than last year, every year. This is one of the reasons people get laid off even when a company is making record profits.
  • Editor's comments (Score:5, Insightful)

    by spuke4000 ( 587845 ) on Friday December 19, 2003 @11:18AM (#7764895)
    Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?

    Based on the description of the problem this doesn't seem to have anything to do with oversea's labour. It's just that he was replaced by an outsourcing company (in his own country).

    About the reduction in pay comment, if you were sent home with a 50% pay cut would you be happy about it? Or would you be hitting monster.com on your 'extended' lunch breaks. I don't think it's really practical to half-way lay-off people, because the employees won't be at all loyal after that.

    • Re:Editor's comments (Score:5, Informative)

      by nate1138 ( 325593 ) on Friday December 19, 2003 @11:26AM (#7765036)
      I don't know about that. If I could work from home, I could get rid of one of my cars (no public transit where I live at all) and all the associated expense. That would easily make up for a 20% pay cut (between the payment, gas, insurance, maintenance, etc). I think it would also be VERY appealing to those of us with children and two working parents. Get to work from home and be there when the kids get back from school. It doesn't apply to everybody, but for some folks it may be an option.

      Now if they tried to send me home at half pay, fuck em. I'll take the money and find a new damn job.
  • You were set up (Score:5, Insightful)

    by pegr ( 46683 ) * on Friday December 19, 2003 @11:18AM (#7764896) Homepage Journal
    Not sharing the results with the net security people is the giveaway. They wanted to fire you, and told the consultants that that was their goal. I'm in the biz, and what they did was way outside of accepted practice. So who is the company? We'd like to know who to avoid. I know the Big Four play this game, for their love is for money, not the best interests of their clients...
    • Re:You were set up (Score:5, Insightful)

      by nehril ( 115874 ) on Friday December 19, 2003 @11:49AM (#7765374)
      I work in the biz too, and pegr is 100% on target. The other company's salesmen had already sold the "security outsourcing" product to your management (security outsourcing is real big these days). The assessment was just management's cover to get you out of the picture.

      When they say you were the "security risk" they mean that a single person in charge of security is not as reliable as their managed service, because you can become sick, disgruntled or killed crossing the street, but their crack team of mega analysts never sleep, cover for each other as needed and are immune to bus collisions. All for the low-low price of only 3x your salary.

      I don't recommend you mention your ex-company's name publically since you have already lost this battle and you do not need to be seen as disgruntled in any way (cut off all contact to save yourself, otherwise the enemy consultants may blame the next breakin on YOU. they might anyway).

      However it *would* be nice to know the name of the consulting company that shafted you.
  • by ed.han ( 444783 ) on Friday December 19, 2003 @11:19AM (#7764905) Journal
    "here's a question i always wish i could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?"

    do you think that this would be a good idea, overall? think about where this winds up going if it becomes a trend in, say, 3-5 years time: it becomes a price war, and it's one that domestic employees cannot win. cost of living is just higher here than in a number of other countries.

    i think this is a very, very bad idea, and one that's not just bad for you personally, but also for people in the industry overall. it would have the effect of dropping IT salaries across the board. in essence, you would be arguing that you're overpaid. not a good idea, IMHO.

    that said: shame the PHBs were the ones making the decision. were there many others affected? this smells like a small bloodletting to help a business in a still underperforming industry cut some heads and increase profitability.

    ed
  • by Shivetya ( 243324 ) on Friday December 19, 2003 @11:20AM (#7764924) Homepage Journal
    Don't give employers this idea that working from home is a reward. My time is as valuable while in the office as outside of it.

    Working from home will already save them money on heating, cooling, parking, insurance, and office space. There are also tax benefits in certain areas of the country for implementing such environment and traffic friendly procedures.

  • by QuackQuack ( 550293 ) on Friday December 19, 2003 @11:20AM (#7764926) Journal
    I work for a software company. After many months of people having a hard time getting interviews, and very few leaving for other jobs. In the past three weeks, suddenly we had seven people announce they are leaving for new jobs. I have a friend who was recently laid off from another tech company a couple of weeks ago. He's had quite a few interviews already.

