Slashdot Mirror
Replaced by Outsourcing -- What's a Geek to Do?
SafariShane asks: "Yesterday I was fired from my position as 'Network Security Analyst' from a financial institution. I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.' At the time, I thought a vulnerability assessment of our network was a good idea, but in retrospect, it occurs to me that this company, who's other product is 'Outsourced Network Monitoring and Intrusion Detection' may pull this little trick everywhere they go. Has this happened to any other network security folks out there. Does anyone know if this is a common practice, and what's a geek to do if they find out a 3rd party assessment is on the way? If this happens again at another institution, should I just start polishing my resume right away?" Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay? For those of you who feel the threat of Outsourcing breathing down your neck, what are you doing to try and stay in your current job, or even in this current market?
I'll also note, because people will ask me anyway, if there were other problems. In my year on the job, there was only 1 network intrusion: Welchia, which was contained in twenty minutes. Anyone familiar with Welchia will know that it is no easy task. I was never reprimanded for anything. In fact, I received a 12.5% raise only two months ago for job performance.
I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.
I'd like to hear comments from folks this has happened to, and what did you do as a result?"
"Here comes the obligatory South Park reference:
- Perform Network Vulnerability Assessment
- ?
- Profit! (Sell Outsourced product)
Label anyone who is responsible for network security as the risk, and get them fired.I wouldn't even dream up the above situation, except that when the assessment was done, all results were hidden from me. The company presented the results not to the geeks that can interpret them, but directly to the executives that still think 'Clippy' is a great product.
I'll also note, because people will ask me anyway, if there were other problems. In my year on the job, there was only 1 network intrusion: Welchia, which was contained in twenty minutes. Anyone familiar with Welchia will know that it is no easy task. I was never reprimanded for anything. In fact, I received a 12.5% raise only two months ago for job performance.
I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.
I'd like to hear comments from folks this has happened to, and what did you do as a result?"
SafariShane needs to turn around and hack back in to the system in a week and show that the new company's security measures weren't that great. ;-) This will ingratiate himself with the CEO and get the new company kicked out.
;-)
Problem solved.
Move to India
"We hope the United States will open more to China, especially in the high-tech sector."
*****
I don't trust you to work from home. You will just watch Scooby Doo.
I doo trust a company in India, tho.
That way you can go into academia. Tenure is sweet!
...why not move with it?
And get sent to jail for breaking into their network?
...and sent to federal pound-me-in-the-ass prison.
He got hosed by an unethical competitor, but he can't do crap about that now. Time to brush off the resume.
Or get him sued into oblivion...
No Comment.
Outsourcing is a fashion. It will pass soon.
-- There is no spaam
The managers and CEOs of this country have no idea about how to make router connection or how to correct a line of code in their payroll systems.
I'm on call 24x7x365 while the CEO sleeps.
The none technical types need to understand where info power resides.
What do to? Well, you're a casualty of corporate sleaze and politics. Read The Art Of War, get back on the horse and don't let yourself become a victim again.
That sounds cold, I know, but what else can you do? Dwelling on the issue won't pay the rent.
Trolling is a art,
Not like... say virus scanner writers right? [who probably write the viruses they detect...]
I say if your management is stupid enough to fall for the tricks without trusting you then they deserve what they get and you probably shouldn't have been working there in the first place.
Tom
Someday, I'll have a real sig.
Good god, I hope that the poster is joking and that noone actually takes this advice. It is more likely to get you jailed! Remember that the mentality of the management at this company to begin with!
...the circuit court of appeals ruling reversing the district court's verizon ruling.
Easy solution:
Get a job working with an outsourcer. Duh.
"Services" is where the IT business is going. And yes, there are outsourcing companies in the USA and various other non-India, non-China nations. Skilled, flexible talent is very valuable to a services company. And it's satisfying work because you're not stuck with one environment all the time -- you get to play with lots of different customer environments, picking up new skills along the way.
Basically, what I'm saying here is, quit whining. Make yourself a valuable person and you will find employment. And don't rest on your laurels, either: you have to constantly adapt and pick up new skills.
Now I shall sit back and wait to get modded down by the unemployed, disgruntled Slashdot hive mind, but my position on this issue stands.
Tired of FB/Google censorship? Visit UNCENSORED!
Unions. Baby, it's time. Other than that, you call a lawyer. Now. I'm VERY sure what they did was very much illegal, and since you indicate you have a clean work history, they have no room to fire you.
That really sucks, but I doubt there is anything you can do. Except learn. Next time you need to be the bigger bastard than they are.
// Empires come and go we live forever
What exactly was the reason you were fired? The cause?
Were you given a chance to present an opposing opinion? I am fortunate enough to work for a company that knows the value of having in-house IT. Even when we bring outside consultants in, my boss and those above her understand that you simply cannot replace having someone in-house who knows every intricate detail. I was thinking that perhaps if you were given a chance to present the pros of having in-house infosec you may have been able to make a strong enough case for staying.
Social Engineering Expert: Because there is no patch for stupidity.
As evidenced by the story poster, it lies with the non-technical types.
I'm on call 24x7x365 while the CEO sleeps.
You sure have a funny definition of power.
No offense, man, but if you're good at your job, get a new one.
...
If your company was willing to do that, you probably don't want to work there anyway.
it sucks, but Ob-la-di ob-la-da life goes on
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
Find a hacker from India, tell him every root password you can remember, what OS's they use, everything you know about the company. And when they are at their knees, say I told you so and offer to fix it as a consultant for alot more than you would have been paid.
You can't take things like this personally. If they're outsourcing you, the wheels are already in motion and there's not much you can do to stop them. I have no attachment to my employer. I have an awesome team right now, and I feel loyal to them, but not to the company, but that's what they teach us in Business School. You have a chance of being outsourced, much like you have a chance of getting into a car accident. Nothing you can do once it happens. Collect your insurance and buy a new ride.
-I DDoSed your mom.
In any IT situation, the guy/s who knows the system administration/root passwords is always a potential risk. They've fired you, but they must have someone who knows the stuff you do, root passwords and all.
Hey, wait a minute, now the new guy is the risk. Fire him and pass the root passwords to the next guy. Repeat to fade...
Sounds like someone has been solving the wrong problem.
Capitalism is a funny thing. Well, at least the "modern" capitalism. Not only does your company have to profit, it has to profit more than last year, every year. This is one of the reasons people get laid off even when a company is making record profits.
Based on the description of the problem this doesn't seem to have anything to do with oversea's labour. It's just that he was replaced by an outsourcing company (in his own country).
About the reduction in pay comment, if you were sent home with a 50% pay cut would you be happy about it? Or would you be hitting monster.com on your 'extended' lunch breaks. I don't think it's really practical to half-way lay-off people, because the employees won't be at all loyal after that.
This post cannot be rebroadcast without the express written constent of Major League Baseball.
Not sharing the results with the net security people is the giveaway. They wanted to fire you, and told the consultants that that was their goal. I'm in the biz, and what they did was way outside of accepted practice. So who is the company? We'd like to know who to avoid. I know the Big Four play this game, for their love is for money, not the best interests of their clients...
Beeeyoootch!
...and got fired for getting to work late the next day!
How some companies can make all the wrong desisions! But let's face it, anyone whos job it is to protect against (insure against, etc.) has a hard time justifying the work he/she has done: The more successfull you are, the more it seems you are not neede. Also, if some expensive advisor labels you, there is pretty little you can do. The combination must be deadly. Not much you could have done. Your former boss will pay the price in a year or so, and he will remeber you. But its not much of a soulace for you.
-- (:> jms cs.vu.nl (_) --"---
"here's a question i always wish i could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?"
do you think that this would be a good idea, overall? think about where this winds up going if it becomes a trend in, say, 3-5 years time: it becomes a price war, and it's one that domestic employees cannot win. cost of living is just higher here than in a number of other countries.
i think this is a very, very bad idea, and one that's not just bad for you personally, but also for people in the industry overall. it would have the effect of dropping IT salaries across the board. in essence, you would be arguing that you're overpaid. not a good idea, IMHO.
that said: shame the PHBs were the ones making the decision. were there many others affected? this smells like a small bloodletting to help a business in a still underperforming industry cut some heads and increase profitability.
ed
Geeks buy books and learn more things and get a different job. Faux geeks file for unemployment.
That really sucks man, I think it's more of a sign of the times than anything though. You see these little bits of injustice everywhere these days. Maybe DRM software companies won't refund that 99 cents for that song that never downloaded. And maybe it's just a dollar, but everywhere you see corporations as bullies, and more and more there is less and less you can do. We need a consumer rights activist.
These days nobody has job security. My suggestion (if you want to get your job back is thus - and should be quite simple as you worked in network security).
;)
1. Perform a "vulnerability assesment" of your own. Possibly even try something similar to Welchia - to demonstate a) that their computer systems are insecure and b) that outsourcing your job is leading to weaker security
2. Point out that in twelve months of you working in the job there was only one network intrusion Welchia and that you dealt with that within twenty minutes!
3. Point out all the flaws in their new outsourced network security
4. Suggest that if they want their network to stay secure that they outsource to you at double or triplr your salary.
Video Game cheats, hints a
Don't give employers this idea that working from home is a reward. My time is as valuable while in the office as outside of it.
Working from home will already save them money on heating, cooling, parking, insurance, and office space. There are also tax benefits in certain areas of the country for implementing such environment and traffic friendly procedures.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Guess what ? Bush is only the second president in history that has less people employed at the end of his term than at its beginning ! Congrats you silver-spoon fundamentalist moron ! You want the outsourcing trend to reduce ? Get some decent man to be elected in 2004.
I work for a software company. After many months of people having a hard time getting interviews, and very few leaving for other jobs. In the past three weeks, suddenly we had seven people announce they are leaving for new jobs. I have a friend who was recently laid off from another tech company a couple of weeks ago. He's had quite a few interviews already.
Things seem to be looking better out there. New jobs will replace the old ones lost.
By reading this sig, you agree to the terms of my sig license.
What proof do they have that you are a security risk?
I would have thought that with a bit of digging to find they had done the same thing again you could take them to the cleaners. after all this is your job, to be labelled a risk is potentially career ending.
If your country has industrial tribunals like those in the United Kingdom, then I think you would have very good grounds for an unfair dismissal case. Even if there aren't special courts for such matters, then I would be suprised if you couldn't sue your former employers for breach of contract.
Chris
Step 1. Go back to the company and say I can protect your network from any attack anyone will ever think of. Go to the core routers and turn them all off.
Step 2. Send them a 15k dollar bill.
Step 3. Pick the company
Step 4. go back to Step 1
Every year increase cost by 3%
I don't suffer from insanity, I enjoy every minute of it.
EOM
As reported by "America's Finest News Source" this is even happening to Company CEOs!
Maybe it is good to consult a lawyer. If your employer fired you because of misrepresentation by the outsource company, you might have a good case against them
IANAL but if somebody says something about you that isn't true, isn't that slander? If they write it, isn't that libel? And if you suffer material loss as a result, isn't that even greater grounds for a lawsuit?
I don't know US employment law, and it wouldn't surprise me if his company could do what it liked, but surely there must be some kind of legal recourse against the 3rd party vendor?
I'm gonna post this anonymously in case the vendor is reading this...
The worst thing you can do is overanalyze the situation. That's not to say you can try and learn something for the events that happened, but the best thing to do is just move on. A similar situation happened to me and it really got me down, but I stepped back reframed everything and realized it this probably was a good thing since the work environment I was in was really going downhill. It sucks, but keep your chin up.
This Space for Rent.
Taking a pay cut to work at home seems a bit extreme. Check out the per-foot/per-month cost on office space, and it's not just for actual offices... if enough people work from home that you can consolidate office space (give up a block/floor/whatever), you also are no longer paying rent on hallways, bathrooms, supply rooms, kitchenettes, meeting rooms, and reception areas.
>>>if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?
Because programmers overseas work for less than 10% what current in-office American programmers work for, and there are no benefits or American legal entanglements to worry about.
A PhD programmer with a western education and 5 years of experience in a former soviet block country will VERY happily work for USD$700/month. A somewhat less experienced programmer in the same country will very happily work for $450/month...
So look at it from your employer's point of view: Get rid of 1 high priced American programmer or IT specialist or whatever, lose all the legal HR worrying, and replace that person with 10 eastern europeans (or Indians for that matter).
Now thats not to say that there aren't some drawbacks... For instance, there will be communications problems, both with language and with culture. You will also typically be restricted to meetings via video-conferencing and not having your emails answered for 12+ hours due to tomezone differences. But I think I can live with that for a 10-times inrease in performance. Wouldn't you?
You didn't mention any specific vulnerabilities that were directed against you in this audit. Were there any legitimate holes that you overlooked or was most of the report fabricated?
Security is a complex task in any environment (from physical threats, unknown vulnerabilities, social engineering, misconfiguration, etc) and the increased size and complexity of networks and systems means this problem will only get worse.
Having what sounds like a single security / administrator handling a financial computer network does sound risky to me personally (but maybe you were just singled out among you coworkers?)
Your comment about telecommuting is a good one though. No longer requiring physical presence to do a contract or work some other position could free you up for additional tasks at other companies bringing your overall salary to a decent level.
Both parties get what they want in the deal; businesses with inexpensive, on demand services; engineers working an efficient schedule for multiple clients (thus good wage despite lower prices on individual jobs)
I'm not sure what kind of reputable engineer you would need to be to pull this off. Liability is going to be the major sticking point on any contract or work-for-hire (until you get a proven track record of completed, functional projects)
>> why not let your programmers work from home for >> 50-80% of their current in-office pay?
Because they can find someone to do the work for 20% to 30% of your pay unfortunately...
Get a security clearance and get a job working for Uncle Sam, or whoever. Sure, sometimes government work sucks, but you can be fairly certain that your clearance-required job isn't going to go offshore!
All Your Memory Are Belong To Java
Do you have anything in writing that says this? If you do, it might be worthwhile to have a quick chat with a lawyer. (If you can't afford one, your local employment assistance agency or legal aid society might be able to help.) IANAL, but I would think that making this kind of claim without any evidence to support it might be actionable.
If you pursue this route, I would not try to get the job back. You've found out the hard way that the people you worked for are intellectual and ethical cretins. Try for a cash settlement, and then find another job.
Why in the hell does every post mentioning the word 'Union' get modded as Troll?
Unions are an excellent method for oppressed workers to get their voices heard and improve their work environments.
Sure there are crooked unions out there, but a good union works to both the benefit of the employer and employee. It sure helped out my Dad, who was a member of the UAW for 30+ years.
CMDRTACO CHECK YOUR EMAIL!
I doubt the advice to work at home for 50-80% off would fly. Most geeks wouldn't be able to maintain rent payments at the high end of that scale. The only thing you can do is make yourself valuable to the company. I don't mean -invaluable- as in obfuscate your job such that no one else can do it, but rather find a niche that you excel at and be the "goto" for it. This is, of course, a tough and sometime impossible thing to do. When execs see those short term dollar signs they lose some sense of reality and some sense of reason, which makes them think that outsourcing their best people is somehow a good idea. Even though it sucks to lose your job to this mentality, at least they did you a favor in that you can find a better place to work now, where perhaps, just perhaps, people at recognized and rewarded for being valuable instead of being eliminated. One can hope, desperately, that a place like that still exists.
The next remark is false. The previous remark is true.
You might want to make sure the contract for the security assessment makes sure they cannot bid for security-related products, (only other audits) for the next 20(or 50) years. That should keep the problem under control.
What, you mean you bought auditing services without a contract???
I rest my case.
Could being labeled a threat, which then causes you to lose your only source of income, be actionable?
Seems to me that if my employer was happy with my performance before the audit and I truly was no risk, I'd get a lawyer and sue both the company and the third party.
I had something similar happen to me back in the 80's and have regretted not taking action against what turn out to be a bunch of bastards
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
- the good : I've had lots of time to play with my 2 year
old son
- the bad : I've got a family to feed
- the ugly : I'm learning that experience in the industry
hurts ones chances te land a job, as we're considered "too expensive"
I've found a few consulting gigs to help, but now I'm moving out of the Bay Area - can't afford to live here anymore.The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
"I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.' "
If you have been fired with that argument and if you performed your job within the expected parameters find a lawyer and sue them.
Not for vengeance or something like this... just business...
Have you thought about your future employers calling your old job for references? "The old network admin? Well, nice guy, but was fired because he was a security risk"
and move on...
This includes VALinux (the parent company of slashdot). See their press releases regarding their support of offshoring here:
t ed =LNUX&symbol=LNUX%60&textpath=20031208%5CACQBIZ200 312080845BIZWIRE%5FUSPR%5F%5F%5F%5F%5FBW5323%2Ehtm &cdtime=12%2F08%2F2003+8%3A45AM
t ed =LNUX&symbol=LNUX%60&textpath=20031208%5CACQBIZ200 312080845BIZWIRE%5FUSPR%5F%5F%5F%5F%5FBW5258%2Ehtm &cdtime=12%2F08%2F2003+8%3A45AM
http://www.nasdaq.com/asp/quotes_news.asp?selec
and here:
http://www.nasdaq.com/asp/quotes_news.asp?selec
Sue for Libel and Slander. Find a slick attorney that knows how to get a fat settlement. Start making a list of your character witnesses. Sue your company and the consultancy firm. Make them prove that you are a security risk. Supena records from the consultancy and threaten class-action. This will kill the deal for the consultancy and get you a settlement from both companies. Your attorney will get half and everyone, but the people who screwed you, will be happy.
The original poster never said anything about being replaced by foreign nationals. Why is Ciff making this assumption?
In all seriousness, just how does one go about finding a job in India? I've always wanted to visit India, Nepal and other countries in that area. Being an unemployed programmer makes it even more enticing as I see more and more IT jobs going to India.
Most Indians speak English so language shouldn't be an issue, but how does someone find a job there? How do you find a place to live, or learn about the cultural differences?
Outdoor digital photography, mostly in New Engl
Read my blog.
Hey dude, if you are that great, you should be able to find another job. Again, if you are like the millions of people who 'cannot relocate because my dog likes to piss on a particular oak tree' kinda guy, stay at home!
It is very hard on those who it affects, but the economic reality is that the money saved in efficiencies (even if it only goes towards fat cat bonuses) is very tangible.
There is illiquidity in labour pools because of immigration laws etc., but the internet removes these barriers. The global workplace is here, and as a result the market is freer than before.
It is quite feasible that if (eg) Russia in fifty years time will farm out its "boring" nanotech analysis work to the US. Like it or not, standards of living in 2nd and 3rd world countries are going to improve, sometimes at the expense of sections of the 1st world. However, overall and in the long-term, competition leads to better economies all round.
Maybe you could have a little chat with someone in management, trying to make them aware of what happened? Preferably, present it in such a way that they will 'discover themselves' what happened. Just guide them along.
:-(.
Of course, there must be someone you can talk to. Some PHBs are just too dense, I know
Good luck there.
The guy could be right, the guy could be wrong - that is completely irrelevant. The percieved reality is:
the guy was in charge of network security
the third-party audit was performed (why? did they look for an excuse to dump him?)
Vulnerability was found
The guy was sacked.
That is all that matters. Waste your time - blame outsourcing, Republicans, little green men.
Get over it, fix the resume and get back into the game. American corp environment is completely free of common sense and logic.
assuming that you aren't a security risk and weren't doing the macgyver routine where you do everything on your own and you're the only one who knows what you did...you were set up brother...happens all the time to both security folk and app developers. the real trick is to either bury yourself in a large company where you're realtively ineffective or to gain enough sway to control the consultants and the assessment project. if managers are intent on 3rd party INDEPENDENT assessment and they believe them then find another job ASAP, they don't have faith in you and even if you keep your job you're going nowhere fast in the long run.
This is like the Army Protection Racket sketch from Monty Python. The foreigners come in, "That's a nice network you've got there, Mr. Corporate Executive. It'd be a real shame if someone were to, you know, hack into it, maybe set your building on fire, you know... a real shame..."
You are in error. No-one is screaming. Thank you for your cooperation.
... get the vibe that when he said he was performing a 'vulnerability assessment' he was using NMAP or something? It sounds like some PHB freaked out and fired him.
It sounds fishy because no company trusts a third party above their own staff unless they're suspicious to begin with, or unless they already knew you needed to go.
Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose.
You make some extremely good points, and you make them cogently and cooly.
Personally, I would set down my concerns; about the possible conflict of interest in the study; about the lack of technical oversight of the reports findings in a letter and send it to the company CEO.
The letter should be couched in such a way to make it clear that you are writing becauase you are concerned about the company's security; not because you are disgruntled. Make that very clear, mention in passing the facts about your recent appraisals, and bonus payments.
Leave the CEO in no doubt that you are a professional and you are concerned that the company may be being set up. Tell the CEO that (s)he should not hestitate to contact you, to discuss the issues.
At the very least it will make you feel better. It may even get the company to rethink its policy.
just a note, shouldn't you be out there looking for a job instead of posting on slashdot? not to be an ass, but it just struck me as odd...
I've heard stories of people doing the "revenge hack" to prove that the new security is worthless, then ending up in jail. Why would anyone want to risk jail time to get a job back at a company that obviously would rather listen to a contract consultant rather than a member of their company?
"Don't worry about people stealing an idea. If it's original, you will have to ram it down their throats." --Howard Aike
India? No Russia. They would turn their systems into spam factories and child porn servers.
Fight Spammers!
You are not a casualty of off-shore outsourcing. You are a casualty of the battle between consultants and in-house IT expertise. Not that you're any less screwed, or that I'm any less outraged. And yes, I am a security consultant.
The first thing I would have done is mention the name of the company that screwed you. I think this would give other in-house specialists pause before recommending them to management. Our own company's business model is built around providing the opposite sort of experience from the one you described. When we audit, we work with the IT staff, not against them, and we do so with the understanding of having "been there" (because I have been). We try to position ourselves as the guys who will tell it like it is, without panic, arrogance, or exaggeration, and we tell it to you, not your boss's boss.
I have enormous disrespect for any network security firm who attempts to abuse the politics of their client's business to get ahead. Getting somebody fired in order ro pursue a business opportunity is beneath contempt and possible grounds for a lawsuit. I wish you luck.
who are those slashdot people? they swept over like Mongol-Tartars.
I can't recommend Nick Corcodilos' Ask The Headhunter enough. This advice is just wonderful, either for getting a new job, or for showing your worth to your current employer. It takes a little bit of mental adjustment to accept what he says (and it may be a bit scary), but he is absolutely right about how to go about it! The problem we in IT face right now is the feeling that our worth is going down as many of us are replaced through outsourcing and foreign labor. Brush up your skill set, but most importantly, learn how to apply your talents to solve real business problems in terms of dollars and you will never doubt your worth (nor will your potential employers).
ATH's advice is great. Be sure to get the book, read as much of the website as possible, and subscribe to the weekly newsletter. It's the only HTML mail I receive every week that I actually look forward to and enjoy reading.