    Things seem to be looking better out there. New jobs will replace the old ones lost.
  • by Broadcatch ( 100226 ) on Friday December 19, 2003 @11:24AM (#7764978) Homepage
    I was "outsourced" two years ago and after 25 years of seamlessly moving between companies with never once even writing a resume, I haven't been able to get back into the market.
    • the good : I've had lots of time to play with my 2 year old son
    • the bad : I've got a family to feed
    • the ugly : I'm learning that experience in the industry hurts ones chances te land a job, as we're considered "too expensive"
    I've found a few consulting gigs to help, but now I'm moving out of the Bay Area - can't afford to live here anymore.
  • by otisaardvark ( 587437 ) on Friday December 19, 2003 @11:25AM (#7765010)
    The tactics of this particular company sound a bit iffy, true. But why exactly should someone equally qualified willing to work for less not get the job?

    It is very hard on those who it affects, but the economic reality is that the money saved in efficiencies (even if it only goes towards fat cat bonuses) is very tangible.

    There is illiquidity in labour pools because of immigration laws etc., but the internet removes these barriers. The global workplace is here, and as a result the market is freer than before.

    It is quite feasible that if (eg) Russia in fifty years time will farm out its "boring" nanotech analysis work to the US. Like it or not, standards of living in 2nd and 3rd world countries are going to improve, sometimes at the expense of sections of the 1st world. However, overall and in the long-term, competition leads to better economies all round.

  • by BigGerman ( 541312 ) on Friday December 19, 2003 @11:25AM (#7765012)
    Always remember that.
    The guy could be right, the guy could be wrong - that is completely irrelevant. The percieved reality is:

    the guy was in charge of network security

    the third-party audit was performed (why? did they look for an excuse to dump him?)

    Vulnerability was found

    The guy was sacked.

    That is all that matters. Waste your time - blame outsourcing, Republicans, little green men.
    Get over it, fix the resume and get back into the game. American corp environment is completely free of common sense and logic.

  • What I would do. (Score:5, Insightful)

    by Angostura ( 703910 ) on Friday December 19, 2003 @11:26AM (#7765018)
    You make some extremely good points, and you make them cogently and cooly.

    Personally, I would set down my concerns; about the possible conflict of interest in the study; about the lack of technical oversight of the reports findings in a letter and send it to the company CEO.

    The letter should be couched in such a way to make it clear that you are writing becauase you are concerned about the company's security; not because you are disgruntled. Make that very clear, mention in passing the facts about your recent appraisals, and bonus payments.

    Leave the CEO in no doubt that you are a professional and you are concerned that the company may be being set up. Tell the CEO that (s)he should not hestitate to contact you, to discuss the issues.

    At the very least it will make you feel better. It may even get the company to rethink its policy.
  • Wrong war (Score:5, Insightful)

    by lone_marauder ( 642787 ) on Friday December 19, 2003 @11:26AM (#7765033)
    You are not a casualty of off-shore outsourcing. You are a casualty of the battle between consultants and in-house IT expertise. Not that you're any less screwed, or that I'm any less outraged. And yes, I am a security consultant.

    The first thing I would have done is mention the name of the company that screwed you. I think this would give other in-house specialists pause before recommending them to management. Our own company's business model is built around providing the opposite sort of experience from the one you described. When we audit, we work with the IT staff, not against them, and we do so with the understanding of having "been there" (because I have been). We try to position ourselves as the guys who will tell it like it is, without panic, arrogance, or exaggeration, and we tell it to you, not your boss's boss.

    I have enormous disrespect for any network security firm who attempts to abuse the politics of their client's business to get ahead. Getting somebody fired in order ro pursue a business opportunity is beneath contempt and possible grounds for a lawsuit. I wish you luck.
  • Ask the Headhunter (Score:4, Informative)

    by jdavidb ( 449077 ) on Friday December 19, 2003 @11:26AM (#7765034) Homepage Journal

    I can't recommend Nick Corcodilos' Ask The Headhunter [asktheheadhunter.com] enough. This advice is just wonderful, either for getting a new job, or for showing your worth to your current employer. It takes a little bit of mental adjustment to accept what he says (and it may be a bit scary), but he is absolutely right about how to go about it! The problem we in IT face right now is the feeling that our worth is going down as many of us are replaced through outsourcing and foreign labor. Brush up your skill set, but most importantly, learn how to apply your talents to solve real business problems in terms of dollars and you will never doubt your worth (nor will your potential employers).

    ATH's advice is great. Be sure to get the book, read as much of the website as possible, and subscribe to the weekly newsletter. It's the only HTML mail I receive every week that I actually look forward to and enjoy reading.

  • by Quarters ( 18322 ) on Friday December 19, 2003 @11:34AM (#7765156)
    ...should I just start polishing my resume right away?

    It always confuses me why people don't keep their resume up to date at all times. It's much easier to ammend your resume as you are doing things than it is if you wait until you need it quickly and then have to rack your memory to dredge up the things you did over the past x years.

  • by Amiga Lover ( 708890 ) on Friday December 19, 2003 @11:35AM (#7765171)
    I was removed from my job where the majority of my team's time was spent monitoring our data centre, and calling in whoever we needed, when we needed, to fix glitches. I was proud of our work, and it's one of the times I truly felt a true "team player" that so many employers are after.

    In the space of 3 months, two separate consulting firms recommended our tasks be outsourced. We all lost our jobs, and what comes out in the wash? The outsourced monitoring company is a subsidiary of one of the consulting firms. No surprises there.

    Now, my employers have gone from having a small dedicated team who treated their equipment as their very own, to having a useless 'monitoring' company who not only can't detect an outage to save themselves (when the most clueless of managers has needed to contact them to ASK if a server is down when it's been out all night, things are bad) but don't actually do fixes themselves, but re-outsource those also

    Last I heard email went out for 4 days. Our worst was a 3 hour fix, which was a combination of intermittent server problems and a backup clean slate machine that failed right after install, so we needed to source and rebuild a box from scratch. The new firm's best time is over a day.

    The only thing I like about the whole situation is they're getting what they deserved, and are locked into it for another 18 months. Morals be damned, schadenfreude is fun.
  • by JRHelgeson ( 576325 ) on Friday December 19, 2003 @11:37AM (#7765190) Homepage Journal
    We outsource security all the time, and we have our outsourced IDS products, etc.

    One of the first things I say when I meet with a company is tell them that it's not the IT persons fault that the company is insecure. Network security is a relatively new field that ALL companies in existance are trying to get their arms around. I do NOT want to put anyone out of a job just for the sake of getting some consulting dollars. I feel that it is my responsibility to train the internal staff to be more aware of security issues rather than to terminate everyone and outsource it all.

    How can anyone thats not even on-site on a daily basis make the network more secure? When it comes to real security, you need to start with the folks that know the network the best. If they're resistant to change, then fire them. If they're willing to learn, train them.

    Network insecurity is fundamentally a management problem. Security inititaves must come from the top down, not the bottom up. I have never met a network administrator yet that has set out to create an insecure network. They likely were ignorant to the threats - therefore they needed training, which should have been ordered by management. Otherwise, you have security aware employees that are trying to push security up the chain to management, and management is completely unresponsive.

    I recently blasted a luddite CEO for not paying enough attention to his IT department. His company was compromised by a hacker and I came in to clean things up. I asked him; "Do you realize that your business relies 100% on what goes on in that server room?"

    Things are now changing in that company. We've now established data owners on the executive committee (Those that will hang if the data they own gets compromised), and now the IT department actually has a budget. 80% of the time I spend doing my security consulting is with executives, the remainder is with the tecnical staff giving them direction and training/pointers.

    Anyone that preaches anything different is trying to sell a magic fix for security, which doesn't exist.