Secession is the right of all sentient beings.
Without knowing what they said in the VA report about exacly *why* you are a major security risk, it's pretty hard to interpret what they were thinking. Perhaps there's someone at your former employer that you can contact to get at least an idea of the why?
Certianly if you were the only ITS employee around, that's a lot of potential power in one person's hands. That said, I'd recommend that some sharing of responsibility be made, some sort of check and balance between you and someone else if it was really a concern. If the VA truly did recommend that you be let go, that's at best a poor solution, and at worst a highly unethical conflict of interest with their product.
A vulnerability assessment does need to look at everything from personnel to the nuts and bolts of the hardware, but it also gives only recommendations for safeguards pertaining to those vulnerabilities... the final decision as to your fate could only have come from the brass of your former employer. You do have a right to know why you were let go; you should pursue that. "You're a major security risk" is NOT good enough.
L
Time for tech workers to wake up and smell the lassi. Everyone thought the Internet would give American infotech workers the run of the global job market, with superior skills. But the open job market cuts both ways. American PHBs are interested only in cutting costs, regardless of quality. The only way to keep jobs in an open labor market where the buyers are free to ignore economics of quality, is to organize the labor supply. The IEEE, the ACM, perhaps some other programmer organization or perhaps a new one, will soon feel the drag on their membership from low skill/cost workers, foreign and otherwise. That demand for representation will be an opportunity to organize. When that happens, that union could be among the most powerful in the world, along with the American Medical and Bar Associations. If Americans wait too long, the socioeconomics will just see the wave carrying the political strength along with the jobs, and the Asian Technologists Association will have the clout. Then American labor will be left with nothing but their rights to TV shows about guns.
--
make install -not war
If you hack into the network, then you certainly are showing that the new company's security is not as good. But if the boss thinks clippy's a great idea, then maybe your actions can be interpreted differently. Imagine what the new company will say: you had backdoors installed, that proves you were a risk, they were right all along. Plus, they could even take legal action against you... what you need is to do some research on this security company, check if some other company has had problems with them in the past (not an easy thing to find out, though).
Go hug some trees.
My master too, outsourced me yesterday and I spent all nught in the cold. Are we barking the wrong tree? No I think it's the right one. WARF.
If the people doing the assesement cut ethical corners to get this contract, then they probably will cut corners in performing this contract. Give the company six months or so, then contact some of your fellow employees who are still there and, at a convenient point in the conversation, steer it towards whether the new service is doing its job well. If the network has been down with a virus five ties in the last six months or so, the board members or minor stock holders might be very interested in your opinion. You won't get your job back, and unless you handle it delicately, you might just get branded as a trouble maker, but if you can stay focused and professional, you might get the people who actually made the decision to join you on unemployment.
Who is John Cabal?
I'd say he should contact his former employer and offer to perform testing of the outsourced security system as a consultant -- after all, he knows those systems as well as anybody else. Then he should try to hack the system -- since he's working as a consultant, it would be legal to do so.
Then when he's able to hack in through the outsourced security system, he should state that the outsourced company's report was right -- a disgruntled former IT person is a big threat, but since he knows the tricks he'll know how to counteract that threat.
Let us know who the company is that said you were a risk.
Prevent email address forgery. Publish SPF records for y
Consulting Firms are in the business of selling services. I've never seen a firm come in and solve problems, they'll identify risks, recommend their own team and solutions and will milk the company.
This is happening at Southwest Airlines with the Feld group, a "disaster it consultancy firm." They've reorganized countless times, laid off people and it's still the same mess as before. That's one example, but there are others.
We must all realize that any one of us can be fired without cause, or with some stupid cause that somebody makes up. Your value is adaptability and your education and building upon that.
"My Job Was Sent to India and All I got was this lousy T-Shirt."
Where do I enlist ?!
I've been watching this outsourcing trend now for a while.
i'm a tech manager with a small core team of very competant guys. We work well together and pull of the impossible with the little budget and little salary we get.
We are not a coding shop, and the support we do can't really be outsourced (at least, I dont see how).
Bottom line is, I see the trend and I want no part of it.
So rather then spend a zillion dollars on security certifications, MCSE and other crap, I've gone back to school to become a mechanic. I love fixing engines, and I love motorcycles, a few more years and this will be me "out" options.
Cars can't be sent to India or China to be fixed, people will need to drive in North America no matter way. I figure if I can start working on the cars the CEOs drive, I can make some decent scratch.
you sound like you need this, so...[hugz]
Business drives technology, it's not the other way, and never will be. They (your superiors) don't have to care about that crap; that's what you're there for, dumbass. That's what being the boss is all about: hire someone else to do the shit work so you don't have to.
I thought IT folk were supposed to be smart.
*cragen
...is to remember that when she says, "Sucky, sucky. Me love you long time," it means that she has an STD: SO STAY AWAY!
;)
My dick is shriveled and one of my balls fell off, but at least I learned my lesson.
Oh, and that dot on their foreheads? Let me just say that if you rub it, it'll make them squirm like a little puppy
No. He should just post the name of the company he was fired from... and they will have legions of crackers breathing down their necks now.
I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.'
False statements that negatively effect your employment are actionable in most states. Unless they have documented, specific, realistic vulnerabilities, I'd go right to my attorney and file a multi-million dollar libel suit against both the 3rd party vendor and your former employer.
Good luck with your career.
I'm just waiting for my moment.
When the money generating system is down, the customers are pounding on the door and the CEO is sleeping. At one mega buck an hour generated by our web site, at peek times, I'm going to give him an ear full.
He can pay up for my loyalty or spend millions finding someone who knows how to find out the cert expired on an internal connection.
The outsourcing company's argument is fairly simple...
If inhouse IT causes a security failure (or worse actively compromises something), you have no recourse but to fire them. One can take them to court, but it will be difficult to get any signifigant damages out of an individual. Switch to outsourced security analysts and you get a big corporation to sue should things go wrong.
This has nothing to do with the quality of service, rather it's the ability to do damage control in situations potentially damaging to the company.
What do you want us to do about it from here? Obviously if they fire you based on untrue allegations and use this to limit your severance pay you could threaten to fight it, especially if this damages your ablility to get a job. (Maybe first try to get a job, get turned down, Profit..)
Bottom line though is you can thank your lucky stars you aren't wasting any more of your vital energy on such a shit company. Get even by getting a better job somewhere. If this is how they really do business they may not be around for so long. If you really are pissed why not get in touch with everyone who's been fired in the past year and get their stories too.
This sounds to me as if they fired you because you had the Administrator or Root passwords! This sounds like a bullshit tactic employed just to gain more of a hold on your company. I am a security consultant, and a bank would be a prime client.
So they are handling the entire security aspect of your former network now? Nice. The purpose of bringing in a 3rd party is to do a periodic audit to make sure you are not overlooking anything. The longer you work in an environment, the more an oustide perspective helps. But outsourcing to replace your security staff? Bad move in my mind. They'll come in here and there and do a few small things, and act like they're the only thing holding your network together.
Then, when the next root exploit is discovered in wee hours of the morning on a weekend, and your network is taken by some little kid, the shit will hit the fan.
We can't compete with asian workers. They're young, well trained (if not experienced), eager beavers and they work for 10-20%, not 50-80% of our salaries.
If your company decides that your post can be handled by a guy in Bhopal - or two, or five guys- then you're boned. No argument that you make will effect the bottom line. Management view outsourcing like a cut price buffet. Sure, it might be all bone and gristle, but it's really cheap bone and gristle!
Keep your skills up to date if you like, try and move into areas that asian companies aren't strong in yet, but with two billion people in China and India coming up fast, your career is going to be a constant struggle to keep your head above water.
Sorry for the negativity, but you have to see the way these guys work before you can really grasp the scale of the problem. They pack developers in like chickens, and throw ten, twenty, fifty people at a task that we might do with a team of two or three. Even if half of them are just randomly pecking at the keyboards, the sheer volume of output that they produce is enough to convince management that they must be doing a good job.
If you were blocking sigs, you wouldn't have to read this.
I try to have a unique skill set, but I know that I will be dropping my price sometime in the future, hopefully not too soon. I have seen "unfair" practices where they will not accept an offer of reduced pay, though.
Ray of hope: I assume that eventually, "their" prices will rise such that the fall in my prices won't be quite so painful.
Your employer should have the right, NAY the obligation to run spot checks to ensure their investments and ours as stock-holders is being properly cared for. Did they find any valid issues ? Don't get me wrong I am not throwing stones, far from it I sympathize enormously, security is a screwy field currently, prone to witch hunts due to management errr...Ignorance is the word I think :(
errr....umm...*whooosh* *whoosh* Is this thing on ?
Comment removed based on user account deletion
I was just curiuous to know if you know people that have tried what you suggest.
Think global, act loco
Yeah! Such as:
You don't have to work unless someones watching.
You get to drive a beat up caddy or pick-up with bumperstickers on it.
You drink a lot of beer at (breakfast/lunch/dinner/after work/any day ending in "y").
You bitch about not getting paid enough.
You bitch about your free health insurance not being free enough.
You bitch about your raise not being large enough to cover your beer costs now that you've gained 110lbs. and require more booze to catch a buzz than you did last year.
You bitch about anyone (friend/neighbor/politician) that threatens your pathetic entitlement mentality driven existance.
You bitch about your wife and kids (and dog if you haven't already run it over in a drunken stuper).
You bitch about everyone elses bitching all the time.
outsourcing has nothing to do with people, it has to do with money. We need X to be done, who does it is un important. If we can contractually get someone else to do it cheaper than hiring an employee then the bean counters are happy.
In many cases the company dumping employees get the raw end. They save money, but the loyalty and concern for a system is gone. When I was a consultant I was paid to do a task Y, if task Z needed to be done I wasnt paid to do it so it didnt get done. As an employee Both would be done since I have pride in the entire system and the company.
Work for yourself. That's the only way to guarantee job security and an UNLIMITED income potential. Become the "3rd party vendor"!! Why walk into another "JOB" where this can happen again? I don't understand why people actaully want to be a part of the rat race, and the insecure job market? Do you like having a boss? Start your own IT outsourcing company, it sounds like you have the goods, if you were already an Analyst. Take the bull by the horns son, and start making some serious bank!!
"work from home for 50-80% of their current in-office pay"
Then it'd be "oh, we really need you at this meeting", then more meetings, then a couple of meetings a day, then "as you're here could you just look at...?", then before you know it you're back working full time at reduced pay.
Go work for the company that labeled you as the security risk.
If they saw you as being good enough to be a threat to their outsourcing sales, then you're talented enough to get in with them, right?
And yeah, your boss is stupid for taking the advice of a biased company.
You got the shaft. Perhaps you need a POLITICAL solution to this problem not a TECHNICAL one.
can you actively communicate why you're best?
Example 1: you know your company inside & out
so you're in good position to build policies
that make more sense for your people and goals.
Example 2: make contacts with peers outside,
so you keep abreast of new tools and ideas,
and can compare your company with others.
Example 3: learn about outsourcers up-front:
what are their evaluation criteria, agendas,
client recommendations, successes and failures.
These put you in great position to show
why you know more-- and are worth more.
Good luck!
Cheers, Joel
Though it is possible the job in question went to Hyderabad, there's no need to see a Hindu behind every lost job.
Now, here's something interesting. A little bit back, if you recall, there was this big scandal with a large energy corporation called Enron. Now, it seemed that they were cooking their books like there was no tomorrow (which in fact there wasn't). A big part of the problem is that they were using their auditing company as their general financial friend too. What does this have to do with your problem?
Simply put, the idea of a third party review of anything is to get a clear and objective review of whatever is being audited, whether it is a company's financial dealings or it's network security. Now, was your company's third party review objective, no.
I don't know the details, but from your post I do know that the company doing the auditing had a financial interest in giving your network security team a bad grade.
On the bright side of it, the people you worked for seem to be missing the point of auditing (which probably means that they missed that day in Business school or that they are stupid). I mean, a 'financial institution', you would think that they would have learned the lesson of the past few years.
It always confuses me why people don't keep their resume up to date at all times. It's much easier to ammend your resume as you are doing things than it is if you wait until you need it quickly and then have to rack your memory to dredge up the things you did over the past x years.
Six years ago the company I was working at hired an "efficiency expert" (yeah... yeah... the Bobs). This person spent three weeks interviewing people and taking notes. In the end he recommended letting our IT Manager go because he was wasteful.
The company did NOT follow his recommendations... one month later the BOB submitted his resume for IT Manger.
People suck.
www.thejulingtoncreekplantaion.com
If all the programmers work from home your productivity sinks like a stone. The programmers expenses probably increase, and your cutting their pay? That makes no sense at all. It is a much better deal to pay a bunch of over seas programmers 25% of your pay to work together in an office where productivity remains high. It is time to realize programming takes no special talant. We are the factory workers of the day. Unless you are going back to school and learning something non-computer related you are fucked.
Sure, we're not living in our cars (yet) and we're not getting beat up just for talking about organizing (we're ignored), but there seem to be a lot of parallels between what was happening to Okies in the '30s and programmers today. It's amazing how the same kinds of corporate greed issues are still happening just the same as they were then. Essentially, offshoring puts downward pressure on our income just as bringing in too many workers did to farm labor back then. The main difference is that it will do us absolutely no good to unionize since the corporations have a huge supply of workers willing to work for nothing (at least from our perspective).
Just like in the book where the price paid for a picked box of peaches went from 5cents then 2.5 cents (for a ton, as I recall), the same is happening to us programmers. A year and a half ago I had a C++ contract working at $40/hr which was easily $10 to $15/hr less than the year before that. Last week I accepted (after not having paying work for over a year) a C++ contract at $35/hr. What will the going rate be in another year?
Global free trade/capitalism is a race to the bottom.
Simply execute anyone who says the word outsourcing. (After all, isn't outsourcing infrigining on one of SCO's patents?)
Maybe the the governater of CA could help us with the executions? he could pull out some cool plasma gun or something.
hmm. maybe al gore could use his thought reading machine to find people who are even thinking about outsourcing. we could execute them, too, or some more interesting punishment, like... making steers of them.
my nurse says i should take my medicine now. see you tommorow!
I was removed from my job where the majority of my team's time was spent monitoring our data centre, and calling in whoever we needed, when we needed, to fix glitches. I was proud of our work, and it's one of the times I truly felt a true "team player" that so many employers are after.
In the space of 3 months, two separate consulting firms recommended our tasks be outsourced. We all lost our jobs, and what comes out in the wash? The outsourced monitoring company is a subsidiary of one of the consulting firms. No surprises there.
Now, my employers have gone from having a small dedicated team who treated their equipment as their very own, to having a useless 'monitoring' company who not only can't detect an outage to save themselves (when the most clueless of managers has needed to contact them to ASK if a server is down when it's been out all night, things are bad) but don't actually do fixes themselves, but re-outsource those also
Last I heard email went out for 4 days. Our worst was a 3 hour fix, which was a combination of intermittent server problems and a backup clean slate machine that failed right after install, so we needed to source and rebuild a box from scratch. The new firm's best time is over a day.
The only thing I like about the whole situation is they're getting what they deserved, and are locked into it for another 18 months. Morals be damned, schadenfreude is fun.
You can't do video conferencing if the connection is down or under a DDOS.
So if you need someone to fix stuff like this, it's not a good idea to out-source it to people 10,000km away.
SafariShane needs to get onboard with a company that does this kind of work. A buddy of mine ran a one-guy development/network admin company for several years, and got into security as well, picking up a cert or two.
Due to the economic downturn (and his bread and butter client not falling under the Prompt Payment Act), he had to get a job with The Man.
He got a job with these people, as the tech half of a two-guy sales team, by leveraging his knowledge of Windows and *nix networking and security.
He's working like a sled dog, can't say anything about what clients he's seeing, or much about the product. But he's a very, very well paid sled dog in terms of base salary, benefits and commission; he went out and got a 32" TV and laser-corrected his eyes.
I didn't think the house band in Hell would play this badly.
This sounds like where IT is heading. And keep in mind that companies still have marketing departments that interact with the agencies to make sure things work right.
Why not embrace this model and start up your own outsourcing firm? It's obviously profitable, and with the growing number of extremely skilled IT workers out there that are unemployed, I'm sure you won't have a problem finding talent.
Buy Steampunk Clothing Online!
In fact, I received a 12.5% raise only two months ago for job performance.
If your story is right on accurate, then this is truly a travesty. Sitting on the other side of the desk, though, it may have made financial sense to outsource your responsibilities. If you fail, the company has no recourse. If they fail, it's a civil court problem that brings money back to the company. On another thought, they may have underbid your salary.
Although an important thing to have, the responsibility of network security is basically insurance for the company. The fact that they only had one intrusion in 12 months may have made outsourcing that insurance at a cheaper rate a good idea...after all, historically there hasn't been much threat.
THE INTERNET: Making Geeks cool and porn available to minors since 1987
I saw this somewhere before:
The only job Administartion has never outsourced is Administration
Something to think about. OTOH, I work in a hospital (not in IT). I would like to try to see someone outsource healthcare (knocks on wood).
To be fair, I do work with some excellent doctors who come from India, Brazil, China, Germany, and here in the US.
One of the first things I say when I meet with a company is tell them that it's not the IT persons fault that the company is insecure. Network security is a relatively new field that ALL companies in existance are trying to get their arms around. I do NOT want to put anyone out of a job just for the sake of getting some consulting dollars. I feel that it is my responsibility to train the internal staff to be more aware of security issues rather than to terminate everyone and outsource it all.
How can anyone thats not even on-site on a daily basis make the network more secure? When it comes to real security, you need to start with the folks that know the network the best. If they're resistant to change, then fire them. If they're willing to learn, train them.
Network insecurity is fundamentally a management problem. Security inititaves must come from the top down, not the bottom up. I have never met a network administrator yet that has set out to create an insecure network. They likely were ignorant to the threats - therefore they needed training, which should have been ordered by management. Otherwise, you have security aware employees that are trying to push security up the chain to management, and management is completely unresponsive.
I recently blasted a luddite CEO for not paying enough attention to his IT department. His company was compromised by a hacker and I came in to clean things up. I asked him; "Do you realize that your business relies 100% on what goes on in that server room?"
Things are now changing in that company. We've now established data owners on the executive committee (Those that will hang if the data they own gets compromised), and now the IT department actually has a budget. 80% of the time I spend doing my security consulting is with executives, the remainder is with the tecnical staff giving them direction and training/pointers.
Anyone that preaches anything different is trying to sell a magic fix for security, which doesn't exist.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?
Oh there's a fantastic idea. All I need to do now is figure out how to live without paying for food, clothing or rent and I'll be all set.
Do we really need to go over this again? Repeat after me: You cannot compete with 3rd world labor costs. Ok, now just the guys! Good, now just the girls...Oh right, there's no girls here.
The only way you're going to be able to keep your job is to do something that offshore workers can't do. What is that, you ask? Well, you could start my actually caring about the business that you work for. Too many IT people are so concerned about the technical aspects of thier jobs that they don't take the time to learn (and care about) how the business they work for actually makes money. This may have been OK in the late 90's, but IT people are getting the harsh reminder now that the reason that you have a job is not to play with the latest technology...it's to make money.
It's your job as an IT professional to bridge the gap between business and technology. You need to be thinking about things like Return on Investment. You need to be thinking about the business needs of your customer...keeping in mind that your customer is probably not a techie like you and only cares about things like "How much does it cost", and "Will it work with what I have now" and not whether or not it runs on Linux. Most importantly, you need to be thinking about money first and technology second. Only someone who is physically present at your place of employment is going to have enough information to make decisions based on those priorities, which is why people who ignore them are finding their jobs shipped overseas.
It's time for the laid-off geeks to stop whining. Better to use the energy to start your own company.
--Slashdot: News for Turds. Stuff that Splatters.
Open source isn't real software? Missed that somewhere...
Not only do they have scooby doo in india, but he's much more evil than he is in the united states -- he gives kids tattoos and has got them buying 75 gram packages of "krackjack". We americans have to settle for regular crack.
HIV Crosses Species Barrier... into Muppets
Unfortunately, this sounds pretty standard. Having recently left an outsource vendor, I can tell you that all of these "takeovers" start small and innocently. The general rule of thumb is to grasp hold of three of the company's problem or large projects/systems. Once that happens, leaving the vendor changes from painful to nearly impossible. Unfortunately, all I/T personnel are under attack. With recent graduates flooding the market, the cost of employment has taken a sharp downturn. For companies that don't want to bother with training and development or can no longer support dedicated staff, outsourcing is the way to go. Although our jobs are at risk daily, many do not recognize the danger until external factors are added to the equation. You don't need to be paranoid, but you do need to be aware of such changes, decisions, and movements within your organization. To your point about coming back later with another security investigation, just walk away. If you plan on starting your own security firm, you might get away with it, but accept the fact that most people will be suspicious of your intentions. I apologize and sympathize, but you need to move on and learn to watch for the warning signs. We are all replaceable.
Remember the days of being a loyal Company man? Those guys who hired on at the local "Big Company" right out of High School or College and worked until their retirement? Where everyone in the town wanted to work there?
That world doesn't exist anymore (if it really truly ever did). As horrible as it sounds, it's really the truth.
Companies exist to make money, not to make friends, not to "reward" it's employees. As far as most corporations are concerned, the "reward" is the fact that they continue to let you come in day after day to punch a clock and collect a paycheck. Sure, the HR department says otherwise, as do the company "mission objectives", but face it: that's all marketing to keep you doing what you're doing until they can find a way to save a buck and lay you off. "OH, but they'd NEVER do that!" Guess again, bucko.
One thing this whole "out-sourcing" thing should do is reinforce something everyone should have realized from the beginning: The only person that counts is YOU. The only person you should have loyalty is to yourself. If you're not looking after yourself, then you can count on the fact that no one else is looking out for you, either.
What does this mean? It means standing up for yourself.
"Hey, Bob, we need you to work 80 hours a week for the next year or so with no Overtime pay."
"Hey, Super... I need you to take this pencil and shove it in your pee-hole."
or in your case "Hey, go ahead, lay me off. I built your systems. I know your systems. When you come crying back to me when some other person fucks it all to hell, my billing rate will be approximately 3x what you're paying me now. IF I'm feeling nice."
Maybe I'm just jaded, but I realize that if I don't look after myself, and that means standing up for myself and deciding to walk away from things when it benefits me rather than just "taking anything", then "they" will take everything they can from me.
If you were me, you'd be good lookin'. - six string samurai
Trust me, I manage a project which is outsourced and currently employs 3 software engg offshore.
The pluses -
(1) Benefit in terms of costs. Well they bill us 30 bucks for a software developer where here I would assume it will be around 60.. Whoopee doo..
(2) The supposed 24 hour day where your team onsite would plug 12 straight hours and your offshore team would plug in another 12 hours, therefore giving the client the impression that his project was worked upon for 24 hours..
(3) Now that implementation is made seperate and outsourced, the client just needs to focus on the business aspect and the designm therefore having more time to themselves to focus on issues that need attention
Minuses
(1) Cost is not that much better. Quite soon, firms will try to up the prices and then you will lose the benefit in terms of cost
(2) The 24 hour Day - Its quite different from what you are led to believe. Mostly both teams would take a couple of hours everyday trying to understand what the other has done, interact and to a certain extent, also play the blame game.
(3) The client would find himself being pulled more often back in to the implementation and design, since his offshore partner cant understand the design or has a "better" design. Chaos ensues.
Mostly from my experiences, what makes all the difference is the people who are developing this offshore. If they are intelligent enough and has good communication abilities, then you have a success story. If what you have is a guy who did a 14 day java crash course and has one year experience in plugging java code in to Helloworld.java, then you have an absolute wreck waiting to happen. It happened to me, I had two stupid asses with whom I spent 3-4 hours every night trying to drill in, the architecture, the requirements, the implementation details. And then I would wake up in the morning and they would have probably coded 10 lines and sent two emails with questions which either are stupid or should have been asked the night before. So what you have is two asswipes who just billed you for 16 hours and turned out 10 lines of code, of which 9 you will probably rewrite and a bunch of questions which doesnt amount to nada.
I dont think that any firm who is currently doing outsourcing has thought about the actual implementation through and through. They are all given rosy pictures of intelligent professionals back home plugging away on their keyboards churning out code that works on the first try.
More so, in a few years, the real picture would come out where probably 10% outsourcing actually churned out something positive and the rest 90% lost money, less money in fact, on projects which had no direction, no able offshore partner and a bunch of developers who doesnt know the difference between a class and an object if it kicked them in the ass with it.
Sorry I just had to rant, since I spent a better part of my night trying to work with some idiots and two days ago I kicked them out of the project. And in a combined 300 hour period, they coded two classes, and the style of coding will make you puke.
Rapid Nirvana
Yea that would be a bad idea. A better idea would be to be helpful, like those guys that list all the Microsoft vulnerabilities in a public forum so Microsoft will be able to fix them right away.
... maybe we can get a head start.
So how about listing on slashdot all the passwords, usernames, maybe the list of salaries of all the employees, ip addresses of back doors, list all that crap here for us and we will politely help the company get back on track to super-security awareness.
Seriously though, sorry to hear about what happened. Wonder what field the next 'boom' is going to be in
Glonoinha the MebiByte Slayer
I feel safe saying that every engineer I work with understands that our service is provided to supplement existing security practices. We can provide some security services which companies cannot perform on thier own. Whether because of cost or technical reasons. We cannot replace a companies entire security team. There are too many small details which need to be handled which an MSSP cannot do remotely. Nor do we want to. We'd also much rather work with a knowledgeable insider than get an imcompetant IT manager who's claim to fame was programming cobol 20 years ago.
My guess is, some overzealous sales weenie got you canned. He probably pitched the MSSP services to the suits. The suits probably replied they already had in house security expertise. The sales weenie, fearing he would lose the sale, pitched the MSSP as a replacement for you. Something he never should have done. Most sales people will do anything they have to do to make the sale.
1) what is the name of the company? This is for my own dealings. To be honest, I will take your story with a grain of salt but a little research might help me understand if I would want to do business with them or add them to my blacklist.
2) what is your question, "how do I build stable relationships with PHBs so that free lunches and golf outings from vendors dont get me outsourced again" or "how do I prepare for 3rd party assesments/sales pitches to ensure that both they and I can be objectively analyzed"?
Sadly, in corp IT, the answer to both questions is the answer to the first. Face time, "expectations management", proactive education, whispering sweet nothings in the ear, and many other social engineering tactics are how you build relationships with the morons in charge. This is how you will also be better prepared to deal with vendor incursions into your domain.
Technically the way to prepare for this is to do an assesment yourself, early and often, document it, summarize it, broadcast it, and ask for money. You will get ignored and turned down but you will have paper trail and they will remember, vaguely, that you said something about security when the sales pitch comes and they wont be surprised.
In corp IT and much of the world, when dealing with non-engineers, technical merit does not speak for itself but appearance and posturing go a long way. So, in the future, over-communicate and advertise. Remember that most non-technical people get their educations from advertisements and sales pitches so fight fire with fire.
...went along the same lines.
I was working for a development firm, we had long term client who had made use of many other development firms.
We landed a big project, the client had us work with another development firm, this one out of India to supplement our skill set, throw more bodies on the project, and so they had a clear understanding of the architecture when they took it over later.
We came to find out that the head programmer working with us would go directly to the client and tell them how poorly we performed, that we didn't know what we were doing and other such niceties.
The PM from the client bought it, and we were removed from the project (an action that within 6 month caused 130 people to loose jobs.)
The other firm left with our architecture, our code, and our self esteem, we left the company with 2 weeks severance.
The most ironic part was that these guys came in with no knowledge of the platform! We taught them to Java as we went! That was the biggest slap in the face that I have ever received.
What are you going to do, hopefully this kind of stuff will run rampant and leave a nasty taste in everyones mouth.
...and wait outside their house in the morning and beat the living shit out of him with a bat.
Much more satisfying and if you wear a mask nobody will know.
Blar.
The real security risk is the outsourcing company. The number one cause of security breaches in the US during the 90's was from outside (foreign) contractors who had access to information of confidential, secret, or restricted in nature. Now instead of having access to the data, the have access to the methods as well. Having a cheaper Software Engineer or Security Analyst does not mean you will get better engineering or more security. As evidence look at the airport system. The wages paid to security personnel are some of the lowest in the country, and hence cannot keep more skill individuals. Ex-convicts and high security risk individuals can be found in those occupations due to the poor fiscal incentives. We all know what that poor security led to.
The lowest bidder does not nescesarily produce a quality product. When is the last time you found real wood in a piece of furniture in our country?
I have heard the statement that the market is moving overseas to customers in China and India, and thus it is imperitive to hire from those localities. But why? If there are no skilled labor or engineering jobs left in the country, what will people do to make ends meet? Occupations at the top of the food chain will suffer as well. Already CEOs in some companies are being replaced by their foreign counterparts, and while the ousted CEO may have money in the bank, his children will end up in a shrinking service industry. Why will it shrink? Because the people they serve will no longer have any money.
When labor went away, blue collar workers were forced to retrain in other fields, many just retired. They pushed thier children to get degrees in engineering, law, and medicine. Now the engineering jobs will be gone.
Who will pay the taxes to support those millions who will retire in the next few years? Not the engineers and laborers, they live in China and India.
What industry would you tell a young adult to get into, if all of them are destined to either be outsourced, or priced out of existence?
Without the brain the body dies.
Fast machines, powerfull AI, impulsive invention,... All I lack is a good espresso machine!
This should be the main topic for this coming election. But I think America is to wrapped up in other politics to worry about the future of thier jobs. We are so wrapped up in BS we don't see that far into the future. I bet the average american doesn't know where they will be in 2 years let alone how America will be.
I didn't use the preview button, so get over it!!!!
Mike
Talk to a lawyer. If you can prove even remotely that they were negligent, wrong, or malicious, try suing them. What the hell, you have time, right? They'll settle. Think of it as extending your severeance a bit.
"You're a major security risk" is NOT good enough.
That is, unless your homeworld has been nuked by Cylons and you suspect a certain arms dealer is a Cylon infiltrator. Then it's a very valid one.
Lets take a look at the real story.
/. to complain about his sorry plight.
Kid gets job as security expert at company because he has minor Linux skills and the whole Linux thing is blowing up.
Company comes in and notices that he never locked down the boxes. Tells his boss and offers solution that does not involve him. He gets fired.
Bitter and resentful he writes to
The truth is if you didn't deserve to get fired you would not have. The economy can not support as many overweight overpaid techs as people would like. IT has nothing to do with your boss and everything to do with you being incompetent.
Basing the results of the entire economy on the man in the whitehouse is quite foolish. Oh well...keep trolling, maybe they'll outsource some jobs to your shithole country and you can quit collecting urine to use for cloth dye.
Blar.
I was working for a couple of departments at a big institution. One of them was stable (fairly homogenous systems, well-defined needs, friendly people), while the other one was a constant source of trouble (heterogenous historically entrenched systems and diverse needs, with conflicting politics entertwining them). The troublesome department decided to fire me. The stable department wanted to keep me.
I decided to use the half-time status to start my own consulting firm, instead of finding another department. I'm still really small, but it pays the bills and there are tremendous benefits to being self-employed, financial and otherwise.
I don't know what your financial status is, but if you have a chance to develop a business, do it. If you have to take a part-time job while your business gets on its feet, do it.
If people are outsourcing your skills, compete with the outsourcers and crush them like the insects they are!
sigs, as if you care.
why not let your programmers work from home for 50-80% of their current in-office pay?
Because the company already saves money spending less.
We are not bitches, I cannot accept such conditions : if we keep reducing our wages while companies make even more money then the population becomes devoted to the company whereas the opposite should be.
Trolling using another account since 2005.
Coming from the standpoint of a security auditor in a firm that specializes in Managed Security Services, let me lay a couple of things down in our defense.
1. Security firms are told to audit against a certain set of criteria when the audit, be it GLBA, HIPAA, or one of the open security standards. Our work only identifies human security risks in process and policy, not people. If you were individually and specifically labelled a security risk, you should demand to know why.
2. The firm's auditors likely had nothing to do with the loss of your job. Rather, it was your management. Managed Security Firms have two sales models: Unfunded Risk, and Savings. My guess is that their sales team was working on the Savings principle and presented a more cost effective security solution. Your management team decided that cost savings were more important than your job. I hate being a catalyst for that kind of change, because I don't like seeing good people get laid off. Most of our clients use us as a supplement, rather than a replacement. I wish it always worked that way.
3. You lost your job. But we're hiring, and we have a hell of a lot more fun than should be legal. Jobless security professionals and analysts, feel free to reply.
trustedworlds.net - gaming, security, and the gunk that lives in between
First they came for the farm workers, and I did not say anything because I am not a farmworker.
Then they came for the factory workers, and I did not do anything because I am not a factory worker.
Now they are coming after the engineers and there is no one left to speak for me except for the Wal-Mart associates.
This is global capitalism. Theoretically it will not stop until an equilibrium is reached and the U.S. standard of living is equal to the African standard of living.
Yeah, the CEO can have you replaced, but you can't replace the CEO. :)
--
"I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo
Slander...libel...you've definately been harmed economically, and there may be issues of racketeering involved.
You have every justification, in spite of what some of the businessman hard-asses here have said, to complain and pity yourself for a while. You didn't just get laid off in an outsourcing purge, for incompetence, or for actually being a "security risk." You got crushed by evil forces. That said, management's action in firing you in favor of untested, untrusted, unproven consultants proves that you're well out of it.
There does seem to be a marked tendency among management figures to trust consultants more than their own people. My own organization (where I've been doing security admin for a few years now) has been looking around for security auditors lately. They've even commissioned a study or two, which were crap. But I've never heard of someone actually getting targeted for termination by outsourcers who wanted to take over the operation they just audited. Makes good business sense, I guess, but it makes no sense, again, to bring in untrusted people to do trusted work.
Where are you? On Jupiter? There's 52 weeks in the year here.
It's not just pay cuts, but cost cuts. It costs next to nothing to have someone work from their own home. If they are in an office, you not only need to have an office/cubicle for them, but also any things that go along with it (AC, water, bathroom, cleaning, etc.). Even toilets get broken less often when there are less people using them.
JetBlue was successful because they had such low operating costs, which was because most of their employees worked from home.
G
I'm not saying that working from home is bad, or that outsourcing is good. But they're two very different things, even when only looking from the company's point of view.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Great reference from a great movie.
This is the way to do it!!
There is no spoon or sig.
As a newly-minted MBA, I'll say this: from the account you relate (I'm sure there are things neither of us know in this case), it seems like the managers at your firm are a little bit short-sighted. As they said in ancient Rome: "Quis custodiet ipsos custodies?" (Who is watching the watchers?).
For them to outsource to this company, a few questions should have been answered to your management's satisfaction:
How secure are your (the third party's) employees? Are they bonded? Do you have documented proof of their bonding?
In the worst case scenario, what defensive and recovery procedures are documented and in place for internal and external breaches of security?
Will you agree to a financial penalty for security breaches?
Will you agree to third party independent security audits? If so, we would like to attach financial penalties for sub-standard audit results.
There are other questions I would ask but you get the general idea. Outsourcing to providers is fine but considerable due diligence has to be done, especially in an area as sensitive as systems security. Finally, it seems pretty naive to me to accept a comment such as "your internal security administrator is your biggest risk" from a company who business model is to replace internal security administrators. Duh!"We are accountable for not only what we do, but also that which we don't do." -- Moliere
I know this was a joke, but some people took it seriously. To that end, let me say, if he *did* do this, not only would he have a big new girlfriend named "Bubba," but he'd also *validate* the claims of the external auditors.
These auditors have an obvious conflict of interest.
Slay a dragon... over lunch!
For those of you who feel the threat of Outsourcing breathing down your neck, what are you doing to try and stay in your current job, or even in this current market?
Easy - by using web and telephone logs, work out which companies your company has been in contact with or are looking at.
Edit your firewall to redirect any requests (perhaps using keywords "outsource" etc) to a random pr0n site. Using your administrative access to the telephone system, redirect any calls made to "threat" companies to a dummy call queue in your voice processing system that plays random music. Log who is trying to contact these people and pull their weblogs for future ammunition. (deliberate pr0n surfing etc.)
Your company directors will gradually come to associate outsource companies as a load of pr0n URL hijackers who never answer the phone. If anyone gets too close, mention that the weblogs have been "interesting" lately and "wouldnt it be a shame" if someone lost their job due to pr0n surfing.
You letting the cert expire on an internal connection is a good indatcator that you shoudl never have been hired in the first place. It is called sabatouge and you can go to jail for it. I hope you enjoy "pound you in ass" prison.
He can pay up for my loyalty or spend millions finding someone who knows how to find out the cert expired on an internal connection. And then he can get you arrested for extortion and thrown in jail.
Enjoy!
Come play Heroes of Might and Magic Mini online.
You are more or less guaranteed 90K when you get out of school and can easily break into the six figures if you're willing to work overtime.
Well, they'd better start treating their programmers better. I could write a virus that would rip this place...
Damn, I forget how that line goes. Must be getting really senile -- that screenplay is embedded so deeply in my brain I'll probably be forgetting my address next.
What I'm listening to now on Pandora...
This is a ludicrous assumption of an obvious ficticious and delusional event. There's *plenty* of unemployed tech folks that understand enough about web services to fix that specific issue that would be more than willing to replace you as sysadmin. or have I been trolled? =/
-gam
"In theory, theory and practice are the same; in practice, they are not."
at my office, i just deployed linux on most of the servers and since i'm the only one in this wonderful town that they can pay what they pay me to manage it all, i feel i might have their balls in my hand.. anything can happen though.
why not let your programmers work from home for 50-80% of their current in-office pay?
Sorry to say, 50% - 80% of a $50,000 salary is not cost effective. Overseas rates can be as low as $9 an hour with ALL benefits and expenses included. And that could be someone with PhD in computer science who speaks good English.
Just wait it out, your company will be begging to hire you back at a higher salery when offshore fvcks their codebase. I have been involved in 3 incidents where offshore development ruined an app, and I got paid overtime to fix it... Offshore does not work, it appears to work, so as long as _you_ work, instead of appearing to work, you have little to worry about.
The ones that know are the ones replaced - a normal security threat. Also proves why management typically has no brain capacity themselves, otherwise they would be a threat.
Let's see - we reaplced the one man security risk (all security administrators are a risk) with an entire company! Wow! That's improving the odds! (D'uh!)
I think one of the hardest things to come to terms with for bean counters is this:
How do you quantify the work done by an excellent Network/Systems/Security Administrator?
I've been in all of them in some capacity for several years now. One scary thing I have noticed is the fact that you only really get noticed when something goes wrong; if you do your job effectivly, PHB's sometimes wonder why it is that you are there and not doing anything but sitting on your ass all day and staring at a screen. Not realising that you are actually doing your job by _NOT_ doing anything. If that makes any sense at all....
What I suggest, for anyone in the IT industry, make damn sure that you keep an active diary of what you do on a day to day basis. Anything signifigant you do. It is really your only defence against the dreaded 'bobs' "So, what exactly DO you DO here? anywhay?"
Cheers.
....move along....nothing to see here....
I'm surprised they worked to get you fired, as opposed to working to absorb you into their group. Did their report make any particular observations as opposed to "he's a risk?"
They know your skills, and you are the best man they can get for their new customer.
I knew someone who worked for a company years ago (maybe he still does) whee the bosses were similarly stupid. He was THE unix guy at a company involved with transoceanic shipping. His bosses were so paranoid that he might do something maliciously (servers on the ships too) that they made him WRITE CODE that would track what he did in the event he decided to do something unauthorized. All kinds of shades of stupid.
The flip side of this is that most of the major IT disasters I've seen have been caused by idiot1 getting hired by idiot2 to do a job that neither idiot1 nor idiot2 knew the first thing about.
As the internet becomes more and more established, geographical bounderies become less and less relevant, almost to the stage they become completely irrelevant. We are almost there now (some would say we are there and beyond..)
If you are holding a position that CAN be outsourced cheaper, then at some point it will be. Maybe not this day, or month or year - but sometime.
What to do? - In short programming deffinitions are changing. Packaged solotions are becoming free with costs only for services, and bespoked solutions are becoming cheaper, and solutions more comprehensive.
My advice to programmers is to ride the wave, do not fight it. If you are in an "outsourcable" job, then..
A - Expand your responsibilites and outsource the job yourself! - You will still be in control of the duties, will be providing your employer with more services and generally making yourself more useful.
B - Give yourself extra responsibilities, leave the job contracting yourself out to your old employer for doing the same thing for slightly less money. Then use modern tools to do the task efficiently (maybe outsourcing it) looking to expand your new company into new areas...
C - If your employer does not accept that you can do either the above then start looking to do B with someone else...
The above solutions may seem far fetched and impossible, but unless programmers change with the times they will not remain programmers long. I do not accept whinges from people complaining there job was outsourced, for if there job could have been done cheaper, then why did they overvalue there own job? And if the quality that was bought in is not so good what are they complaining about? - if their skills are worth hiring then they should not be out of work for long - there are a lot of systems out there....
My message is the same as to those who ignore the OpenSource movement - wake up and adapt - or die.
Web Sig: Eddy Currents
There isn't anything my CEO does I couldn't do with half my brain.
I know because I've been there and done that.
Why do I do this now? Pen Square.
I am sorry to hear what happened to you. However, it is time the American workers determined what work culture they want to work in. In third world, the foreign specialists come and sign hymns about the great American "hire and fire" system that gives flexibility to the employer to drop you like a used paper-towel. Look at UAW, they have awesome power, but then they are also labelled as evil by the republicans. In Japan, they have a life-time employment kind of system. Yet, they are masters of mass-production and a developed country too. Hence, giving a worker security of job is not a too dangerous things as the right in America would like to believe. Well, next time they tell you about the great American capitalist system on TV are you ready to spit on them? If not then enjoy being fired. TO HELL WITH AYN RAND...
They are going to get a black-eye for this in the security field..
especially since there is no way to stop the PHB's from implementing the latest short-sighted "strategery du-jour" that periodically gets planted in their tiny little brains. The solution is two-fold: First, begin the process of starting your own company. Think services, think consulting, that sort of thing (I am in the midst of this process right now). It is basically the same work, under different circumstances and with the additional work of marketing/selling and customer relations thrown into the mix. Get used to it - this is what the future holds for most of us, ready or not. Second, after some time as passed and the PHB's have been forced to belatedly realize that they went too far with the whole outsourcing thing, charge them a LOT of money for the services you provide. p.s. Try not to make the same mistakes as the PHB's when it is eventually your turn in the driver's seat.
That is just profoundly unethical. The phrase floating around at the back of our minds is "conflict of interests". What company would trust a "consultant" that sells a product or service directly related to their consultation? The employer hired the consultant to determine the status of their security. The consultant recommended their own service as a cure. A job was lost in the process. That's just nasty-- the consultant was in a position where it was obviously most profitable to recommend their own product.
My Photography - http://ian-x.com
The Deathlings (comic) - http://thedeathlings.com
you mean 24 hours a day for 7 years?
> There isn't anything my CEO does I couldn't do with half my brain.
Well, what are you waiting for? Start your own company, and never worry about being made redundant again.
That's not necessarily true anymore. Dick Brown, for instance, was CEO of EDS for only about 4 years. He was recently handed about $36M and told to fuck off, and the company is still playing catch-up.
Mind you, having a Wall Street analyst downgrade their stock, only later to say "Wups, didn't mean it..." didn't help much either. What exactly is the liability there? EDS stock took a beating mainly because of that one moron, and he gets off with a wrist-slap and an apology?
Sacrificing mod points to post this in agreement. Unions are a good idea in theory, until they shoot off their own foot in practice.
The problem as I see it is that people get greedy. They go beyond trying to secure their rights to bestow entitlements on themselves. Eventually the ones supplying the entitlement revolt.
Constitutionally Correct
Unions give the employee a modicrum of power in the workplace. Ideally, the union can help employees to be fairly evaluated. Then they are fairly compensated, promoted and fired fairly. It helps control sleazy tricks like this. Without a union this person has no recourse, other than to go get another job, always fearful this could happen again. Unions can give someone some assurances of security. Believe me, when you get over 30, with a family and a mortgage, security is highly rated. With a union, there is a process the employer must go through to terminate. During the process, the sleazyness of the consulting company would come to the attention of people outside the department, and might actually be questioned by higher ups. Unions are not needed if employers always treated their employees with respect and with fairness. The Right has done a good job convincing people unions are evil and hold people back. Unions gave you the 40 hour work week, health benefits, safer working environments etc. Now that unions are weaker and less a threat, the Bush adminstration recently gutted overtime pay for millions of workers. Those with union contracts with overtime are safe, but millions are screwed. Commentary: Too Stingy With The Overtime Business Week : December 22, 2003 The Labor Dept.'s new eligibility rules would exclude millions
If all you did there was security, then you were in a bad position to begin with. Security should be a part of everything that is done, not handled simply by one person somewhere.
Network engineer - The person or persons responsible for designing, managing, and maintaining the enterprise network should be the ones responsible for its security through all aspects of their work. Security has to be designed in to begin with, so that the network has the absolute minimum exposure and still provides a maximum ability for authorized staff to monitor and control it, while all other authorized staff can make full intended use of the network.
Systems administrator - The person or persons responsible for selecting, installing, configuring, operating, and administering computer systems, both servers as well as workstations and desktops, should be the ones responsible for its security through all aspects of their work. Security has to be part of all the procedures so that the systems have the absolute minimum exposure while allowing authorized staff to perform the functions the systems are intended for.