  • Great Logic. (Score:4, Insightful)

    by Dr. Bent ( 533421 ) <ben.int@com> on Friday December 19, 2003 @11:37AM (#7765202) Homepage
    Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?

    Oh there's a fantastic idea. All I need to do now is figure out how to live without paying for food, clothing or rent and I'll be all set.

    Do we really need to go over this again? Repeat after me: You cannot compete with 3rd world labor costs. Ok, now just the guys! Good, now just the girls...Oh right, there's no girls here.

    The only way you're going to be able to keep your job is to do something that offshore workers can't do. What is that, you ask? Well, you could start my actually caring about the business that you work for. Too many IT people are so concerned about the technical aspects of thier jobs that they don't take the time to learn (and care about) how the business they work for actually makes money. This may have been OK in the late 90's, but IT people are getting the harsh reminder now that the reason that you have a job is not to play with the latest technology...it's to make money.

    It's your job as an IT professional to bridge the gap between business and technology. You need to be thinking about things like Return on Investment. You need to be thinking about the business needs of your customer...keeping in mind that your customer is probably not a techie like you and only cares about things like "How much does it cost", and "Will it work with what I have now" and not whether or not it runs on Linux. Most importantly, you need to be thinking about money first and technology second. Only someone who is physically present at your place of employment is going to have enough information to make decisions based on those priorities, which is why people who ignore them are finding their jobs shipped overseas.
  • by cOdEgUru ( 181536 ) on Friday December 19, 2003 @11:39AM (#7765227) Homepage Journal
    Trust me, I manage a project which is outsourced and currently employs 3 software engg offshore.

    The pluses -

    (1) Benefit in terms of costs. Well they bill us 30 bucks for a software developer where here I would assume it will be around 60.. Whoopee doo..

    (2) The supposed 24 hour day where your team onsite would plug 12 straight hours and your offshore team would plug in another 12 hours, therefore giving the client the impression that his project was worked upon for 24 hours..

    (3) Now that implementation is made seperate and outsourced, the client just needs to focus on the business aspect and the designm therefore having more time to themselves to focus on issues that need attention

    Minuses

    (1) Cost is not that much better. Quite soon, firms will try to up the prices and then you will lose the benefit in terms of cost

    (2) The 24 hour Day - Its quite different from what you are led to believe. Mostly both teams would take a couple of hours everyday trying to understand what the other has done, interact and to a certain extent, also play the blame game.

    (3) The client would find himself being pulled more often back in to the implementation and design, since his offshore partner cant understand the design or has a "better" design. Chaos ensues.

    Mostly from my experiences, what makes all the difference is the people who are developing this offshore. If they are intelligent enough and has good communication abilities, then you have a success story. If what you have is a guy who did a 14 day java crash course and has one year experience in plugging java code in to Helloworld.java, then you have an absolute wreck waiting to happen. It happened to me, I had two stupid asses with whom I spent 3-4 hours every night trying to drill in, the architecture, the requirements, the implementation details. And then I would wake up in the morning and they would have probably coded 10 lines and sent two emails with questions which either are stupid or should have been asked the night before. So what you have is two asswipes who just billed you for 16 hours and turned out 10 lines of code, of which 9 you will probably rewrite and a bunch of questions which doesnt amount to nada.

    I dont think that any firm who is currently doing outsourcing has thought about the actual implementation through and through. They are all given rosy pictures of intelligent professionals back home plugging away on their keyboards churning out code that works on the first try.

    More so, in a few years, the real picture would come out where probably 10% outsourcing actually churned out something positive and the rest 90% lost money, less money in fact, on projects which had no direction, no able offshore partner and a bunch of developers who doesnt know the difference between a class and an object if it kicked them in the ass with it.

    Sorry I just had to rant, since I spent a better part of my night trying to work with some idiots and two days ago I kicked them out of the project. And in a combined 300 hour period, they coded two classes, and the style of coding will make you puke.
  • by LiNT_ ( 65569 ) on Friday December 19, 2003 @11:40AM (#7765236)
    I work for a major MSSP. Yes, it's common practice to try and upsell our managed security services based off of consulting gigs. No, I've never heard of them trying to cut out the local security guy.