Programmer/analyst - The person or persons responsible for designing, programming, testing, and deploying new applications, or changes to existing applications, should be the ones responsible for its security through all aspects of their work. Security has to be designed into the way the application works, into its program code, properly and thoroughly tested, and then further verified once the application is up and running. And this has to be done while the application can still be fully used by all authorized staff, clients, customers, etc.
Get the picture?
Sorry to burst your bubble, but there should not be just one person who handles security. Depending on the nature of the business, one person might be the one who handles security coordination, but that isn't a techie/geek job; it should be more along the lines of an auditor who would be a paper pusher kind of person at businesses like banks and investment firms.
As to your current situation I advise the following:
Hire a lawyer. Have this lawyer contact the company pretending to be your new potential employer, and ask them for reference information about you. Actually do this twice (be sure completely different people call and pretend to be completely different companies). In one case your "new" position should basically be described as one similar to what you had at the company that outsourced you out. In the other case your "new" position should basically be central to your non-security skill set, such as a network administrator or network engineer (or whatever is appropriate for you). If they give you a good recommendation, then move on with your life and don't worry about it (just don't open your own personal accounts there, etc). However, if they give you a bad recommendation (such as "he was assessed to be a security risk") then discuss with your lawyer that situation and determine what can be done (you may have a case for a defamation lawsuit against either your employer or the outsourcing company).
Be aware that most companies do tend to try to pretect themselves from lawsuits when giving references. They may very well not specify any problems. But that can also be interpreted by future employers as a problem, if they didn't give you a glowing recommendation. You'll have to determine how that will affect your career future.
You might want to start your own small "security management and monitoring services company". There are lots of smaller businesses that will need this kind of service (whether they know that or not ... but that's a salesman's job to work on), but are too small to hire someone full time, and not big enough to hire the big security contracting firms. In a few years, as the big security firms expand to the smaller businesses (to keep up equity growth as their big business market saturates), they may come along and offer to buy up your business. If you play your cards right, you could end up being more "successful" than the managers of the financial institution that fired you.
now we need to go OSS in diesel cars
Probably because we are not "oppressed workers," but rather highly-paid professionals who like negotiating our own contracts and don't want a union to come into our industry and muck everything up (while putting all of our lives under mafia control, and splitting off a huge chunk of our paychecks to support political campaigns for asshats.)
Sorry, but this is the hard facts:
I would rather hire 4 developers in India for the price of 1 developer here because the wage I give in India will be at the top of their pay scale and they will stay longer.
If I give an American worker a 50% pay cut, hell, even a 15% pay cut, when the economy starts booming, they will be out of here like a bat out of hell. Programmers in the US think they deserve to be making $100K+. I hired a Berkeley grad 4 years ago straight out of college and I had to pay him $70K. That's the going rate out here in Silicon Valley and I was desperate. Luckily, he was lazy so I didn't give him that many raises and then the dotcom boom collapsed. He had such a feeling on entitlement. I felt sorry for him, because when he graduated, he had literally 10 job offers, so his views on life are completely unrealistic. He thinks he's going to get the multiple job offers and the signing bonuses again, even though I explained to him that those times were a once-in-a-lifetime thing.
Anyway, I let him go a few months ago and replaced him with with 2 hard working guys from our office in Pune, India. Sorry to tell you guys, but they have been great.
I'm not out to screw people over, but frankly, the bottom line does count. If I don't make my bottom line numbers, then I will be out of a job, and better you than me. I know I will probably be out of a job sooner or later, but I'm a manager with transferable skills and the ability to lead projects based with offshore resources, so I'm hoping I can leverage this.
Hate to burst your bubble but it's just a reality check.
Because revenge is too sweet, especially against that kind of assholes. But maybe too easy and worthless as you don't want to work with them. It is a great society we are living now, isn't there anything that can protect you against that? Oh sorry we're still under hardcore capitalism. There is still enought people ready to work for nothing to support our economy, Or maybe they fire you because you suck at your work, you drink and break stuff there? Hmm.. or smile to them in the light and screw them in the dark, just like they do. But wait, maybe we cannot use our weapons against theirs, it is forbidden by the Law. I wasnt sure if I want to send that.. bah, take it or leave it, I hate that kind of happenings...
when the outsourcing is already happening , than it is too late, get a job at mcdonald.
;)
time to act is far before that. unorganized and individualized workers can easily be shoved around. instead of thinking of your personal career plans, a little class conscience can help.
join the union today, or even better organize your own!. formulate clear demands together with your comrades, take political action as soon as there is rumours of nefast change (inform the whole workfloor). if you are ignored , it is time for direct action. call meetings and make them last till your demands are met, exclude your bosses and supervisors from them. inform the companies customers and stockholders. get in contact with other comrades outside your exploiters venue.
if an outsourcing is at large, investigate the third party, contact its employees. report the result of your investigations in the cantine and on the workfloor.
eventually organize a (wildcat) strike. disable scabs politically by pointinmg them out as traitors to your colleagues and if necessary physically prevent them from breaking your strike
if all of that does not help , it is time for balaclava, slingshot and burning barricades
show them what a 'security risk' is alright!
... a security professional who seeks advice from /. about work-related issues...
I think the outside consultants, who found
you to be a security risk, were right.
To me, this is a sign of continually degrading manager-employee trust in the workplace. My interpretation of the above sentance is that your (previous) employer trusted an outside company more than they trusted you. It's an all too blatant case of not being able to see past the billfold.
Security administration is the pinnacle of a trust relationship. Cleartly, the security administrator has the potential to do an enormous amount of harm; naturally, he's a risk. I can't believe consulting firms profit from telling people that! That concept is so fundamental, so basic, so intuitive. Furthermore, security is like insurance: the benefits aren't tangible; to an accountant, security just looks like an expense. Sorry folks, it's the cost of doing business these days.
And to have some firm come along, pronounce the obvious, and get someone fired for it is ridiculous. Why did this company trust the outside firm more than their own employees?
Language barrier. I'm not talking about "English as a second laguage" or figures of speech; I'm talking about the laguage of business. This consulting firm came along, excited the company's management with fear, and swiftly calmed those fears by speaking in terms only a manager can understand: bottom line. Sadly, security is an issue whose technical details are every bit as important as the financial details.
This fits hand-in-hand with my most outrageous conspiracy theory to date: the USA is the home of a giant power struggle, a fight between the managers-accounts-lawyers (MAL) and everyone else. (Why else would "mal-" be a prefix that usually implies something bad? <grin>) The MAL group is interested only in profit, making money, and considers greed a legitimate and essential part of the American Dream. The mal-people have created the convoluted infrastructure upon which we operate; they are the only ones who understand it, and can therefore manipulate it to maintain their power.
The rest of us are seen as a threat. Education, free speech, free thought, individuality are the chaos that keep mal-people from having total control. Still, they do their best to suppress such threats. Labor unions of olde are a nice example: a group of people who simply wanted fair compensation for their work. And as the years have gone by, the power of labor unions has dissolved considerably. The tech savvy are the new threat to the mal-power; geeks posses great knowledge and capability; they potentially have the power to unseat the MAL. So what does the MAL do? Work the system (their system) so that the geeks' power and influence is kept at bay (or, more appropriately, kept offshore).
I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.
Hmm, it's possible that what they did falls under the definition of tortious interference. But IANAL, so I really have no clue whether or not that's the case.
Become your own CEO, and run your business like you think it should be run.
If every laid off techie would think this way rather than hopelessly mailing their resume for the past 12 months, we'd be in a much better economy by now IMHO.
--
OpenHosting - Vritual Servers for the geeks
You're the one that said Indian . . . Who's stereotyping now?
Work as a military contractor! Obviously no foreign outsourcing there.
Shitty Indian programmers are the norm. Indian culture is not something we want to bring over here. They watch shitty movies and smell like spices. They have that awful music. Choooy-daaaa-muraaa-daaaa-daaaa. FUCK THAT SHIT. Hey, why dont YOU get your head out of the sand and go stick it up your dead mother's wicked ass.
medicine has become the same way.
Many hospitals are contracting with large national companies to provide physicians services that were traditionally provided "in house." This is most easily done for things like Radiology, where films can be digitized and shipped anywhere in the world to be read by a room full of radiologists. It's also being done (and has been for years) with Pathology services... send your slides and tissue specimens to a big lab to be examined rather than the employing a bunch of local pathologists. Admittedly, there are some economies of scale that enter into the picture... "sending out" can be more efficient.
This is also a big deal in my own specialty (emergency medicine); competition is brutal. There are large national "contract management" ER groups that are constantly approaching hospital administrators with sales people, brochures, and a pitch about their high-quality, lower-cost emergency medicine care. Contracts change hands in ER all the time, which is why a lot of ER docs live like gypsies... if your hospital outsources their ER services, you get fired, and have to find another job (if you live in a smaller area with only one or two hospitals, you can be SOL... time to uproot the family and move.)
How do I/we fight it? Relationships and service. We make ourselves available to the administration to address concerns and problems. We build relationships with the community physicians, so that they KNOW who's taking care of their patients in the ER, and KNOW they can trust us to take care of the critically-ill. We integrate ourselves into hospital committees, and get involved in the community. We implement Quality Assurance and Peer Review to ensure that we're practicing up to the standard of care. It can be a lot of work trying to keep your job (never thought you'd hear a doctor say that, did you?).
In ER, losing your contract/job or not usually has nothing to do with bad medicine... it's failure to "play the game" that sinks you. There may be a parallel here for the infosec geek that was fired... If there's one area where the prototypical "geek" personality probably hurts the most, it's in the eschewing of those critical relationships. It's great to have m4d 5ki11z in the server room... but a little face time with the powers that be could make the difference between paycheck and pink slip...
There's no guarantees, however... even with all my efforts, I can still get sold out if my hospital administrator gets a wild hair, or just plain doesn't like me.
It's business reality for lots of folks, not just IT.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Then actually, you ARE a pretty big security risk.
You are the ONLY one who knows what's going on with the network security-wise. You could have them penetrated 10 ways to Sunday and they'd have to take your word for it that they're secure.
That's the first point. The second point is that you didn't get screwed over by a network security geek, you got screwed over by a salesman who makes money for some hot-shot CEO who pays a few network security geeks to do far more work than they should be handling. I just got myself fired from a job for "not fitting in". This meant that I had personal and professional objections to monitoring network connectivity, security, e-mail, webhosting, and VPN for some 150 customers and 4-500 sites at 50 hours a week as one of 6 people doing the job. Meanwhile, the 10 sales guys have a "Vice President" title hanging off their names, don't have a clue how to use a computer, and are promising the moon while the CEO rakes it in.
This situation is a real issue. Most of these companies are taking advantage of federal legislation requiring a certain level of security for a bank. And while it's not fair to you, you DO constitute a security risk as a sole security person. On the other hand, you also can't go back to your employer in a month and say, "Your security is full of holes now with this new provider, here let me show you." The bank's been swindled, you're unemployed, and an overworked staff just got more overworked. It's a lousy situation all around. The only thing you can do is move on.
Though I don't envy you trying to explain away getting fired as a security risk on your resume. That's probably the second-most unfair thing about the whole deal.
You thought that this sig was what you think that I thought you wanted me to think. I think.
Except that can get you jail time.
;)
If this company he works for was run that
badly he's better off trying to find another
employer.
He might consider writing some security apps
himself and selling them. His boss would be
a lot more resonable
-- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
Counterpane? Not the open source loving counterpane?
http://passwordsafe.sourceforge.net/
Or should we just realize that all companies are evil and good in their own way.
Hense why I am starting up my own company. Fuck this working for other people crap. You just need interpersonal skills.
Blah Blah Blah.
They won't sue you. At the very least tell us who the company doing the audit was. If they actually came after you, they would get an incredibly bad reputation for acting in very unethical ways. And you need trust to operate as a security company.
Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas
Here's a question I have for you, Cliff. Where exactly did it say in the original query that the guy's job WAS outsourced overseas ? Or is that just playing on the FUD-in-fashion here ?
I'm on call 24x7x365 while the CEO sleeps.
The CEO sleeps 24x7x365?
By the way, what exactly is 24x7x365? Is that 365 weeks straight?
The problem: you're replaceable, and the managers have the power to replace you.
Their secret is basically to pay for very highly qualified Type-A people who are good in IT but also have other skillsets (statistics, communications, management, etc.). You know they can do the job, and they can often do the job of 2-5 entry-level people. They also push for high retention.
The end result is a smaller staff capable of doing more that they hold on to. After all you may pay 20% of the price for 5 entry-level programmers in India, but for the same total you can hire one woman who can do their work, has other skills, and is located and accessible.
So I'd say the best way to cope with outsourcing is:
I sense what my employer has gone through is going to happen to others - getting burned on outsourcing. As much a fad as it is, I keep hearing the failure rate is very high.
But we have to battle the fad now.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
For wearing your 'l33t hax0r' hat when the outside security guys come through...
Trade it in for a nice black fedora like I've got on my hat rack. I get compliments on it all the time.
At least, until they realize it's a plastic prop I stole from the Black Hat Briefings.
I haven't heard someone use so many words so incoherently since Al Gore was running for Prez.
Indian tech workers work for what amounts to US minimum wage or lower. If a US tech has been employed for a period of time then laid-off, their unemployment checks are larger then a minimum wage check. If a US tech takes a once high-paying job for minimum wage, it sets a precedent; one that tech managers don't want to set as it will effect their own market value. Working from home doesn't save a company much, it may even cost more in productivity loss.
Another factor is what a company values talent at. Lets face it, many people with Comp-Sci, or Electrical Engineering degrees don't have a whole lot of talent. They just went though the motions and met the basic requirements to graduate. Forget MCSE folks who got their "certification" from a school that advertises on TV. If, in the US, these folk's annual salaries are upwards of $70k or higher and in Bangalore they're $13k and talent being equal, companies are going to choose the lower rate for the lower talent. Talented people in the US have no problems finding jobs, as companies are willing to pay for real talent.
The tech profession has become like the medical and legal professions; lots of wannabes chasing ambulances and few truly good practitioners. We just can't offshore those jobs. Yet.
It could be that the company did a background check on you. And found something to suggest that maybe your not the best person to be working in security. Of course this could just be that you were arrsyed for D.U.I when in college or some other small thing. But the outsourcer just said did you now your security expert is a crimminal.
But the flipside of this is that you could end up with total incompetence in the workforce. That's fine if it's a janitorial position, but would you really want a dumbass to keep his/her job handling various functions in a nuclear reactor? What about in a financial institution you belong to?
Recourse IS available for those who qualify. I was fired unjustly from a company 15 years ago, believe me I know. I went to the employment board and filed a grievance. In 30 days I had the choice of getting my job back or taking a settlement - I took the settlement.
YOU don't know the full story in this situation either. Maybe a major security breach was found that the author of this article didn't know about. Maybe his company was looking to 'pare down' their IT staff anyway. My point is that in the U.S. shit can and will happen, but I believe the system works itself out. Not perfect, but then neither is a 75% tax rate under socialism.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
You have grounds to sue the consultant for slander and defamation of character. An attorney can get the secret report through discovery, and the odds are that you can rip them to shreds and obtain substantial damages. Your former employer, who will probably settle rather than face a full-blown unlawful termination suit in open court, is also highly vulnerable.
No, it won't get your job back, but this sort of thing is as close to a lottery ticket as you're likely to get without the CEO grabbing your nads in public.
Proud member of the Weirdo-American community.
A group of us in MASS are going to see one of Sen. Kennedy's aides Monday. We have been asking people to send us their personal stories so that we can take them to the Senator. We really wanted mostly stories from MA, but we will take anyone's story with us. If you would like to have your story included, email it me. www.ginaminks.com/blog
No.
Try and hunt down an old sci-fi story called "The Roads Must Roll," by Robert Heinlein.
Quick plot summary: In the future, American cities are interconnected by vast conveyor belts--called roads--which transports people and goods. A few political demagogues start convincing people that certain segments of society should be rewarded for doing "critical work." For example, the road mechanics realize that without them, society as a whole would be hosed.
So a faction within this group of mechanics decides to go on strike, shutting off the roads and committing vandalism. Sure enough, everything stops working as the factions battle it out for control over the roads.
The basic problem with their underlying thinking is this: There is no one ultimate locus of control. Our entire society is completely interdependent. If the network people quit doing what they do, things are hosed. The same goes for doctors, police, firefighters, manufacturers, and farmers.
Take another example: Miners. There's an old mining slogan that says, "If it isn't grown, it has to be mined." There's a great deal of truth to that. Without mining and miners, we're screwed. But does that mean that the mining industry deserves ultimate control over our society? It's like having your kidneys demand veto power over your brain because the brain cannot operate without them.
Management types think of themselves the same way you're asking computing types to think. According to their thinking, without a running business, you wouldn't have a job where you could ply your trade.
Every society strikes a balance between individualism and collectivism. We're all individuals, but we're also functional units within a larger system that keeps everyone alive. I think you've definitely drawn the line in a bad place. Whether computer gurus are under or overvalued is irrelevant; I strongly object to your basic premise: if we have the power to wreck everything, we have the right to do so if the system doesn't give us what we want. It's merely blackmail writ large.
You want the truthiness? You can't handle the truthiness!
.. tell us the names!
<reverb>$Evil_Laugh</reverb>
Eschew Obfuscation
If they don't want to play with you, start your own game.
Go to Kinkos, get some business cards made up, and go make $60-$100 an hour doing what you used to do for $15
That's why I formed my company. We act like CIO's for small businesses, say under 25 employees typically, so that when they deal with networking company x, or software sales company y, they have someone on their side to deal on our client's behalf. People that need expert advice when it comes time, but not on an everyday basis.
We preform security audits which has led to people getting fired, but that was because of performance. Often we sit down and make suggestions on firewall settings or equipment they might want to purchase, but we don't sell the equipment or sell to manage it. We usually will place in our report that if a policy needs to be developed or changed we can help sit down with their people and write that policy, but that is as far as our "additional" services go. Still, that is really just paying us for more time consulting than anything.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
If your boss fired you because some company said that you are the risk, maybe your boss is too stupid to trust some people he does not know, or maybe he was handed some money. That is allways the risk with every job: being displaced for somebody smarter. The morale in this is : you people of the 1st world are experiencing NOW what we people of the 3rd. world have been experiencing for years.
IANAL, laws vary from jurisdiction to jurisdiction, etc.
That said, it might be illegal to fire you without "just cause". A conslutant's report labelling you as a security risk might or might not qualify as such, especially if said conslutant proceeded to win a contract to replace you.
Read your contract, and consult a qualified lawyer, about what conditions your (former) employer must satisfy in order to fire you.
Tarsnap: Online backups for the truly paranoid
As a Network Security Analyst for a large financial institution, I welcome 3rd party audits. In fact, one just finished up recently. To me they represent a means of showing the Board and the Executives what a great job I'm doing.
I really don't believe that a respectable firm would use an audit to try to remove an existing employee just as a way to sell their product. For one thing, it leaves them open to lawsuits from the fired employee. No, I think that if a 3rd party auditor labels a Security Analyst as a risk, they most likely have some damn good evidence that the author is a screw-up.
Since the author asked for advice, here it is: if you insist on trying to get another job in the security field and you actually succeed, next time you hear about an upcoming audit:
1) Find out who the auditor is. Check up on them and if you have any concerns about their professionalism, raise your concerns before the contract is signed.
2) Get your act together. Make sure all your servers and workstations are up to date on patches and anti-virus dat files. Make sure your firewall, IDS and other security software is running the latest versions.
3) Make sure everything is documented; change management, DR procedures, incident response, etc.
4) Ensure that your backups are working.
5) When the auditor(s) come, be friendly and helpful.
Follow these simple rules and you should be fine next time.
A boilerplate recommendation in any report is "It is urgent that more funding be provided to the people and departments/companies that produced this report".
Comment removed based on user account deletion
a game we used to play when the weather was cold and snowy...
King of the Hill
Very Stupid Game IMHO
I say "change the game"
Do something different. Start your own business, go back to school. Do an long distance MBA.
Everything happens for a reason... Be strong...
http://01edit.com
Free Web based FTP
I'm sure about the entire legality, but wouldn't this be considered defamation in a sense?
Fist let me start off that I've never worked for a company that had more than 100 employees, must have been sub 30. I can't hack a big company, to stupid for their own good.
Having said this, this is where you should be looking for work, either go it on your own or find a small startup, lots more fun anyway. H1B's and outsourcing don't work well for small companies. My current company has grown to 60 ppl and we now have a selection of H1B's, and we finally hired the first H1B in my experiance that wasn't a drone, that could actually think, that could actually ask an intelligant question or provide design insight. The rest are just cheap drones that do what they are told 70hrs a week, but leave them unmanaged for more than a day or two and production goes to zero. About managment, most take twice or three times the effort than a new college grad to "get it".
Maybe it is just my particular field, but I couldn't see an H1B or an outsourcer running our MIS it is tied to cloesly to our development.
mycal
32" tv, huh... must live in the NYC area b/c the cost of living is ridiculously high.
Whenever an issue like this comes up the inevitable /. knee-jerk libetarians come out of the wood-work: "capitalism good protection bad" Well maybe some of these libetarians should find out what Adam Smith was really about. His model of capitalism is based in an agrarian society with independent artisans and traders. His idea of a free market is exactly that - where everyone has equal access to market and equal information.
Corporate America has as much to do with the Adam Smith model as the Bolshevist U.S.S.R. It's not even related to Marx' model of capitalism, for in Corporate America, capital is as alientated from controlling the means of production as labor is. Instead, what you have is a management class which calls the shots and enriches itself at the expense of both workers and owners - can you say Enron, Adelphi, Worldcom etc etc.
Sure a worker has the "freedom" to say "fuck you" to his boss and look for another job. In theory. In practice, as the job market shrinks despite the "improving" economy (i.e. the management class being further enriched) those jobs are very hard to come by. So the worker has to bite his tongue as his workload is doubled, as her boss wittles away more and more of her "perks," as the threat of outsourcing is used to bludgeon him into obedience.
Saying to someone "go out and upgrade your skills" is also BS. A friend of mine is in his mid-40s, extremely talented, engineer/MBA out of work for a year and a half. Who's going to hire people in their 40s and 50s, no matter how much talent and experience they have, no matter how upgraded their skills are? And you young 'uns are going to get there faster than you think.
Corporate America demands obedience, makes people work like slaves, uses them, chews them up and throws them out when they no longer are useful. Maybe we should just kill off laid of workers so we don't have to worry about unemployment insurance and welfare?
And no I am not speaking out of personal bitterness. I have a successful consultancy business and work for myself. But even if you believe in ultra-selfishness, a society with many poor, disaffected people is a very scary and dangerous place to live in. This is an issue that effects all of us, not just the laid off.
buy a few acres of arable land. You might also consider purchasing a quality battle rifle, a 12 gauge shotgun and as much ammo as you can. If you think this thing isn't coming down, you're as stupid as your PHB.
Mod this as troll, or worse. See what I care. It doesn't change the fact that this system is structurally fucked and must come down. Yeah, yeah, you think it's bullshit, well, who will be left to buy the garbage from WalMart? Oh, I guess cops, soldiers and criminal politicians will still have jobs. Hmm.
We've heard your side of the story, and it certainly sounds like a bad deal. It is possible the 3rd party was acting unprofessionally and convinced the management to fire you and sell them their security services. However, it also sounds they might have used it as an excuse to lay you off.
As much as a network security position is critical, I would venture to say it is a position that isn't what a financial company would call core to their business. With the hard economy these last few years, I've seen a lot of businesses that yap about "focusing on our core" as they announce layoffs. I also suspect the management may have been intimidated by such a technical person as yourself, and decided to duck and cover to get the dirty work done, rather than confront you directly to inform you that they were laying you off.
In any case, real security auditing should be done by companies with nothing to gain from the results your audit. It's sort of like this flyer I got from Microsoft that entitles me to a complimentary assessment of my infrastructure to see if Windows 2003 is right for me (wonder how that'll turn out).
Hecubas
The best possible way I know of to beat the layoff blues is not to over-specialize in any one area of computers, networking, electronics, or other tech fields. Diversify your skill base as much as you possibly can.
For my part, I started out by fixing Teletype machines and data terminals in the late 70's to early 80's. Went from there into telephony (phone systems and subscriber hardware, key systems, PBX/PABX) in the mid-80's.
The late 80's saw me working in the land/mobile 2-way radio field, as did the early 90's. This included work on analog microwave systems and simulcast repeater nets.
Mid-90's, I found myself in the datacomm and networking arena, taking care of the University of California's intercampus T1 network and the stuff that hooked up to it.
Late 90's to this century: A brief stint in radio again, and then into computers and IT work. Now, with the slump in IT (and the fact that I really miss having a soldering pencil in one hand and an oscilloscope probe in the other), I'm looking at getting back into radio and electronics work again.
Being multitalented has really helped. Tech employment slump notwithstanding (EVERY technical field was affected, not just IT), I've rarely had trouble finding a job. In fact, I keep several different resumes, each highlighting a different set of my skill base.
If it worked for me, it can work for others. May you find a new slot quickly.
Bruce Lane, KC7GR,
Blue Feather Technologies
Recently I was fired for something I wrote online under a nickname on my own time and on my own server. Basically it was a diary site a few of my friends knew about and it was my place to vent. The company I worked for was never mentioned by name and neither was anyone I worked with. Only a handful of friends even knew the site existed in the first place.
Anyway, somehow someone (rather curious about these two points...) at work found the site and they found one little sentence that they didn't like. They hauled me into the presidents office and fired me. It was over in maybe 15 minutes. The thing was, they had no proof that that nickname was me. They wouldn't tell me how the site was found. And they even went so far as to call my opinions illegal.
What can I do about this? Has anyone had this happen to them or know someone maybe? What can be done? Anything? They even mailed me a letter that suggested rather rudely and directly that I should seek a professional councilor to discuss some of the things I had written in my diary!
"You can't treat the working man this way! One day we'll form a union, and get the fair and equitable treatment we deserve! Then we'll go too far, and get corrupt, and shiftless, and the Japanese will eat us alive!" - The Simpsons
.. This vendor wrote a report about your performance/risk, and you where not allowed to see the document?
Get a lawyer.
Hell, I'd start handing put flier advocating unionizing. really piss them off. and there is nothing they can do about it.
The Kruger Dunning explains most post on
"I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.'"
No conflict of interest there.
http://www.redherring.com/article.aspx?f=Articles/ 2003%2f12%2f0a64e1b6-d7ae-47e0-9f8b-d0488527e8e3%2 f0a64e1b6-d7ae-47e0-9f8b-d0488527e8e3.xml&hed=Top% 2010%20trends:%20Outsourcing%20backlash
I sure hope you get paid a shitload of money. Otherwise you're getting the "info power" right up your poophole, big time.
What happens if brain fires the kidneys.
Comment removed based on user account deletion
You need to talk to a lawyer.
This company said things about you that you claim are unfair and untrue. INAL but if you're right that's probably slander and/or lible.
You claim that they had a conflict of interest, well that might help your case.
The words "major security risk" seem kind of harsh were they claiming that you were personally untrustworthy or just inconfident?
If it's the former then you might have a good case.
Remember firing people is very common but insulting them like this is not.
Now here's a simple plan for you.
1.Find a new job
2.Hire a lawyer
3.Profit
Note I'm not a lawyer. This is not legal advise. yada yada yada.
Yeah, there's a great idea. I can just see it now:
All techies go to Pharmacy school. That way, when we're up late at night coding for a client, we know how to mix our own Phenylbarbital to keep us awake.
Better yet -- All techies get their RPh, and that way the entire Pharmacy market is flooded. Hey, I'll work for the same $50k/yr as a Pharmacist as I did when I was a Manager of IT. Lower the bar in that industry. Before you know it, your local Walgreens will be outsourcing the Pharmacy to a bunch of $9/hr 'pretty proficient in English' individuals.
Let's take it a step further... All techies become MDs. Heck, after six years of school and internships and rotations, I hear MDs make over $100K/yr! Flood that industry with h4x0r5 so the next time you have a nail stuck in your ass it can be removed by the techieMD who was up all last night working on developing the next DDoS against the RIAA's website. Hrmpf!
Do YOU really want YOUR techie to be a RPh?
I think not.
Comment removed based on user account deletion
Time to face up to the facts. If you are still working in IT, in the USA, its just a matter of time ( few months, maybe a year, maybe two ) before you are terminated from your job. There are people who tell you stuff like - if you are a really good programmer, you have nothing to worry. Balls! You could be a kernel hacker and you will be replaced. Lemme give you actual stats - every 365 days, 250,000 programmers are minted in Bangalore - and that's just one city. There's atleast 5 cities in India where the quantity & quality is comparable. Now, even if you think you are creme de la creme, you are uber hacker dude, you are the top 0.001% of the IT population, you can still be replaced by one of 0.001 * 250,000 = 250 Indian prgrammers. Plug in your percentage worth and do you own math, but the fact is this - I personally know of Indian programmers who code device drivers and hack assembly for a living at a fraction of the price they pay here in the US of A. We're not talking about "pick up VB in 14 day" type losers - there's a whole different breed out there and they WILL assimilate you - just a matter of time. You basically have 2 options - a. if you don't care about IT, you just want a job & a paycheck - then just switch careers. Pick a job that can't be outsourced - sales manager in local walmart, or a paralegal or a train driver or a ...
b. if you MUST do IT for a living and nothing else - well, you can move to India and work as an expat. India has a whole bunch of foreigners working there on expat visas.
economics is a noncompassionate science.
no thank you, i would not trade 50% of my income to work from home. i wouldnt trade 20% either. are you crazy?
Foremost, I sympathize with your situation. I also work for a financial company and we recently had a 3rd party perform security assessment. I believe the reason why nothing has changed in favor of the 3rd party assessment company because we worked hard to be better. As we found out, that was the case with this company as we felt they were merely following some premade script, using readily available open source tools, skipped some parts of their assessment that we thought they didn't grasp and dodged many of our inquiries. During the whole assessment it was important to keep management informed of our impression of them, our findings, their weaknesses and flaws so that management isn't falsely influenced.
Wishing you great success with your future endevours!
Did he even say they were Indian programmers?
You can't spend your whole life on the bandwagon because if you do that everyone else will be jumping on with you and it'll get overcrowded. Put a bit of thought into your career and think about acquiring a skill that's at least slightly different from those of everyone else around you.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
were you looking for sympathy or real advice at slashdot?good luck filtering the signal from the noise...maybe if you're lucky, somebody will send you their tattered copy of Atlas Shrugged or Wealth of Nations...
Really, I'm not. But, We're about to be forced into an unwanted and unnecessary security audit too, and I fear that all the consultants (con + insult) on our list are only interested in selling us (our IT staff) up the river too.
Please, do give us the name, at least of the auditors, so I can see if they're on our list too.
Dude,
:). I have nothing against any race or any color. And yes, my ex-offshore partner was Indian as well, but that doesnt change the fact that they were incompetent.
I am as Indian as they get
I wasnt issuing a blanket statement about all Indian outsourcing firms. I am merely referring to the fact that most of the firms who indulge in outsourcing are plainly jumping on the bandwagon with nary a thought about its implications in the long run. And hence outsourcing isnt here to stay, it will blow over very soon when firms and managers realize that it makes more sense to have the team onsite rather than having someone do most of the work at night when you arent around to manage.
And if your offshore partner is a plain schmuck, like was mine, they will shaft you at every step possible, by overbilling you, by working on other projects in the hour they bill you. Believe me, I have been a witness to this and much more.
Rapid Nirvana
Other people mentioned it already, but I'll say it again:
Do your own internal audits. Your recommendations may be ignored or outright rejected but at least then a 3rd party audit can't make you look bad for it.
As very simple example, I once undertook to audit the security of a particular HP-UX server. Among other things I found was that most of the programmers were using telnet and FTP to do their work on it. I recommended switching to SSH. My recommendation was politely noted then ignored. A later audit pointed out that this was a huge security risk. If I hadn't already made the recommendation, this would have reflected poorly on me. Fortunately, management forced the issue after reading about it from the 3rd party and now they are finally using SSH.
Comment removed based on user account deletion
He should sue the outsourcing company for slander and libel (since they probably handed his employer a report stating he was a security risk)
Of course it all depends on what context he was fired for. Are we getting the whole story here? Did you do any activities that could be considered a security risk?
I was the IS manager (and pretty much the only network guy at a county Behavioral Health (Mental Health) agency. They decided to go with a "complete mental health solution"(CMHC) that hadn't been written to work in our state when mangement bought it.
This was done shortly before I arrived and the previous two IS managers quit 1. when it looked like the county was about to purchase this package 2. once the system was purchased and she saw the daunting task of maling the thing work. (Oh, did I say the fiscal officer was a real good friend of the consultant for this company)
I, while working out an annual budget, informally (warning, nothing is ever informal) noted that over the next year or two we needed to be phaseing out these expensive consulting services. Next, the consultant is salled to do a review of my work performance. No supprise, I was doing every single thing wrong. Even my backups were wrong, I was doing full backups every night while she noted that relative (full, differential, incremental... relative isn't on that lest girl) backups should be done instead because they are significantly easer to restore from. The whole review was like that. Bull from a vendor who had a interest (kickbacks almost) interest in getting rid of me.
Well, I am back to repiring copiers, faxes and printers for about $10 an hour and hating every minute of it (oh, and I still "get" to do network installs of devices and troubleshooting for that same $10/hr). All I can say is what a waste.
If the IT world had better organisation it wouldn't consist of people being trodden underfoot because they think they are "elite" "indespensible" and "able to stand alone". As a rule of thumb your CEO is smarter than your average 21 year old programmer, and believe me *his* interests don't match yours, however much he swears they do.
India has much much stronger labour laws than the USA on most issues (although enforcement has problems sometimes). Indian IT workers sometimes do belong to unions or labour groups. Interestingly some of them chose not to use the word "union" because they wanted a labour group but didn't want the conflict the word union implies in some parts of the world, but to imply constructive working together
The jobs that went from the USA and EU have something much more important in common. They are low skilled, highly manpower intensive and not subsidized. It has a lot to do with wage costs and very little to do with unions.
Software is manpower intensive, not subsidized and the skills are being developed rapidly to a high level in other countries. The rest follows logically enough.
Welcome to globalization of production. Unfortunately globalisation of buying is a different matter (eg DVD prices in europe , US text book costs, US v Canadian medicine prices).
The scum at Data Networks out of Maryland did the same thing. I had worked for this company for 21 years, and they gave a report to our board that was about 300 pages long of all the security things I was doing "wrong." Most of the pages were wild claims about Linux's and Solaris's lack of security and about the risks of *not* using a cisco PIX firewall. There was pages of silly stuff like the demarc point being too far from equipment room. Well, the board was the ones that decided on which room to install a raised floor and extra cooling. Of course, I got called to the carpet on that one. It wasn't even a problem in the first place since you can extend T1's for 100's of feet without problems, but they claimed the 50' we had was too much. I was accused of "malfeasance" for buying Sun servers rather than buying cheaper Dell's. Most of our Sun's are 5+ years-old and a few are even 10 years-old and chugging along without problem. An old IPC running Debian makes a perfect backup name server. So, Data Networks has convinced them to get involved with the Windows/Dell upgrade from hell cycle and to pay them to rewrite all of the software we use. They also sold them a $40k cisco router they don't need and a $30k (or so) cisco PIX firewalls. Data Networks has also convinced them to sue me over the price difference between the Sun's and an "equivalent" (not that you can buy a Dell that's equivalent to a Sun) Dell server. They're supposed to serve papers sometime early next year. Oh well. It was a great job working with great people for 21 years. It was also the only job I've had since I graduated from Ga Tech.
No, if you replace that one domestic programmer with ten foreign programmers, all you get is a domestic project manager to run the show, and a programming staff that is far less accountable. And you can probably bet that the service company's project manager's agenda is only marginally congruent with your agenda.
Comment removed based on user account deletion
US government cannot, by regulation, outsource any of its internal work to a non-citizen. There are waivers attainable in rare circumstance, but they are very, very limited in duration.
To know is to have knowledge....to understand is to be enlightened.
As long as it only fires one, you're still pretty good, if it fires both, then it was a stupid brain and deserves to die.
"why not let your programmers work from home for 50-80%"
Why should they pay you 50-80% of your current salary when they can pay some foreigner 5-10% of your current salary to do the same job?
Here's my advice (and let me first say "you asked for it"), get another career. The IT/Computer industry in this country is over. There is no longer a future in any technical career in the US - not until salary has deflated to match that of the third world...
That's your problem. You're in the Bay Area.
If you were adding workers or starting a company, why would you add them in Northern CA where costs are out of control?
It's looking like the answer, more and more, is to start your own business.
These employers should not be allowed to get any patents or copyright protection for work done overseas. This intellictual property was not done on American soil and should not garner the same rights as work done in the states.
There are ample people in the states that are qualified enough to fill any of the so called "highly qualified" jobs everyone says we don't have employees for.
But what I am seeing is that since the US gov't doesn't care where (or even if) they get the tax dollars from, they will be short of tax dollars when all the US jobs are gone to overseas companies. Wonder where that leaves us? Enter service employee of the month at your local BK, MCD's, etc. These will be the only jobs remaining, thanks to the gov't.
I bet your Human Services department would have a thing or two to say about your termination. HS departments are always very nervous about litigation. You didn't mention the official stated reason for your being let go. Elimination of the position? That would be tough to fight. If the stated reason were "lack of job performance" due to the audit finding glitches -- then why did they give you a raise and favorable reviews, which are all on record? That would be a big opening for any lawyer. Can you say, "Collusion" ? In my second week of employment at my current job, the main Exchange server crashed. Badly. I stayed at the office all night working on the problem and had e-mail up and running about an hour before people started arriving in the morning. I just don't see how some consultant would be willing to do that without such extreme cost cutting measures which guarantee you won't have the same consultant working on a problem throughout the life of the problem (such as split 12 hour "local" and "overseas" shifts). Otherwise it would cost a fortune to contract that.
Things are rarely what they seem.. It sounds like the execs needed to manufacture a reason to fire everybody, so they paid somebody to hand them one. If this is the case, expose the company for what it is in front of the stakeholders...
Pointed Haired Bosses don't think that way. At my last job (one of the big 3 ISP's) one of the NT admin's screwed up and opened our one internal systems to the whole world. One of our techs studing security discovered the hole and reported it our PHB. Who came to our SA team to check and confirm. They were more concerned about the tech finding the hole, than the idiot NT admin who screw up an NT securtiy setting. They were insisting on firing the tech. They said opening up our system to world was less of and issue, than a employee sniffing our network, even if he reported it.
I've worked for too many large corporations don't ever think management is going to think logicly.
SafariShane needs to turn around and hack back in to the system in a week
Wouldn't that mean he really is a security risk?
You must establish a good rapport with your users, such that if management tries to force you to leave, the users will go insane and force management to keep you. If you screw your customers, you screw yourself. The customer is always right.
A 32" TV and laser vision surgery!? That must have cost at least $1500! Where can I get a great job like this, with such a ludicrous salary!
It is just business. It may have nothing to do with you personally or how well you performed your job.
There could be several reasons for them to make the choice that they did. I'm sure that a big part of it was liability. Being a financial services firm, they would be in big trouble if there were a security breach.
The services company will represent themselves as qualified professionals and will carry liability insurance. If there is a breach, management has an out and somebody to hold accountable. If you allowed a breach as an employee then they are accountable.
I have seen a lot of posts about how stupid management can be. While this is sometimes the case, I have found that many decisions only appear stupid because the average technical person doesn't give much thought to overall strategy or business drivers.
I have been on both sides of the equation. I've sat and strategerized with my attorney and had to make some of these difficult decisions. Things aren't always as easy and simple as they appear on the surface.
As a professional, it is your responsibility to learn about the business and strategic aspects of your job as well as keep up with the technical aspects. Take these things into account as you find your next position. It will help you in the long run.
Not if he gets triple time, plus travel, plus meal, plus a bunch of other perks when he's called in.
There are only 10 kinds of people in this world... those who understand binary and those who don't
Capitalism is not for the faint of heart. Maybe you were actually fired for cause or maybe your company thought outsourcing security was a better bang for the buck. Get over it and find another job. The big bad world doesn't owe you a thing. I know all you leftist wimps will be complaining, but if you don't like it go to one of the many socialist or communist countries whose economies are failing.
;)
Karma was good until this post
My boy, my boy!
phenylbarbital is a depressant. its amphetamine fool. get your hand out of you ass
I've rarely seen outsourcing go well. Now we're talking about info-sec? You're going to outsource the "guardians at the gate" job to a company whose tactics should be seen as seedy by the dumbest of Pointy-Haired-Bosses??? They'll get what they deserve. Maybe not sooner, but certianly later. Considering they are a financial company, the PR cost alone could be disasterous.
Pardon my language, but f**k 'em. I'd leave cordially but expressing reservation about their tactics and ability to execute. IMHO there's no reason to burn bridges, IT is too close knit to do that. Plus there's no benefit for the guy who got canned. They could come back and beg him to return if there's a bridge left standing
Finally, companies who act like greedy sheep are inevitably led to slaughter. I know, I work for one and we're getting killed for bone-headed accountant-driven decisions very similar to those decribed here...
Computer Science is Applied Philosophy
Yes. Good reply. In fact, this is exactly what I was going to suggest.
But, it wouldn't suggest that a disgruntled IT guy is a threat, insomuch as the "new-an-improved" security is inadequate. Afterall, he wasn't disgruntled until he was fired.
His work should indicate that this ex-employee isn't a threat, because he knows too much about the network... It should indicate that the new security company dosen't know shit. Otherwise, you're going to setup a mutual distrust between the company and the IT people. In other words: The IT people won't trust that their jobs are safe, and the company won't trust that the IT people won't fuck them over because they are mad.
Personally, I wouldn't want to work in a place that's being kept in check by the threat of mutual assured destruction. It's too much tension. Bad for the blood pressure.
The employees should be working on the same team as the management--with the same goals (higher productivity and profits, and all that garbage) If the managers see this quality in an IT person, they become quite invaluable as a bridge between the tech (which they don't understand), and the money (which they want more of).
This sort of activity used to be upheld by the promise of profit-sharing (the more the company makes, the more you make, so if you save the company money, you get it back as a NICE bonus in the end). It's all but gone now, but you can use the same ideas to make yourself a truely invaluable person to the company (with a check to prove it).
Yah, I hear ya.
And Bush STILL won...pretty amazing.
Wow. There's anonymous coward techieRPh pointing out my intentional faux-pax on a particular drug. Glad to hear somebody's paying attention.
Get YOUR hand out of your ass, you insensitive CLOD!
What? Most of the people who are CEOs of major companies now did not start the company. They didn't do the work to make the company a success, or build it from the ground up. They simply took over when someone else retired, died, or was fired. In some cases, the "replacement CEO" turns out to be the completely incompetent son or grandson of the original founder!
Your team works, let's say, 8 hours that day. The offshore team works 8 hours that day. There's a time difference of 6 hours.
A new day begins in the West. Work is done for 2 hours. Then, offshore team runs into something and needs input from your team. Your team won't be available until 4 hours have passed. Offshore team tries to do something else instead, but in reality nothing gets really done if something is badly pending.
4 hours have passed since then. Your team team answers. Mails/phonecalls fly back and forth for 2 hours. The total elapsed time for the offshore team is now 2+4+2=8 hours. Offshore team goes home. The fix won't be done until the next day.
Compare this to walking to the guy next door, or calling someone in the same timezone, different city. Things would be over in 4 hours less time. 4 * number of offshore programmers * pricing offshore + 4 * number of team here * pricing here is quite a lot of money to waste.
The lesson is: outsource all development, or don't outsource at all. Or learn how to predict the future by preventing all big problems before they even happen (impossible).
A lawsuit might be in order. Sue the "consultant" for defamation of character. After all, you've just been called a "security risk", which is a pretty derogatory label for a network administrator.
Going after a former employer is likely to be a lose/lose proposition, but a third party should be a safe target.
(P.S. IANAL)
I was under the impression their stock was taking a beating because they're the worst IT outsourcing company in the history of IT consulting. They had a bad rep before Brown. Based on my personal experience with EDS, I wouldn't hire them to run a network connection to my dog house. Ask anyone in the Navy how well they like NMCI. The US Navy and 250 million taxpayers taking it up the poop deck on that one.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Until the people that provide that support decide they don't want to do it anymore and go off to another career, leaving a shortage of people to do the job. Not saying that this will happen anytime soon, it's mostly to make the point that people in power must derive their power from somewhere. Things don't happen in a vaccuum.
Karma: Frotzed (mostly due to the Frobozz Magic Karma Company)
Of course, most folks won't go for that. Most of the world lives in a constant state that the American poor couldn't tolerate. I'm wondering how much time will pass before folks start considering jobs in India, Philippines, China, or anywhere else that actually has prospects of employment.
Personally, I don't have a problem with moving overseas as long as the population in general wasn't into killing or kidnapping Americans for sport. Unfortunately, that rules out many countries that are getting the outsourced jobs.
Did you wonder why companies are outsourcing to China or other Asian countries? Mexico is too expensive.
Sometimes the Global economy thing sucks, but it looks like we must adapt one way or another. Americans/Westerners can't keep their head in the sand on this issue.
SPAM solution made easy: 1 spammer, 5 cords of rope, 5 hourses, and fireworks. Be creative.
This scenario has already played out in the medical community, where a transcriptionist held medical files for ransom under threat of disclosure for a higher wage plus a payoff.