    I feel safe saying that every engineer I work with understands that our service is provided to supplement existing security practices. We can provide some security services which companies cannot perform on thier own. Whether because of cost or technical reasons. We cannot replace a companies entire security team. There are too many small details which need to be handled which an MSSP cannot do remotely. Nor do we want to. We'd also much rather work with a knowledgeable insider than get an imcompetant IT manager who's claim to fame was programming cobol 20 years ago.

    My guess is, some overzealous sales weenie got you canned. He probably pitched the MSSP services to the suits. The suits probably replied they already had in house security expertise. The sales weenie, fearing he would lose the sale, pitched the MSSP as a replacement for you. Something he never should have done. Most sales people will do anything they have to do to make the sale.

  • Security risk? (Score:5, Insightful)

    by deepvoid ( 175028 ) on Friday December 19, 2003 @11:40AM (#7765249) Journal
    The real security risk is the outsourcing company. The number one cause of security breaches in the US during the 90's was from outside (foreign) contractors who had access to information of confidential, secret, or restricted in nature. Now instead of having access to the data, the have access to the methods as well. Having a cheaper Software Engineer or Security Analyst does not mean you will get better engineering or more security. As evidence look at the airport system. The wages paid to security personnel are some of the lowest in the country, and hence cannot keep more skill individuals. Ex-convicts and high security risk individuals can be found in those occupations due to the poor fiscal incentives. We all know what that poor security led to.

    The lowest bidder does not nescesarily produce a quality product. When is the last time you found real wood in a piece of furniture in our country?

    I have heard the statement that the market is moving overseas to customers in China and India, and thus it is imperitive to hire from those localities. But why? If there are no skilled labor or engineering jobs left in the country, what will people do to make ends meet? Occupations at the top of the food chain will suffer as well. Already CEOs in some companies are being replaced by their foreign counterparts, and while the ousted CEO may have money in the bank, his children will end up in a shrinking service industry. Why will it shrink? Because the people they serve will no longer have any money.

    When labor went away, blue collar workers were forced to retrain in other fields, many just retired. They pushed thier children to get degrees in engineering, law, and medicine. Now the engineering jobs will be gone.

    Who will pay the taxes to support those millions who will retire in the next few years? Not the engineers and laborers, they live in China and India.

    What industry would you tell a young adult to get into, if all of them are destined to either be outsourced, or priced out of existence?

    Without the brain the body dies.
  • Topic For Election (Score:4, Insightful)

    by attobyte ( 20206 ) on Friday December 19, 2003 @11:41AM (#7765254)
    This should be the main topic for this coming election. But I think America is to wrapped up in other politics to worry about the future of thier jobs. We are so wrapped up in BS we don't see that far into the future. I bet the average american doesn't know where they will be in 2 years let alone how America will be.
  • by Maradine ( 194191 ) * on Friday December 19, 2003 @11:43AM (#7765296) Homepage
    Coming from the standpoint of a security auditor in a firm that specializes in Managed Security Services, let me lay a couple of things down in our defense.

    1. Security firms are told to audit against a certain set of criteria when the audit, be it GLBA, HIPAA, or one of the open security standards. Our work only identifies human security risks in process and policy, not people. If you were individually and specifically labelled a security risk, you should demand to know why.

    2. The firm's auditors likely had nothing to do with the loss of your job. Rather, it was your management. Managed Security Firms have two sales models: Unfunded Risk, and Savings. My guess is that their sales team was working on the Savings principle and presented a more cost effective security solution. Your management team decided that cost savings were more important than your job. I hate being a catalyst for that kind of change, because I don't like seeing good people get laid off. Most of our clients use us as a supplement, rather than a replacement. I wish it always worked that way.

    3. You lost your job. But we're hiring, and we have a hell of a lot more fun than should be legal. Jobless security professionals and analysts, feel free to reply.
  • by Skapare ( 16644 ) on Friday December 19, 2003 @11:55AM (#7765440) Homepage

    If all you did there was security, then you were in a bad position to begin with. Security should be a part of everything that is done, not handled simply by one person somewhere.