In another company, whose name is a three letter acromyn, an audit of "security" code written in an unnamed country [cough, India, cough] was discovered to contain backdoors and monitoring exploits. This was discovered by an audit of the code, but not until an untold amount of information was possibly leaked through the exploits.
My point is that currently companies are looking to save a buck or two. Once those companies discover the cost and the exposure they have through their cost savings, they will be back.
It is all cyclical, and everything old will be new again...
Oh wow! I know you're all techies, as I am myself, but you need to get out more.
24x7x365 = 24 hours/day - 7 days/week - 365 days/year.
You can write code but not figure that out? Blows my mind!
Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?
Um, I think the number you're looking for is much closer to 20% if you're trying to compete with outsourced labor based on wages alone...
.. Outsourcing isn't all that great. I work for a company as an outsourced tech for a bank. We live in constant fear that the bank will get pissed at our company and drop our contract. So even the techs who work as outsourced techs have their problems.
---- "Excuse me. Where's the children's gun section?"
Ok so am I missing something here - this seems like a scam - go somewhere, get someone laid off and pretend to be the replacement?
I'm also curious, how did he find out that he was listed as the 'vulnerability'? Usually that sort of stuff is kept under lock and key by HR.
I sympathize but how can someone who has a good record at work be suddenly laid off for an assessment from an external company?
I COULDN'T DO MY JOB RIGHT AND I GOT FIRED!!!
/. go "BOO-HOO!" about this shit.
Shit.
The funny thing is that they ousted a bunch of other groups leaving me to clean up their feeble attempts at being sysadmin. I am not even the security person but since I admin the boxes I was always asking the security person here to scan my newly inherited boxes so I could fix them.
Now I have to listen to some dork on
I work for a maritime company as their sole designer and web app. programmer.
One of our execs went to a web design company to get a usibility review of the site,
guess whos out of a job!
Call the company and offer consulting services to help them with the transition to outsourcing.
You already know how the company works, how it can better manage its resources and become more efficient. Heck, in the process you might even convince them outsourcing == bad and get your old job back.
you mean like a STRIKE organized by a UNION?
I probably just started a flamewar.
>I'm just waiting for my moment.
And I'm sure that cheerleader from highschool is suddenly going to realize that, after all these years, she wants you.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
What was biggoted about his comment? I didn't see any slams at ethnicity, nor did he say the reason they sucked was because they were Indian. Did I miss something?
The brain would have thought about this and have already prepared to outsource the kidney functions to the liver.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
I'm not a lawyer, I'm not even American and I dont even know our own laws (but I'm sure here that would be very difficult for what I'm going to say later...) In my knowledge, here in Spain as in a lot of EU countries, the company would either a) fire you "without reason" and then you get benefits (severance pay, social security, all that), or b) use that audit as proof that you should be fired for being incompetent/bad/a risk, and you would get nothing (worse, you would get in your Social Security history that you were fired for a reason, and next employer is going to ask why)... that if you dont drag this to court, they find its a lie, etc. So, this may not apply on USA at all, but giving the more litigious enviroment there, cant you sue them? Because you have lost a job & a good reference (not like you are going to list them in your resume now; "Yes, he was the one we fired because he was a big security risk" is not a good recomendation), all for a document they made. If you are sure that what they said is a lie, and it was the reason you got fired, then you could go to court. Right? Of course, its also very possible than then nobody wants to hire you because you are actually fighting for your rights, but that would be something I would look to do if I feel this is going to "linger" over my reputation and hinder my possibilities to get a new job elsewhere. Jesus Couto F.
I would have to say it's your own damn fault.
1. Where you in the meetings with this coming? If so, you should have seen it coming. If not, you should have seen it coming.
2. Did the management of the company know who you are and why you where important to the company or did you keep yourself locked in a dark room tweaking firewall rules?
If you feel that security was important to the company and the companies management knew who was "the man" when it came to corporate security you would have been in on the outsourcing meetings and would have been able to shape the discussion.
Or...maybe you where in on the decision and didn't know it. Any managers ask how well the vendor performed a little too often lately? You should have seen it coming. A little paranoia in all things is good for a security manager. Remember 80% of security threats come from within a company. That includes stupid business decisions that would weaken the company.
People who bite the hand that feeds them usually lick the boot that kicks them
Puff.. Either kick someone's ass the first day or be someone's bitch and the jail time will fly by.
There is a company in Houston called "Check Your Six ",http://checkyoursix.com/, that is known for doing this.
//TODO: Think of witty sig statement
In advertising, much as in lawyering, it's not the incompetent ones we fear.
No excuse me, for I crave a cool, refreshing coca-cola...
What were you expecting?
Do what UF recommends, change all the passwords and don't tell anyone.
You can't defeat physics.
Yes, choose a legal option... do not endanger your future.
:) ). Does this company have only one 'Network Security Analyst'? Even a small company should have at least 2, from a contingency perspective. My financial company employer has a team of 20 on network security, though headcount of the company is under 2000. So what are the rest of your team doing? If they really only had you then they ran a poor show, and if completely outsourced (bad practice IMHO, in-house monitoring must exist at a minimum) a case can be made to monitor.
But something I'm confused is your say this was a major financial institution (well, the story seems to have been edited to remove major, but it was major on first read
Well, you have my sympathies, if this 3rd party consultant really does urge firing all staff (well, replacing staff as the security risk with a 3rd party as the security risk) and not keeping anything in-house as you suggest, then I urge you to name them, sir.
karma karma karma karma karma chameleon, you come and go, you come and go.
Now, on to the meat of it. I work at a company that provides outsourced system and network administration and occasional programming services. Here's my take on it.
The manouvers that the outsourcing company in the post made were, IMHO, bad business. Unfortunately, those are the sort of business deals that tend to separate the big, profitable shops from the smaller shops. Where I work, we've never gotten anyone fired in order to get more work, and in fact once had a significant client hire one of our employees away from us.
In general, we always try to work with a company to augment their existing staff. Working together to provide the optimum solution, instead of trying to force-feed the most profitable solution. That approach has worked well for us, resulting in a stable client list that is very happy with our work.
One of the things that we've found, however, is that we can often provide results similar to hiring a staff of two experienced admins for what it would cost to hire a very junior admin. The benefits being that we have multiple perspectives that can be used to help provide a solid solution to problems, with an average of around 15 years of industry experience each. Experienced folks tend to get more done faster, so in the few hours a day or week we help one client, we can often get as much done as a Junior person, particularly if they're the only one handling sys admin (not uncommon for a small company).
It does sound like this company acted in a way that I don't think is very honorable (selling marketing in the disguise of an audit). I'm not sure it's fair to paint all outsourcing companies with that same brush, however. Sean
Get a security clearance and try to land a job in the DoD world (actually the process is vice versa). Anyway, I don't see the DoD or other national security jobs being outsourced to an overseas company. They may still outsource some IT functions, but most likely it will be to an American company and perferrably to people with clearances. Sure the pay may not be as good and there is enough red tape to drive a person crazy, but if you want job security for the next 4-8 years, it may be one option to consider.
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
Here's a clue. That hot cheerleader from high-school is now 32, has pushed out two kids and packed on 50 lbs -- oh and probably has spend the last 15 years living in a trailer park because the former captain of the football team was too stupid to make anything of himself.
Don't ask me how I know.
Time to find another fantasy.
Get yourself in line with the darkest underground. Get some covert "operation base", some way to access the net without revealing your identity. Maybe a relay somewhere in Kongo or something alike. Then prove your company, how "much more secure" their network became because of the change. Show them how much more secure is Windows over Sun. And in a year, when their life has turned into hell and they can't access their daily mail without thrill if it's erased today or not, pay them a friendly visit and ask how are they doing with the new help. Offer to perform an unofficial 'vulnerability assessment', for free, and show them most of the holes in their system you had found. Get them to publish results of "expertise" provided by the 3rd party vendor, and offer to fix all the problems if you are back to work. For 150% of your old salary.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Comment removed based on user account deletion
A company I used to work for had 2 IT guys: the manager and the worker, and laid off the worker. Before leaving, he fired off an abusive companywide email, messed up the servers, and changed the root passwords. When management found out that the manager couldn't fix the problems, they fired him and rehired the worker, who made less money anyway. No charges, no retaliation, just business.
I always thought it was a good decision.
Comment removed based on user account deletion
I'm reminded of the old Army caveat .. "Remember, your weapon was built by the lowest bidder."
Friend (who is savvy enough to know technical bullshit when he sees it) worked in an outsourcer's call center for a while, and this is an insider's perspective: The system was deliberately set up so it is *impossible* for a phone monkey to finish a support call in the max timeframe specified by the client company. So the outsourcer gets to bill the client for excess hours, yet can blame the overage on the phone monkeys being "too slow".
One suspects this is more typical than not, given that outsourcers are in it to make themselves money, not to save you a red cent.
~REZ~ #43301. Who'd fake being me anyway?
This of course won't work in all cases, in general in order for you to not have your job replaced by cheaper labor you have to be worth the money. I.e.,
;)
* have/finish your degree
* keep up with the latest technologies (including keeping up with your certifications)
* try to keep your work experience in areas not just good for the company but also good for your career (i.e, if you are an Oracle DBA and your boss wants you to start writing Crystal Reports for a while, start looking for other employment)
*do a good job (it's amazing how many people don't)
* don't complain about stuff at work unless you have a better way and have presented it to the appropriate people who can make the changes (and even then, don't complain because you'll just sound annoying)
* be nice/easy to work with
* work a few extra hours here and there without being asked when appropriate
* when possible and without sounding arrogant, try to make your boss(es) understand the value you bring to the company
And if all that doesn't work, vote for Democrats
I work for a company who provides 'Outsourced Network Monitoring and Intrusion Detection' services. Whenever I'm doing a 'vulnerability assessment', or VA, I almost always work with the security professionals at the client site. My job is to help them do their job. The company I work for does a lot of things wrong, but (so far) they haven't pulled that one. If we've provided outsourcing to a client, it's been for something that they don't do already. Take intrusion detection (IDS) for example - most of my clients don't or can't do it effectively. So we come in and do it or them. They look good, we look good, everyone's happy. But your situation royally sucks.
;)
I would brush off the resume and start lookin'. Just don't say that you got fired for being the security risk
Not really..most pharmacies have one or two acutal (and maybe a weekend only one) pharmacists who work shifts and supervise the myriad of Pharmacy Technicians (who make around 30K where I live) who dispense the meds..
In America today you can murder land for private profit. You can leave the corpse for all to see, and nobody calls the c
You can demand to see the documents that led to your dismissal. IANAL, but from what I understand, you can sue in court once you have those documents and can shoot down the arguements, with *another* expert on your side of course.
I fully agree with this line of thinking. Deal with it and get a new job, or start your own company and BE The Man.
Everybody dies frustrated and sad and that is beautiful
But he's a very, very well paid sled dog in terms of base salary, benefits and commission; he went out and got a 32" TV and laser-corrected his eyes.
My mom works at McDonalds.. and we have a 32" TV.
Seriously though.. WAKKA WAKKA WAKKA!!
Yes, I have several friends (former employees who I originally hired as software developers) who are now in "Architect" positions that work more or less like this. You'll probably get paid more and your "skills" (okay, not that many required, but at least the perception of your skills and their value on your resume) will only increase in value as more and more shops look to outsourcing.
I know, I know, you're thinking "but I'm good at programming, I should be doing programming work". The problem is unless you are _really_ good at programming, and can effectively specialize in a very high skill niche, your job is waaay too mobile and outsource-prone. If you want to keep programming, give up on the enterprise software gunkware middleware stuff. We all know that kind of API glue-man job is easy by design - remember, Java was designed to make it easy to find programmers to do that crap. It'll always be much harder for companies to outsource business-specific skills or find large outsourcers who have niche market skills.
Wall Street analysts don't really know how a stock is going to perform. They're just guessing, though usually their guesses err on the side of optimism because they want to please the companies they are "analyzing".
This sounds like a rare exception. Maybe his original assessment was honest and his bosses leaned on him to be more friendly to a major client, or maybe some additional information came to light and he changed his mind.
Not being a lawyer, but knowing a few, plus having a few who swear by having employment lawyers, I would say that you should definitely talk to one!!
A company who chooses to terminate your employment because of research or inquiries, the results of which are not told to you, sounds quite... well illegal. Were you a regular fulltime employee? Did you sign some sort of disclaimer because you were in "security" that they coudl at any time terminate you because you could be terminated as a "security risk" ???
Get a lawyer now!
4. Once you've gotten the people who can identify any security breach fired, rape and pillage the company's records for any IP with any worth and sell it overseas.
Why do people only care about a certain "injustice" when it affects them personally? "Outsourcing" has been going on for years, if not decades, in many fields of work. Perhaps if people cared and acted upon other peoples "injustice" in the past, outsourcing in this particular industry would have never occured. It would have been apt to nip it at the bud. However, since many of us appear empatheticless towards other occupations in similar predicatments, it perhaps serves us right that our work is outsourced as well.
I wonder if I could start my own "assessment
company", walk into any big business, and
conclude that the CEOs in charge are a security
risk, and needs to be replaced by members of
my own "company", including myself.
Funny, this shit never happens to CEOs or the
other big wigs at the top
On one hand you have frightened entrenched management reacting to what they think is the best fiscal course of action. They are making decisions out of fear. They will outsource like crazy and force domestic rates for similar services to drop as a result.
What will then happen is that the supplying companies will start raising their rates as their clients become more dependent. Additionally, companies will become frightened about increased project management burdens, tying important business-critical development to minimally invested 3rd parties and decreased savings.
Even when the economy is good, we all used to laugh about Coke and IBM who both did the following: One manager gets hired, wanted to pee on every post in sight and exclaim "Oh my god! We need to get rid of these people and outsource it all. It's not our core business. We can save tons in HR costs. We'll save BIG!". Then the next person who sits in his chair comes in, wants to pee on every post in sight and exclaim "Oh my god! Do you realize how much our vendors are ripping us for? We need to bring this work in-house. We can hire the best people for a fraction of the rate their consultants/programmers/etc charge! We'll save BIG!". Rinse. Wash. Repeat.
I think there will be a great balancing out soon. As soon as people get-over the knee-jerk reaction of outsourcing, esp. to India, you'll see things settle down a bit. It's so not the cure-all that desperate managers think it is, but it does have it place.
NE QUID NIMIS
-_-
A 32" TV costs about $400 these days. Some sled dog.
Unfortunate, since in a lot of companies, the CEO is the individual who is doing the least amount of productive work.
We need to import the cost and debt structures of India into the US.
I work doing security consulting of this type. I helped a guy get himself fired simply because his response to our assessment was that security was no big deal. The credit union he worked for didn't agree and let him go. However, this was the final nail in a coffin he'd built for himself over a period of years.
I don't belive for one second you are some poor schmuck that got screwed. Sorry.
Do really dense people warp space more than others?
Unless you had a contract specifying termination conditions. I experienced a very similar situation, and after a lot of research and consultations, this is what I found:
Most employees, especially us techs, are "at-will" employees, which means that we can be fired for any reason, substantiated or not, as long as it is not descriminatory or in voliation of any federal law (such as firing someone for whistleblowing.) You could claim your ex-company violated a good-faith agreement with you, but this would take lots of time and money with a limited chance of success.
Unfortunately, that's just the way the legal system works in this country. You'd have a case if you slipped and fell on their front steps, but being thrown out on your ass after years of loyal service for bullshit reasons is just not profitable from most lawyers' prospective.
My advice to you is to view this as a chance to move on and find a better situation. And don't be too depressed, from what I've seen the job market is picking up, and outsourcing mission-critical or sensative tech jobs will probably not be a successfuly long-term trend.
Look at my karma - I'm bad, just like Michael Jackson!
Here's a clue. That hot cheerleader from high-school is now 32, has pushed out two kids and packed on 50 lbs -- oh and probably has spend the last 15 years living in a trailer park because the former captain of the football team was too stupid to make anything of himself.
Don't ask me how I know.
You couldn't quite make the cut for NFL, eh?
We have been too rich in the USA for too long, so has western Europe. What happens when trade barriers are knocked down (with agreements like NAFTA) is that everyone else in the world is allowed to share a little in the richest peice of the pie. Overpaid technology workers find their jobs going overseas or across the border, where folks are making 20-30k per year doing the same job you get paid 60-80k for. This raises the standard of living a little in countries like Mexico, Brasil, India, etc.. while the standard of living for America's middle class decreases. This really can't be stopped, and it's not really good or bad. There are some bad things about it (environmental impact caused by artificially high crop prices), and there are some good things (um, now Mexico can claim it's fair share of yuppies?). Your best bet is to look for another job like every other out of work geek, and lower you standard of living, then get used to it. It would take about 10 planets the size of earth to provide the resources for the world population if everyone on the planet consumed the amount of resources an average American does. Aw shit, we've consumed up all the brazil nuts!
TallGreen CMS hosting
Yeah and all of that extra pay over a year time adds up to what the CEO makes in a day. Whoopie.
Don't blame me; I'm never given mod points.
Now having said all that, I do often find client sites with horrible glaring problems. Indeed I recently heard that an overseas office of (A.N. multinational megacorp that you'd have heard of) actually had their entire network shutdown as a direct result of a thoroughly stinking report I gave them. They got this stinking report because they had a single W2K machine on a DSL broadband connection running (unpatched) IIS, SQL server, PC Anywhere, VNC, FTP, Exchange (yes all on one box!) and a bunch of other stuff, oh yes including all the 137, 139, 445 Windows RPC ports wide open. No firewall at all. My report basically said "this machine is so insecure that the prudent thing to do is pull it off the network and give it a thorough audit - or save some time and just reformat and rebuild from scratch, because this is absolutely the easiest low-hanging fruit that any common-or-garden kiddie could trivially own.")
The funny thing (?) is that I got 90% of that data just from a careful use of Nessus and Nmap. You do need to read the docs and experiment and be sure you know what they're telling you, but running those against your own network from the outside is well within the capabilities of any Unix-head out there and probably the majority of Slashdot readers.
Normally I'd add a disclaimer about making sure you get authorised before you do this, but to be honest if you do "-TPolite " quiet scans from your home connection it shouldn't even get noticed amongst the normal background noise that any arbitary IP gets. (of course it may be a bit embarrassing if your own testing turns up lots of holes when you go to your boss to show them the results and you DIDN'T get authorisation first...)
I'd suggest something like this (using a current Nmap or post 3.45 - -V rocks!)
$ nohup nmap -sSVR -O -P0 -v -TPolite (your-netblock-here) -o sSVR-scan.log &
And then setup Nessus, remembering to turn off DoS and other non-safe plugins, and configure the portscanners carefully, and away you go. If you can provide the same data that my employers would charge your employer several thousand pounds for, perhaps you'll get a raise instead of the sack.
Don't run these internally unless you're 100% certain that there's no IDS anywhere. Otherwise you WILL be sacked (and may have problems getting another job - you can certainly forget a reference!)
hey,wait a sec! Whose side am I on?!
Everything I needed to know about life, I learnt from Blake's Seven
I know an outsourcerer - an Indian "intrapreneur", at that. He washed his share of dishes while getting an education in the US, started a co. in Cal., and now his Europe-based MNC has some 700 Indians working on various businesses he more or less set up for the company over the years.
His comment (title) sent shivers down my spine. It's easy to become complacent, whether or not you deserve your momentarily happy lot. Cabernet, air con, plenty of card credit, aggressive recruiting, a home full of cheap tech thrills, and a long series of reasonably fat paycheck see it to that.
True, in theory everybody benefits from a wider world economy and job migration. But in practice the world economy is not that frictionless.
A lot of fat sticks to the sticky fingers of the top level haves. Don't forget that the US has income and wealth distributions that are like those of third world nations. The loss of American wage slaves is to an extent the gain of Indian wage slaves, but to a much larger extent it's the gain of both US and Indian equity holders in the various businesses involved.
That intrapreneur's comment summed up the fact that ANY well paid or even somewhat secure job in one way or the other reflects a scarcity that may or may not be sustainable.
The sources of scarcity are EXTREMELY VARIED. Scarce primary talent is just one.
You can add any sorts of restrictive practices. Some are well known (unions, cartels, monopolies, which often allow all workers in an industry to share a little bit of the spoils), others are subtler, such as limited throughput of certain types of schools, or professional certification exams that are legally or illegally throttled in some places.
Others yet are non-obvious in the Anglosphere.
I saw recruiting ads for "Swiss-speaking high-tech telemarketers" - i.e. people who speak one of the many, many local flavors of Schwitzerdutsch, the everyday language Swiss people speak when not forced to resort to "proper German" - which they also call "written German". While many people in Punjab or Karnataka learn German or French or whatever, you can bet precious few do Swiss convincingly.
That in turn poses a burden on the country needing the services. Some economists reckon that Iceland pays for its intriguing celtified-Norse language to the tune of 2% of its GDP - although virtually everybody knows English damn well there.
In the 19th century, generally bilingual Czech intellectuals discussed whether they should use Czech, German or either as their language of learning. They opted for Czech, perhaps saving their cultural independence, and creating a good deal of work for locals - which locals in the end pay for, too.
I'm afraid it's too late to ban the teaching of English or IT.
That's funny. The head cheerleader at my high school is now a high-powered attorney that is possibly more attractive now than she was back then.
She's even more out of my league than she was, and by all accounts I do very well now.
Your old boss is an idiot. If you believe in your skills, become a high priced security consultant. Live cheaply, study hard, and party the 3 out of 4 days that you're not working.
Every society strikes a balance between individualism and collectivism. We're all individuals, but we're also functional units within a larger system that keeps everyone alive.
Interesting way of phrasing that. I would phrase it as follows:
In a society, individuals most choose to specialize in order to obtain the economic benefits of specialization. This requires a degree of trust and cooperation, all of which is motivated by self-interest. Price signals efficiently allocate labor to its most productive role.
Saying that this is due to collectivism implies that people do not participate solely for selfish reasons. I don't think that is the case. Cooperation can be 100% selfish. This is a good thing.
Amazing magic tricks
I'd suggest taking a good hard look at yours skills versus your peers and make sure you measure up. Human nature being what it is, we are inclined to having a higher opinion of ourselves than that which others may hold.
Companies don't pay for 3rd party assessments unless there is some compelling, underlying reason. Most likely, the reason for your replacement is not black and white.
Make it a learning experience for you. Improve any deficiencies you may have. You'll be a better employee and person for it.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
- Look at and modify every file on the servers (changing ownership first, if necessary)
- Change anybody's password
- Shut down services at will
- Open up services and ports to the Internet, or elsewhere
- Modify firewall rules
The list could have been very long. Can you imagine the reaction of the executives when they saw that list?"Oh my god!!! That's a gaping vulnerability! Get rid of him, right now!"
Idiots
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
Shane, this sounds like a truly rotten experience. And some of the advice you have gotten here is pretty crappy too.
Before you consider taking revenge, do you think there is anyone in management or H.R. to whom you could have a conversation? The idea that management had had a sudden, abrupt reversal in their confidence in your ability and trustworthiness must be a disturbing one. Perhaps there is someone to whom you can turn to for some reassurance.
"I thought I was doing a good job. I did get a 12.5% merit increase in pay. But the secrecy around how my employment was terminated is disturbing. Is there something in the security report that will cause the firm to give future employers a less than enthusiastic endorsement of my skills? I'd like to know this."
You don't absolutely know the outside consultant's slagged your performance or trustworthiness. And, if I read your account correctly, you don't know that your former employers turned around and hired the consulting firm to replace you.
Good luck.
i went out and got blade-corrected eyes and a 50 inch tv!
after such a botched surgery, it was all i could comfortably watch!
and i'm STILL a network admin! YAY!
But that doesn't change the fact that some professional classes have inordinate and inappropriate amounts of power and influence. I'm thinking mainly about lawyers and the legal professional in general. Lawyers have managed to write themselves into the heart of modern society. The proliferation of frivolous lawsuits attests to this (eg SCO). Nobody is safe from a potential lawsuit. Even dogs need a legal team these days.
And at the end of the day, whoever wins or loses, the lawyers gets paid. Paid very well indeed. And the exorbitant price of justice has made it impossible for innocent but poor defendants to get justice. If you don't have money, you're screwed. Many public "defenders" simply sleep through the trials. Even when their clients are facing death row.
But what do you expect from people who can interpret the law how they choose - basically, being able to write the rules to suit them. Of course they're going to award themselves and their clients money. Of course they're going to make rulings about intellectual property rights even when they don't know anything about the intellectual property itself - especially when it's software. It truly makes you sick.
You haven't provided enough details here, but have you been willing to accept that you might actually *be* the security risk?
How well did you cross-train? Did you make sure that you didn't have access to everything? For major changes, was your infrastructure setup to require multiple people?
Technicians are usually lousy at security - And consistantly fail to see that they might *themselves* be a major problem.
>he went out and got a 32" TV and laser-corrected his eyes.
Wow, amazing!! I've been wanting a 32" TV all my life! Are you Amish or something?
...Is having to write the statement of work for a software project to be outsourced. And I'm a computer science major. Hired as a "software engineer". Who doesn't write software.
Needless to day, I hate it.
There are only 10 kinds of people in this world... those who understand binary and those who don't
I used to work with PriceWaterhouseCoopers where I performed network security auditing. While I worked there, we NEVER did anything like what's reported in the article. We reported things like unpatched systems, firewall holes and often showed how our clients' networks were vulnerable to various threats, but never did we label our clients' network operators as primary risks. -Kevin
Careful, man. You have to be more specific, you don't want ALL Florida's financial institutions cracked, don't you?
Quite right. It's easy to find/replace bit twiddlers. And if all us bit twiddlers united and took power, we'd screw it up because we don't know how to wield the power. Maybe CEO stupidity is the way to handle being in power. The mind shuts down...
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Ich bein ein berliner - John F. Kennedy.
Wikileaks, no DNS
That's right. I just sit down, use my unemployement check to get some narcotics and watch it all burn to hell.
Money ain't for much except for lots of bitches and lots of drugs. -- Jay
If you're going to hand me $36M, you can tell me whatever you want.
In all matters of opinion, our adversaries are insane. -Oscar Wilde
- let you review and refute the security claims
- moved you to some other position
What would really nail it for me would be if on top of this, your old company actually paid for the security review in the first place."The more you know the less you understand" - Tao Te Ching
Average Intelligence is a Scary Thing
Now that's unfair. We hear about the exceptions to the rule, not the rule itself. In every company I worked for, cept one, every ceo worked quite hard.. even if a few failed.
--
"I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo
in our industry you have to assume that any time your boss's boss arranges mandatory meetings with everyone in a group, department, or the company - it's because they're looking for dead weight.
most of the time there's nothing you can do about it, because they already -know- what you're doing, whether your manager says you do it well or not (their likely not going to trust your self-evaluation), and whether they're going to fire everyone.
They're just trying to cover their bases incase there is something unexpected.
Eg.
if they're cutting half a department they'll want to have some sort of idea whether your boss picked the desireable half to retain, or was playing favorites. (keep in mind 'desireable' often weights price over performance in such cuts)
or if they accidentally managed to plan on retaining only the two guys who -really- don't get along.
or if they're cutting an entire project they probably want to be sure that it doesn't turn out that a key employee was -actually- spending most of his time doing lucrative support work for legacy apps only he knows, despite being officially assigned to only this project being cut.
That being said no hatchet job will ever -start- with honesty. not officially anyway, there may be a leak, particularly if the manager is also getting canned, but they won't tell everyone.
The danger from under communication from every former employee is perceived as much greater than the danger of confrontation from one employee.
things like network sabotage, industrial espionage, etc are hard to pull off on short notice and easy to watch for on the fateful 'last day'.
But if you've got a head's-up that you're being downsourced in 2 months, you could much more likely find the time to cause problems, a buyer for a client list, or cause problems amongst remaining employees by publicizing salaries and such.
It makes sense as a default policy, but like you, i would hope they would trust IT employees to be professional about the situation, as higher-up HR and Accounting would be (trusted and professional).
// "Can't clowns and pirates just -try- to get along?"
>That hot cheerleader from high-school is now 32, has pushed out two kids and packed on 50 lbs -- oh and probably has spend the last 15 years living in a trailer park because the former captain of the football team was too stupid to make anything of himself.
>Time to find another fantasy.
Dude, that IS my fantasy. All I need is to deliver pizza to her and cue the pr0n music!
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Now, even if you think you are creme de la creme, you are uber hacker dude, you are the top 0.001% of the IT population, you can still be replaced by one of 0.001 * 250,000 = 250 Indian prgrammers.
.00001
Uh, 0.001% =
So, you're saying there are 2.5 Indian programmers for 1 American programmer in terms of relative ability for their own population.
Why is it that life in India is so much cheaper than life here? A house in India, I am sure, is far cheaper than a house here. That is a huge reason as to why we Americans are less cost-effective to hire compared to them.
My boss looked at the lack of productivity and concluded there was a lack of aptitude. That hurt. It was a lack of dilligence that got me fired, not sk33lz! But he wasn't clueful enough to know. I have since made sure that, in addition to hitting /. I get some serious mojo done.
Doesn't apply to this guy's situation. His situation sucks. I agree that the willingness not to share the results from the get-go indicates a setup. But why the raise 2 months prior?
I secretly think also that "let them rot and die" is the reasonable (and legal) solution.
I am too much of a dreamer. I was thinking about justice, what a fool!
I liked that joke "Bush won anyway", I think it is relevant here. We all play the same game, but for some people the rules are different.
Ok, I should try not to go off-topic, and it is getting difficult. Let's separate business and social matter, they are two different things. And here we are talking about a guy who got stabbed in the back by his company, that is completely normal business behavior, no need for long speeches, take it or leave it (Damn my english is not good but I like that expression, some kind of life motto).
At the end, if you want to go on, you have to accept the fact the your company can stab you in the back, because it is the way the system works, no?
Yeah, go on, at the end your work is all that matters.
People used to brawl out their differences.
So people banded together. THey called them gangs. Go watch gangs of New York. Tell me if that is how you want to live. Or in the days before The U.S.A split of from the U.K. look at how every major (present day) democracy in the world treated its own citizens. There was a reason the French started axing their own Aristocrats.
Yes, it is still about money and power. But lawyers and insurance firms are a vast improvment over roving gangs with knives and clubs.
It ain't perfect, but it is an improvement.
Open Source Identity Management: FreeIPA.org
Haha, exactly my point!
Exactly what I was thinking.
Here in Canada, you also can't get fired on the spot (well, not for this). You have to receive at least a verbal warning and/or a written warning first, outlining what it is you are doing wrong.
I don't know what the laws in the US are (or even if you are in the US), but you might want to check with a lawyer. A quick consult shouldn't cost you much, if anything.
Tuus crepidae innexilis sunt.
This assumes hes being on the level
While geeks are smart they dont know the law. If this new company wrongly accused him of incompetence or negligence he has have every right to sue them. The sooner the better..... He doesnt sue his employer thats bad for future employment. He sues this third party and then subpoenas exactly what they told his employer about him.
In addition to libel, and defmation there is also tortious interference with business relation(ie your employment with this company)
Id say he needs to consult with a lawyer
Unfortantely, the Bay Area while being a great place to live in terms of weather, cultural niceities, and raw physical beauty, is really too expensive to live in.
Santa Clara County is more expensive on a price per square foot than New York, Boston, and San Francisco...and you're living is a sh?tty suburban tract wasteland.
I can kind of see why really dense urban cities would be so expensive. There's only so much land in the area and things have built up. You don't need a car to get around, there's lots of different things to do, etc.
But Santa Clara is completely dependent on cars, San Jose can't redevelop downtown as long as it's in the flightpath of the airport, and all the cool stuff is up in SF.
If you're gonna live in soul crushing suburbian hell, which are all the same no matter where you are, why do it there?
My take on it is that people thing it's so great because the prices have inflated so much. After a couple years of home ownership, you build up a bunch of equity and figure it must be because it's such a great place to live...but it really just because it's been a boom town since the IC wave in the late 60s so prices are jacked.
I've known some folks who've cashed out of their Santa Clara houses and bought homes outright in Oregon, Colorado, and Texas. After a while they all come to the same conclusion that maybe the world doesn't end at Mount Hamilton...
Don't get bitter, it is not good for the health. All ways keep your bridges open because you never know. If I were you I would go to the executive/manager and simply say "even though you might think outsource your network security, I respectfully disagree and here is why." Point out what the potential problems they will face with this new company and simply tell them that your services will be available to them as a contractor. Walk away with your dignity and their respect and you'll probably get a call from them if they ever need you. Of course next time they call, you'll be pulling the strings. In the mean time collect your unemployment check and look for new job. Maybe it is time to start a new hobby or learn something new and expand your horizons.
-----
One is born into aristocracy, but mediocrity can only be achieved through hard work.
I've been downsized and also worked as part of a team of consultants brought in to help a company outsource most of their IT needs so I think I can tell you a bit of what goes on when you see "the consultants" show up.
What a consulting firm is supposed to do (discover problem, suggest solutions) and what the consultants really do (stay for a long time, find ways hire friends) are two different things.
Even if the consultants are honest and full of good intentions you will most likely find yourself either having to justify your job or released from employment. Think about this from the consultant's point of view. "Who has the best solution to any problem? The guys I work and partner with! Who is a wildcard? The guys I don't know! Why that guy sitting next to the server room could destroy the whole company!"
Of course if the consultants aren't honest the situation is even worse.
When you see the consultants show up, don't panic. However don't ignore them either. This is the time when you get your resume updated and call friends with similar jobs "just to see if they heard of anything". Ask people you trust (who don't work with you) about recruiters they like. Compile a list of people who can help you if you find a new job fast.
The consultants might not effect you, but just in case view the situation as if your boss just told you that you have a 6 week warning before you're let go. Trust your gut (for lack of a better term) if you feel up against a wall then you probably are.
Now wait, do everything as you normally would. If the consultants leave and nothing happens you now have a updated resume (which you should have anyway). If you are let go, be pleasant thank everyone for the experience if you think you can get away with it ask for some kind of severance package (or if they could do better if you were offered one). Clean out your desk and never look back.
When punk rock is outlawed, only outlaws will have punk rock.
please tell me, what did he do to jump start Apple? He got $24M to pay off his previous retirement benefits, $5M in pay, and at least $3M in severance for 500 days of putting Apple in the toilet. Oh, and he got to write a book about how none of it was his fault.
GA got lots of money for doing none of the things that in theory allow a CEO to earn extraordinary pay. Unfortunately, he doesn't seem atypical.
Not so easy to replace if you're the only one with the root passwords. But I take your point.
they made him WRITE CODE that would track what he did in the event he decided to do something unauthorized.
That's kind of like IBM having Microsoft write the OS designed to kill Microsoft's product; we all saw how that turned out...
Why the hell would I trust you to write the code to track what you are doing? Wouldn't you know what to do to get around that tracking system, if you really wanted to do something?
It's okay.
Especially since they've probably done this lots of times, and they'd have little idea who you are.
I'm an employer, not a lawyer, so check with a lawyer to see if what I say is correct, but I believe it is.
;)
If your employer told you (or better yet, put it in writing) that you were fired because you were a security risk, then you may be able to sue. Here is why:
You can be fired for making false statements on an employment application. No matter why you were fired, if you lie on your application your case is lost. So, when filling out future employment applications for the position of security admin you must say you were fired from your last job because they thought you were a security risk. Of course no one will hire you. Get any of them (but perferably four or more) to put in writing you were not hired because your application says you were fired for being a security risk.
Now sue your previous employer and the security company for $10,000,000. Even if your employment was "at will" you can still sue in this instance because they have effected your future employability by claiming your were a security risk. If you are lucky, the security company put in writing (very stupid) that you were a security risk but it isn't necessary that they did so. People frequently win this type of case. Lesson to employers - "NEVER TELL SOMEONE WHY THEY ARE BEING FIRED".
There is only one catch. If you have bad credit then that is proof you are a security risk. You could still win (think jury trial), but it would be harder.
Have fun, be American
So why not just 24x365?
Why does the number of days in a week matter if you're just going to extend to the number of days in a year?
Sue your former employer, and the company that labelled you a "security risk". You've got a cause of action for wrongful termination against one, and slander and defamation against the other.
Seriously, don't just take it lying down.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
You polish off your resume, highlight your successes at the last job (you've done a great job of that in this posting here), and sell yourself to the next company.
Once you get to that next company, see that you give small (no more than 1 paragraph), regular (weekly, semimonthly, monthly) "status reports" that detail your accomplishments each month, so that the PHB's SEE what you've done for them, the value you've generated, and are constantly reminded of what you've done for them.
Continue until next layoff.
Repeat until retirement.
And above all, don't take it personally. It's hard for geeks to do so, but a professional detachment is a must.
Good luck on your job search!
He had the keys to the kingdom. But someone has to or the job just cannot be done! I manage the network here where I work. I have made this very clear to my bosses (who own the company):
"Do you trust me? If not, I will leave right now. There are three people you do not lie to; your doctor, your lawyer and your network administrator!"
What is truly stupid about this company is that they are willing to trust an outside contractor and whoever they choose to hire more than an internal employee.
Look at this way; most of the worst network disasters I have personally heard of had to do with disgruntled employees. With a contractor, they have no control over how the employees are treated, thus no control over whether they will be disgruntled or not. But that contractor and its employees sure as hell has the passwords and ultimate control of the company's network and, more importantly, sensitive data.
I wouldn't worry about being fired from this job. They are bound to fail!
Having been a union grunt myself, and having been one for awhile. These jobs do exist here, the problem is not the unions so much as compaines looking for the most and best way to make as much profit as they can. If a company can make as much profit as they can they *will* run to wherever the labor is cheaper, and are not restricted by enviromental and control laws. Look at NAFTA and see exactly what happened, shops were unionized and things were good and fine. NAFTA came into effect compaines saw the chance to make greater profits and took it. Moved plants to Mexico, now you move 10 years down the road and what do you have?
Hello Clinton-Chinese-expansion & labor exploitation, the auto industry operating in China, now the Mexicans complaining that they can't compete with 'cheap' chinese labor as well with enviromental/labor/and control laws. So the process repeats itself.
It's not unions, it's corporate greed.
Om, nomnomnom...
"Just don't say that you got fired for being the security risk" brings to mind another problem, which is one of the dreaded "bad" reference.
In this particular scenario (I'm no lawyer), wouldn't it be true to say he was "fired for cause"? When asked the question why he left his last place of employment, he'd almost certainly have to answer honestly because when his former employer is called (and most certainly will be...especially if not listed on references), and asked the question, "Could this person work there again", there answer would have to be, "No".
Of course (I remind you, I'm no lawyer), I also believe that if you are fired for cause, you have a right to see the documentation associated with the decision. Failure to produce that information (granted that it will be used against you for the remainder of your career), if not illegal, is just plain mean.
Actually, that statement is a little untrue from two angles.
1) Shareholders and shareholder agreements do have clauses for removing CEOs.
2) If a significant amount of unemployment in IT crops up, it's quite likely they will work on some project just for something to do. So, this security guy that lost his job, might find a band of other people that have lost their jobs, and join to form their own security company to discredit the first, and take their business.
What if 10% of the people who's job was shipped to India by MS actually work on other projects. The end result is MS's move to India actually had a hidden cost in competition. The question is, how much business do the people take away from MS with their competing projects vs how much MS cuts by moving to India. Immediate gains will be much greater than the long term. Linux doesn't need many more man hours of skilled labor to cause MS harm. This isn't true for just MS, but any company that ships overseas, they leave people unemployed that know how to do a portion of the work that company does.
Also, consider it's not terribly hard for IT people to make a living just by running a computer shop. Hell, even if IT people work at Wal-Mart, they'll be taking some of their frustration out in code.
I've never seen it a wise decision for any company to ship jobs overseas. Forming new companies and devisions overseas is great, but cutting workforce that already knows what they need to be doing is the stupidest idea I've ever heard. As soon as you train these Indian workers, they become more valuable, and thus you have to pay them more (maybe not significantly, but you do). Also, you are driving up labor costs in India via supply and demand. There are WAY to many variables to make that a justified risk. I'm all for expansion, new contracts, etc. taking the cheapest route at the time, but this is just madness so someone can line their wallets with probable kick-backs from Indian CEO's/government. 4-5 people loosing their job from the same company is enough to cause competition. There are successful businesses today that are spinoffs of companies where the employees quit to form their own company, then the parent company had to compete with them. That's why they try to put non-compete clauses that outlast work duration in employment contracts.
Karma Clown
I will assume you are in the US, in which case a third party, such as the government or someone waving wads of cash around, has set some specific requirements for personnel working on their products. For some reason you didn't meet them. You do have a reasonable "right" to find out what specifically was the issue - was it citizenship? was it political affiliation? was it all those nights you've been downloading pr0n? Your employer should have made an effort to find you alternate work within the organization. If they didn't even try, then you might be able to make a case for wrongful dismissal. However, if they did try, or such an option simply is not feasible (and this is what it sounds like, how can you be an effective SysAdm when you can't access huge chunks of the network?), then they are within their legal bounds to let you go.
Because the overseas costs can be as low as 10% of the cost of a US developer, even when that US developer is working from home. Its still a lower cost.
Python
And all supported on the very fragile position of actually possesing an IT job in the US in 2003. The chances of him being fired in the next year are so great that he might as well be unemployed already. How to describe such a richly absurd perspective? Feet of clay, chickenhead, corporate sycopant....imbecile?
Another point: yes, all admins are inherantly a security risk, because they have access to the system. But they are a managed risk (like they all should be), in that the company has history with this person, and there is most likely no wrong-doing in his record. What I view as a greater risk is outsourcing to a company- in this case, how can you manage the risk of a 3rd party outside your control? Answer- you cant.
So from just a risk-management viewpoint, the company has assumed MORE risk by outsourcing their security.
Manipulate the moderator system! Mod someone as "overrated" today.
You're off in theory-land, evaluating could-bes and possibilities for a mass revolt by shareholders and the entire industry against outsourcing to India.
Back here in reality, the original poster is correct in saying that this particular security guy is completely unable to get rid of his CEO.
24x7x365 = 24 hours/day - 7 days/week - 365 days/year.
Hate to burst your bubble, but your units are way off -- hours*days/week*years?. I think that you mean 24x7x52. Let me spell that out for you, since you are obviously in management:
24 hours/day * 7 days/week * 52 weeks/year = Total hours/year.
You can write code but not figure that out? Blows my mind!
You were corrected once and still came back with the wrong answer (and a personally jibe to boot)? Not only are you in management, but you are on the fast track to upper management.
-- The Genesis project? What's that?
If that's possible then yes, he should sue. It might be extremely difficult however.
I have some experience in this as I was fired as a security risk. The cause? I installed a firewall on my PC. The formal letter stated that this could interfere with their network firewall (a Cisco box that was very over-the-top for a small development company of twenty people).
Of course that wasn't the real reason. It was the refusal to work unpaid overtime and perhaps a tendancy to correct my boss that got me out. However, how do I go about getting this fixed in court? No matter how expert I am in IT (and I am quite expert), they can through an 'expert' back at me in court, and how will a judge know the difference.
And aside from that, what would be the charge? I'd already resigned and was working out my notice. The sole result is that any reference from my former employer now states that I was fired for 'Gross Misconduct.' The burden is on me to convince people that it wasn't fair.
A very nasty situation all round.
I wish the poster good luck if he finds a way to sue, but beware of getting into a credentials battle with various "experts," because most courts wont be able to assess your case on the basis of technical details.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Absolutely True! It's the hardest thing to do at the time not to strike back, but I've been asked to return to mis-managed projects that I started on several occasions. Geeks tend to be one of society's less-agressive (at least on the surface) types.
Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay?
My entire team of systems administrators work at home for 100% pay. In fact, we're a bit of pioneers in this regard, but we've been on this track for a year now. Maybe 1% work from office. If we get just as much work done, and we're highly available, why not? And the company does acknowledge the money saved in office space. And that we're more able to work during sick time. Mind you, this isn't company policy, but a pocket within a very large company.
Part of what we do, as a team, is to emphasise the benefits of having American employees. Good relationships with our customers. We question things that are given to us and not just blindly follow orders. We collaborate to build best of breed policies and designs.
I personally think that Americans in fear of outsourcing are missing the boat. They shouldn't become more like their foreign cousins. They should embrace and accentuate their own cultural strengths (which they themselves may not even understand).
Stay American, and become Ultra-American. A cultural change is an important part of that, but I enjoy being part of an environment where there isn't danger in speaking out... in fact, the danger is in NOT speaking out!
There's a policy that doesn't make sense? Talk about it. A subject which is difficult to talk about? Acknowledge it is a difficult subject, and give it a try. Someone posts a document to the group? Read it, critique it, and add to it.
I think that an ultra-American can beat outsourcing becaue you're no longer comparing apples to oranges. Foreigners have a much tougher time questioning 'authority', even after assertiveness training. We can produce a different intellectual product which exceeds the value of what they produce.
Genericizing is fine for a mass-mailing, but when you're job-seeking, you'll have much better luck if you customize at least your cover letter and your objective to match the job you're applying for.
don't forget there're geek's in the outsourced land here as well. hate to take away your jobs, but our farmers're losing theirs thanks to your subsidies, so guess its the way it all works. dunno how to console you though... get creative/entrepreneurial, its what the us is best at.
go work for the outsource company or a outsource company
If you have done a good job of securing everything, then you may be the weakest link. You maybe a very strong link, and the everything else is just stronger. Sorry to rain on your libel suit parade.
24x7x365 -1 Redundant.
Many large instititions would rather not know about problems, because the biggest problems require actual effort to fix.
Clear-headed self-examination and constructive criticism are seldom encouraged. Nobody is praised for fixing a problem, because the implication is that the problem was their fault too, or the fault of someone higher up who's disfavor is too risky.