    Network engineer - The person or persons responsible for designing, managing, and maintaining the enterprise network should be the ones responsible for its security through all aspects of their work. Security has to be designed in to begin with, so that the network has the absolute minimum exposure and still provides a maximum ability for authorized staff to monitor and control it, while all other authorized staff can make full intended use of the network.

    Systems administrator - The person or persons responsible for selecting, installing, configuring, operating, and administering computer systems, both servers as well as workstations and desktops, should be the ones responsible for its security through all aspects of their work. Security has to be part of all the procedures so that the systems have the absolute minimum exposure while allowing authorized staff to perform the functions the systems are intended for.

    Programmer/analyst - The person or persons responsible for designing, programming, testing, and deploying new applications, or changes to existing applications, should be the ones responsible for its security through all aspects of their work. Security has to be designed into the way the application works, into its program code, properly and thoroughly tested, and then further verified once the application is up and running. And this has to be done while the application can still be fully used by all authorized staff, clients, customers, etc.

    Get the picture?

    Sorry to burst your bubble, but there should not be just one person who handles security. Depending on the nature of the business, one person might be the one who handles security coordination, but that isn't a techie/geek job; it should be more along the lines of an auditor who would be a paper pusher kind of person at businesses like banks and investment firms.

    As to your current situation I advise the following:

    Hire a lawyer. Have this lawyer contact the company pretending to be your new potential employer, and ask them for reference information about you. Actually do this twice (be sure completely different people call and pretend to be completely different companies). In one case your "new" position should basically be described as one similar to what you had at the company that outsourced you out. In the other case your "new" position should basically be central to your non-security skill set, such as a network administrator or network engineer (or whatever is appropriate for you). If they give you a good recommendation, then move on with your life and don't worry about it (just don't open your own personal accounts there, etc). However, if they give you a bad recommendation (such as "he was assessed to be a security risk") then discuss with your lawyer that situation and determine what can be done (you may have a case for a defamation lawsuit against either your employer or the outsourcing company).

    Be aware that most companies do tend to try to pretect themselves from lawsuits when giving references. They may very well not specify any problems. But that can also be interpreted by future employers as a problem, if they didn't give you a glowing recommendation. You'll have to determine how that will affect your career future.

    You might want to start your own small "security management and monitoring services company". There are lots of smaller businesses that will need this kind of service (whether they know that or not ... but that's a salesman's job to work on), but are too small to hire someone full time, and not big enough to hire the big security contracting firms. In a few years, as the big security firms expand to the smaller businesses (to keep up equity growth as their big business market saturates), they may come along and offer to buy up your business. If you play your cards right, you could end up being more "successful" than the managers of the financial institution that fired you.

    • by jonesvery ( 121897 ) on Friday December 19, 2003 @01:30PM (#7766728) Homepage Journal
      Hire a lawyer. Have this lawyer contact the company pretending to be your new potential employer, and ask them for reference information about you. Actually do this twice (be sure completely different people call and pretend to be completely different companies). In one case your "new" position should basically be described as one similar to what you had at the company that outsourced you out. In the other case your "new" position should basically be central to your non-security skill set, such as a network administrator or network engineer (or whatever is appropriate for you). If they give you a good recommendation, then move on with your life and don't worry about it (just don't open your own personal accounts there, etc). However, if they give you a bad recommendation (such as "he was assessed to be a security risk") then discuss with your lawyer that situation and determine what can be done (you may have a case for a defamation lawsuit against either your employer or the outsourcing company).

      Good theory, but I suspect that a lot of lawyers might balk at misrepresenting themselves in this way. The other issue it that it likely won't get any information. Because of this very scenario, many companies will not offer "recommendations" for former employees; they'll verify start and end dates for employment, salary, etc. -- factual information -- but won't provide anything that might be considered subjective for fear of a lawsuit like this.

      I'll also echo another poster in saying that while your situation does suck and was clearly handled badly, it may not be that you personally represented the security risk. If (and I don't know this to be the case) you were the sole person responsible for security, or your group couldn't provide 24/7/365 active monitoring (real eyes reviewing data at all times, not just responding to specific types of alerts), then the very existence of your job could be viewed as a security risk. It's the company's fault for setting things up that way in the first place, but they may well be right to change their approach to security management.

      This doesn't mean that the company will provide better services, of course, simply that the decision may have reflected an attempt to correct a bigger problem...only time will tell whether the correction itself creates more problems for them.

  • by Wolfstar ( 131012 ) on Friday December 19, 2003 @12:01PM (#7765542)
    Then actually, you ARE a pretty big security risk.

    You are the ONLY one who knows what's going on with the network security-wise. You could have them penetrated 10 ways to Sunday and they'd have to take your word for it that they're secure.

    That's the first point. The second point is that you didn't get screwed over by a network security geek, you got screwed over by a salesman who makes money for some hot-shot CEO who pays a few network security geeks to do far more work than they should be handling. I just got myself fired from a job for "not fitting in". This meant that I had personal and professional objections to monitoring network connectivity, security, e-mail, webhosting, and VPN for some 150 customers and 4-500 sites at 50 hours a week as one of 6 people doing the job. Meanwhile, the 10 sales guys have a "Vice President" title hanging off their names, don't have a clue how to use a computer, and are promising the moon while the CEO rakes it in.

    This situation is a real issue. Most of these companies are taking advantage of federal legislation requiring a certain level of security for a bank. And while it's not fair to you, you DO constitute a security risk as a sole security person. On the other hand, you also can't go back to your employer in a month and say, "Your security is full of holes now with this new provider, here let me show you." The bank's been swindled, you're unemployed, and an overworked staff just got more overworked. It's a lousy situation all around. The only thing you can do is move on.

    Though I don't envy you trying to explain away getting fired as a security risk on your resume. That's probably the second-most unfair thing about the whole deal.
  • Workers Rights (Score:5, Interesting)

    by Aron S-T ( 3012 ) on Friday December 19, 2003 @12:15PM (#7765765) Homepage
    Whenever an issue like this comes up the inevitable /. knee-jerk libetarians come out of the wood-work: "capitalism good protection bad" Well maybe some of these libetarians should find out what Adam Smith was really about. His model of capitalism is based in an agrarian society with independent artisans and traders. His idea of a free market is exactly that - where everyone has equal access to market and equal information.

    Corporate America has as much to do with the Adam Smith model as the Bolshevist U.S.S.R. It's not even related to Marx' model of capitalism, for in Corporate America, capital is as alientated from controlling the means of production as labor is. Instead, what you have is a management class which calls the shots and enriches itself at the expense of both workers and owners - can you say Enron, Adelphi, Worldcom etc etc.

    Sure a worker has the "freedom" to say "fuck you" to his boss and look for another job. In theory. In practice, as the job market shrinks despite the "improving" economy (i.e. the management class being further enriched) those jobs are very hard to come by. So the worker has to bite his tongue as his workload is doubled, as her boss wittles away more and more of her "perks," as the threat of outsourcing is used to bludgeon him into obedience.

    Saying to someone "go out and upgrade your skills" is also BS. A friend of mine is in his mid-40s, extremely talented, engineer/MBA out of work for a year and a half. Who's going to hire people in their 40s and 50s, no matter how much talent and experience they have, no matter how upgraded their skills are? And you young 'uns are going to get there faster than you think.

    Corporate America demands obedience, makes people work like slaves, uses them, chews them up and throws them out when they no longer are useful. Maybe we should just kill off laid of workers so we don't have to worry about unemployment insurance and welfare?

    And no I am not speaking out of personal bitterness. I have a successful consultancy business and work for myself. But even if you believe in ultra-selfishness, a society with many poor, disaffected people is a very scary and dangerous place to live in. This is an issue that effects all of us, not just the laid off.

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...