This leads to a management structure that's too concerned with avoiding blame and grabbing credit to rationally assess the results of their efforts. Efforts become unfocused, fixes are driven down to the lowest level where they're least effective, and people who are innovative or proactive are punished or ignored rather than rewarded.
With luck the company sees the problem and changes, or else it dies.
I don't know of anyone out and out fired but the scam seems to be - do a vuln assessment/pen test/whatever, then sell their great outsourced security/firewall/ids/all of the above. What gets me is this - sure these companies probably have some competent (notice I didn't say great or good) engineers - BUT - does anybody really think that the guy looking at the IDS console at 4am is really a highly trained security engineer? Not in my experience. Also, risk of disgruntled employees at these places is very real - think about it - any number of people may know your passwords, be able to access your IDS/firewalls, etc. What is their security like, hmmm?
Revenge isn't fun unless you do it yourself.
For instance, even someone dying isn't necessarily good revenge depending on the time. Everyone dies eventually. But if you didn't kill them, how is it satisfying?
If however, you slit someone's throat right then and there...
Go for a small business clients/employers. People without the resources to outsource. Give the small business owners the hand holding that Bangalore can't provide. At least that is my plan
But if you have bills to pay, and live in an uncertain economy: a paycheck might be better than no paycheck.
It's all about the choice, and if you are a good worker, why should you not have that choice?
For the sake of all that is funny, mod this parent up.
Eat recycled food - it's good for the environment, and OK for you.
and the lesson is ... If employee morale is rock bottom, there's generally a damn good reason at the top. Look for a job elsewhere before its too late.
As for offering to work from home in place of outsourcing? Are you nutz You would just be proving that womeone could do the job remotely ... ie in some place that is beyond even the third world. Lets face it, India and China are now complaning about jobs being ousoureced. Obviously the work is being done by krrgs from the planet Zog.
Sent from my ASR33 using ASCII
That was a risky play. Don't try this at home kids, you could end up with legal problems. Criminal and civil.
You might be able to get retraining through the Trade Act. There is a clause that if a company outsources jobs, they have to pay for retraining, two years worth including unemployment benefits in most cases.
The catch is that no one will tell you how to apply. A friend of mine did get the money.
First you can find the form online, I'm not clear how, I've lost the link. It requires either three people to sign asserting they they were laid off and their jobs went overseas, or an officer of the company to sign.
After you send the form in, they'll wait a couple of months and return it with something you did wrong. No one will tell you the rules for filling it out, you have to guess. Just what you did wrong.
I have found one of the rules, everyone who signs must be on unemployment and must have been laid off within the past 12 months.
Companies are well versed in ways to hide their tracks. I thought my case was trivially obvious, the Feds came back and said my job didn't go overseas. They wouldn't explain their reasoning, I just don't see how it is possible. I was doing QA one day, the next I was laid off and overseas workers were doing the same job. I don't get it.
If I find the link, I'll post it.
Best of luck!
Well maybe some of these libetarians should find out what Adam Smith was really about. His model of capitalism is based in an agrarian society with independent artisans and traders. His idea of a free market is exactly that - where everyone has equal access to market and equal information.
Equal and Free are not the same thing. A free market is one in which individuals are not prohibited from taking action based on their own personal information, opinion and resources. "Equal access to market and equal information" flies in the face of a Free market because in order to make everything equal, you have to take from some in order to give to others.
Without inequalities in the market, there would be no oppertunity for profit, and no motivation for anyone to do anything. Adam Smith was most certianly not talking about an "equal" market. That is much closer to Marx's notion of "From each according to his abilities, To each according to his needs". And if you want to know why that is bad, follow the link in my signature...
First off, sorry to hear you lost your job. The economy is biting a lot of folks in the ass.
Second, see if you can get an assessment of the nature of the security risk. They are probably show you as a "single point of failure" (ie. exploitable either financially or otherwise).
Third, write a counter proposal to the security consultant's assessment. Be sure to include any achievements, successes, etc. that your time there. It may be too late for this one.
I think that being a "security risk" is only part of the reason you got. Office politics and the economy being what they are, you need to constantly sell yourself to your manager and show the benefits of having someone like you around. Lots of geeks are really terrible about the interpersonal skills and with a title of "Network Security Analyst," you're ripe for being downsized. You're only visable and important to them when they get attacked. They don't alwasys know or understand what you're doing in the background. It's up to you to sell yourself and keep your supervisors and managers up to date on what tasks you are performing and how that benefits the company. Without it, you're just a guy taking up a high salary for doing nothing.
Forget revenge. Forget the other company. Leave your number with your manager and ask if you can use him as a reference. See if you can improve your skills between jobs.
Remember this experience and build on it.
Best of luck.
"I may be Love's bitch, but at least I'm man enough to admit it."
and file for unfair dismissal. That should increase your settlement significantly...
It might be a bad idea in the long run, I don't know. It's why I was asking, and hoping would be, or existing managers could tell me the flaw in my logic. IT salaries, with the current trend in outsourcing, may have to start dropping to keep up, anyways. What really are the advantages to an American company that outsources their code, vs one that keeps American workers working for a decent wage? I'm not talking about perceived advantages, but real advantages that can be shown, both on paper and in practice?
At least know the terminology if you're gonna insult someone.
Remember companies are going overseas to continue their accounting malpractices, at overseas the goverment can't do shoot on checking the books, when some CEOS appeared hadcuffed on TV that sent a red alert to the rest and overseas outsourcing was the answer, also you have to add the unnecesary travels to "check the status" of the projects plus the benefits. Overseas is not a bad idea after all.
Want to do something... just boycot those companies, sounds difficult but since the fall of the roman empire nothing is impossible.
Remember to keep your eyes on the ball.
Why not contact the managers and ask them if you hack their system? If you can break them, get your job back. If the outsourced security is actually more secure you'll be out o' luck.
What I think is ironic is that when I was looking at this article asking how people are coping with the knowledge that they can loose their jobs to overseas outsourcing, the banner ad on the page was for improving your outsourcing overseas.
-- I ignore anonymous replies to my comments and postings.
No one ever asked for "ultimate control over our society". Just asking "don't treat us like shit, 'k?" Is that alright?
If I could moderate your comment above 5, I'd like to see it as at least a 7 just because it does describe a very real and important aspect of society.
The problem is, what you're talking about isn't the same thing as the issue at hand. The issue isn't society as a whole which is subdivided into groups that do tasks but the actual subdivision that's made up a variety of different actors.
Now, the original poster didn't specifically state what the company he worked for does, so it's not clear (though it's probably unlikely) if he's part of the pool of talented people which make up a subdivision. In most democratic societies, these subdivisions are called companies of an industry. Members of a subdivision often are centralized into a few specific companies, but over time most every company ends up needing at least one member of a subdivision to have a knowledge person of a trade to advise and guide them when interacting with the industry from which they come.
Now, subdivisions include things like craftsman, artists, and resource cultivators for the most part which produce "tangible" goods that are the foundation of trade which is the foundation of how our capitalistic society functions. The problem is that lawyers and management, ie the "ruling class", don't have any real part directly in the production of any good.
Instead, lawyers provide the glue to interact with the outer society from a legal standpoint and management is there to interact with other businesses and to generally lead a company in some direction for an industry. A large problem comes in, though, that management often seems so distant from the actual subdivision they represent that they will often make rather incompetent mistakes.
Upper management of most conglomerate companies in fact are more or less forced into this situation. While each smaller division of the company may be competent in the subdivision they represent, the lead management has only the distant and possibly unequal represented lower managers to rely upon for advice on guiding the company. In such a position, any reasonable competent manager person could take their place without any noticable effect, especially given that such a position in management is often based enormously on deligation of responsibilities.
The very lowest class of skilled workers at the bottom, however, as a whole are not easily replacable. It is true, obviously, that at such a position individuals are easily replaced. This fact is the core foundation for the production of unions to allow the skill labor to not be easily replaced under management which is totally divorced from producing actual products that reasonable ensure the continued existence of jobs.
Given that the individual sounded like a network guide more than anything else, I'm lead to believe he was part of the branched computer networking industry that exists in most companies. In that position, he is easily replacable. At the same time, wounded a member of the respected networking industry could have as serious repercussions as illy firing a lawyer without just backing. The next serious step is for the computer networking subdivision to network to form allies of trust from which to probably black list irresponsible companies.
Eurohacker European paranoia, gun rights, and h
I know of 3 people that have done just that and only one of them has a job, after a 6 month unpaid "internship"
Pharmacy jobs are also being outsourced to India/China! Quite simple to fill pill bottles in another country and ship the drugs via FedEx.
get rid of current employees and replace them with outsourced wage-slaves who will work for a fraction of the salary the terminated employee would have.
:)
Of course the managers went with it, because it saved them money by getting rid of you and contracting out to them. Let us see them try to contain the next Welcha worm from a remote loction.
I decided to stop fighting them and join them, so I am taking business management in college. IT jobs are going away, but management jobs remain. I'll be the Anti-PHB, the computer geek turned manager.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
A 32" TV? Like this one? Sho' nuff--pimpin' ain't easy!
(Kind of missed out on the dot-com thing, didn't we?
Cooks and Janitors work while I sleep in late and work at home and often while I'm trying to stagger back to my expensive apartment in the wee hours of the morning.
The non-food and janitorial types need to understand where sustenance power resides!
Form a Union, go on strike. Watch as managers outsource all IT to another country. Then we can stay at home and watch cartoons, surf the net, until our unemployment runs out. :)
:)
There ought to be an IT walkout day, all IT staff takes a sick day on the same day and turns off their pagers and cell phones and unplugs their phones at home. Also don't check email that day. Let the managers handle anything. Be sure to shut down the servers and change the administration passwords before you leave the day prior to this day.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Come on, who amoung us would to the same amount of work we are currently doing for half, or even 20% of what we currently make for the same person?
autopr0n is like, down and stuff.
Promotheus did something unethical.
He stole. Stole fire from the gods don't cha know.
For his reward he got chained to a rock to have a vulture eat his liver out of his chest every day for the rest of eternity.
We don't have to get into discussions of ethicaly and morally chalenged bosses. Its plain to see that the way corporate ethics, meaning the ethics of someone who is not personally involved in the drama that s/he is causing, but is only working for some outfit or other, have ALWAYS worked whistle-blowers get the shaft.
If you're going to blow the whistle, don't get caught. If you're not clever enough, go elwewhere.
You'll have to go anyway. Might as well do it without a cloud over your head that garantees that you'll be living out of a cardboard box under a high-way overpass.
Phillip Morris claims that nobody knows what causes cancer. How nice of them to play Russian Roulette with their customer's lives.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
If there are 1000 people willing to do the same for less then you are overpaid. You'll be crazy not to offer more for the same, accept less or move to a less saturated market.
IANAL but write like a drunk one.
Comment removed based on user account deletion
[Please sign here]
Comment removed based on user account deletion
Isn't this against the law? you're not receiving equal treatment as other employees, and that is because you were 'labeled'. First off, they can't fire you because you're a "security risk" to the security they have. Hell, you worked there before they got that security, what changes your loyalty to the company now? Seems to me that this is no different than getting fired for race.
1. Read the The Art of Deception by Kevin Mitnick, and
2. in the process learn how to social engineer your way through your former employers' new security
3. prove 3rd party company network security is even more flawed!
[Please sign here]
I am merely referring to the fact that most of the firms who indulge in outsourcing are plainly jumping on the bandwagon with nary a thought about its implications in the long run. And hence outsourcing isnt here to stay, it will blow over very soon when firms and managers realize that it makes more sense to have the team onsite rather than having someone do most of the work at night when you arent around to manage.
Outsourcing is not always a bad idea. I have been on both sides of the transaction several times. Outsourcing can be enormously valuable when it prevents taking your own valuable in-house resources off of something they've been thinking about every day for weeks and putting them on something completely different.
Outsourcing is not going to go away. It is going to reach an equilibrium. Some things should be done in house. Some can be efficiently outsourced. The companies that thrive are going to be the ones that can see the difference.
Comment removed based on user account deletion
I know what you mean. My kidneys keep screaming "more beer! more beer!" and my poor brain simply has no choice but to comply.
> Before leaving, he fired off an abusive companywide email, messed up the servers, and changed the root passwords.
That cocksucker is a major liability, and not someone I'd want working on my network. What if I had a legit reason for firing him, say he installs WinXP on my Linux cluster, then I gotta worry about passwords and e-mails, etc.
Can I get an eye poke?
Dog House Forum
Comment removed based on user account deletion
For those of you jumping on this particular point. Outsourcing just means moving the task out of the company to a contractor of some sort.
Doesn't make this guy any less screwed and it does sound like a serious pooch job for him. Of course, just like any management consulting review of services, nothing will be done which will (a) bother the people who hired the consulting or (b) avoid a chance for follow-on upsell of the services of the consulting company.
Point and Counterpoint: The Tick - "Spoon!" Neo - "There is no spoon."
Suicide seems like a good bet.
That was classic intercourse!
His employer appears to have been Voxeo
. com/msg01747.html
link: http://www.voxeo.com/
source: http://www.mail-archive.com/cf-jobs@houseoffusion
In the US anything which might undermine or unduly burden the State Religion (capitalism) tends to be swept under. So although our friend should certainly sue for slander and libel he should not hold his breath for a just resolution. Of the people, by the people, and for the people are just cheap words here in Americorp.
-- thinkyhead software and media
1 Corinthians 12 (NIV)
14Now the body is not made up of one part but of many. 15If the foot should say, "Because I am not a hand, I do not belong to the body," it would not for that reason cease to be part of the body. 16And if the ear should say, "Because I am not an eye, I do not belong to the body," it would not for that reason cease to be part of the body. 17If the whole body were an eye, where would the sense of hearing be? If the whole body were an ear, where would the sense of smell be? 18But in fact God has arranged the parts in the body, every one of them, just as he wanted them to be. 19If they were all one part, where would the body be? 20As it is, there are many parts, but one body. 21The eye cannot say to the hand, "I don't need you!" And the head cannot say to the feet, "I don't need you!" 22On the contrary, those parts of the body that seem to be weaker are indispensable, 23and the parts that we think are less honorable we treat with special honor. And the parts that are unpresentable are treated with special modesty, 24while our presentable parts need no special treatment. But God has combined the members of the body and has given greater honor to the parts that lacked it, 25so that there should be no division in the body, but that its parts should have equal concern for each other. 26If one part suffers, every part suffers with it; if one part is honored, every part rejoices with it.
I am interested, who was your employer???
Hell, you can answer AC from an internet cafe if you like???
...I would subpoena the report to see what criteria "surfaced" that convinced his employer to replace him with the new guys. This could win the case for SafariShane, if there were no other "problems" with his history at the company.
[Please sign here]
All this talk of hacking back in. WTF? What kind of admin doesn't have X Backdoor accounts? (you know, the legitimate kind ;) Log back in, change all the passwords, erase all the logs and go have a beer. (Smells of BOFH)
Even better, do it trice daily.
First and foremost, name names! Who is the unethical outsourcing/consulting company? There are others reading this who could end up in the same situation, and it could be helpful if they could point to references that say conflict of interest. This consultant's behavior is unethical (perhaps illegal), which should be a concern for the PHB who authorizes it. At the least, establish a paper trail of what's going on and retain hard copies for your Doomsday File. Send them to 60 Minutes if you get canned...
I know it's hard to survive without doing something wrong when "everybody's doing it", but there's a few reasons to work a little harder than you seemed to in your story to prevent the moving of jobs to offshore locales.
1. You live in America. Money which goes outside the country is money which doesn't help your country.
2. One of the reasons programmers got to charge such exorbinate salaries when the world was going Internet crazy, was that there wasn't a lot of Americans who could do the work. Outsourcing to other countries will result in even less technologically saavy Americans the next time a lot of high tech skills are needed.
3. Management skills are outsourcable too. When you're company realizes that so many of it's programmers work in Pune, India that it just doesn't make sense to pay American level salaries to have them managed by someone half way across the world who doesn't even speak their native tongue, you're going to have to live with the fact that you got the ball rolling in that direction.
Comment removed based on user account deletion
developing OSS so that folks in other countries can use the source to learn, and then they can take the jobs of your other friends by getting outsourced work. Then you and your friends can stay home and play Quake all day.
The savings from outsourcing are astronomical. A programmer in the U.S. making $80,000.00 can be replaced by a programmer in India with the same skill set making $20,000.00. So an employer isn't going to be persuaded into paying a programmer 50-80% of his current salary and let him work from home. The employer would still be paying twice as much in salary than if the job were outsourced and this is not even taking into consideration the expense of "American-style" benefits. Employers may be persuaded to not outsource if their programers would work for 25-30% of their salary without benefits, but they won't find many programmers who would do that. If it would even be possible to support my family in NJ on 20000.00/yr, for that kind of money I can find less stressful work :)
Good question. I mean, if the outsourced company found his unsecured FTP address that he used to up/download his MMORPG character stats and his biology homework, he probably *was* a risk.
However, I tend to think that the sort of scam he got burned by is real. And management is usually stupid enough to buy into crap like this. But I doubt it's actionable, since the outside company would have a valid argument that because he knows the network and all the passwords (or other entry methods/points) he IS a risk, even if he isn't INCLINED to use the information in a negative way.
However, by the same argument, THEY are now the biggest security risk to the network and because they are not employed, they have little interest in protecting the network (at least, less than HE did, since is only paycheck was derived from protecting that network). If his former company were to suffer an intrusion and as a consequence go belly-up, the outsourced company merely loses a single client, not their entire livelihood.
Nitewing '98
Everything works...in theory.
A=A says nothing about the nature of A but everything about the nature of perfect equality. It does not extrapolate to A=B in the real universe because nothing in the physical universe is 100% equivalent. Everything in the universe is a composite entity. And everything is in a state of constant change - impermanent. The conventional means of knowing by means of naming things is merely conventional. It is worth exploring the mind that exists beneath this veneer, if only to gain an appreciation for the luminosity of pure awareness. The linear thought process after all only reveals the minutest result of myriad parallel processes in the mind. All of them are intrisic to ourselves, so it is patently unwise to assume that the voice we hear in our mind and the identity we assume for ourselves is inherently a "real" thing. True objectivity arises as a result of transcending our desires and illusions. Best wishes to you in attaining the next stage in your personal and philosophical development!
Lots of wonderful comments are in this thread, and I am sure mine will be lost in the shuffle. But I have this discussion with family members and friends all the time. I think it might be useful to re-iterate my main points here. If you think I am talking bunk, feel free to ignore me -- my rice krispies will taste just as crunchy in the morning.
The IT industry is the current industry where executives are thinking in the very short-term (why they think this way is another discussion.) By short-term, I am talking in terms less than 5 or 10 years.
As a manager they really cannot trust the people under them in an unstructured environment. That is why technological workplaces still exist, rather than tele-commuting being the normal course of business. How could the executives personally know and trust the character of each employee? Better to treat them as a mass according to the lowest common denominator.
Unfortunately this means the fully loaded cost of a developer could exceed $200 an hour (put them onsite, maintain equipment, federal and state insurance laws, etc.) The cost of an indian programmer, who is a hard worker, well educated, and also works onsite is just over $25 an hour. That is a real number. I work with three companies who have or are about to outsource to India. Usually an ex-pat is sent along at a cost of about $800 an hour to maintain the U.S. relationship. But one guy at $800 and the rest at $25 is much better than everyone at $200.
So it is a simple choice if you look at the stock price. Costs down; stock up. Quality of product a wash in the eyes of management. My experience leads me to believe that it really is a wash, or sometimes the quality of the work goes up.
What is happening is the same thing that has happened to so many other U.S. industries: the executives are selling the future of the industry and their country by moving wealth out of the United States in return for short-term personal gains. Guys, what do the Indians do with that $25 an hour? They buy televisions and automobiles and clothes manufactured in China, Europe, India and sometimes the U.S. The net result is a constant flow wealth from the U.S. to other countries, making them stronger and the U.S. weaker. On top of that the longer we do it, the more we depend on the other countries. Our workforce will lose its edge, theirs will gain it. Beacuse they are doing things they will see the new opportunities for improvement. They will research them. They will become the leaders in innovation. Innovation comes from ideas born from doing things the way they are done now.
I am not promoting pure isolationism, but we need to think about what we are doing to ourselves as an economy. Meanwhile I advise leaving tech before it is spelled 'textiles.' Eventually this trend will find you, but try to stay ahead of it as long as possible.
This is a very bad business model. In order to sell themselves to the clients, they generally need to have GIAC or CISSP certifications. Those certifying bodies have codes of ethics. What you have described does not fit into those general codes of ethics. If anyone representing the outsource firm is a CPA, CISA, or CIA (the accounting world certifications for this sort of work), they have broken a really basic ethical requirement. This is followed more in the breech, but accounting firms that audit for security are not supposed to advise clients on how to fix the problems. The idea is that you cannot honestly audit a company for which you have provided or will provide other services. If they represented the work they did as a SAS70 or other public assurance audit and then took over the jobs of people they assessed, they can be censured by any number of regulatory bodies. The biggest problem today is that there are flocks of us security folks out of work. I have 10 yrs experience, but no CISSP or CISA, and am considered "too senior" for the jobs that don't require certs. Charitably, I assume that they are referring to me having opinions about process and procedures. Privately, I am less naive.
Personally, as a small home based computer consultant, have been asked to do assessments for companies. I think it's just my general lack of common sense or morals that play into it, but, when I've found holes I can drive a Mack truck through, the first person I have went to is the current admin, showed them what I've found, and helped them fix it. Yeah, stupid buisness decision on my part, but it kept the following intact:
1) Person kept their job
2) I consequently got more buisness in doing further checks and consulting
3) Everyone was happy and the admin was upskilled
This was a win/win in my opinion. Everyone was kept happy and safe and the admin got some more skill to put under his belt. I just don't believe in fear mongering. If there is a problem, the current admin (if there is one) should be the first to know and given the tools to help fix the problem on the spot. Now, it's a whole different ballgame if it's outsource company against outsource company where there is no true full-time admin involved but we won't go there. :)
sigs are like a box of chocolates, they all suck remove the underscores to email me
Sorry, Lenin you are wrong. The facts of the world have proved you wrong. Communism worked in one place - Paris... Until people started starving to death.
o in go/Capitalism/
Humans are incompetent - most of them at most things. What's more, they're greedy bastards. This isn't necessarily evil, but it is inherant in our genes. What? Do you think that your capitalist boss isn't human, that's he's somehow SUPERHUMAN? He's just like you only with more power. Don't delude yourself man. Given enough money and power it would corrupt you as well.
Which leads to the fallacy of communism - that everyone will be happy with what they've got. I won't quote the whole song here, but Oingo Boingo's 'Capitalism' about sums up my attitude:
"There's nothing wrong with making some profit
If you ask me I'll say it's just fine."
Have a link if you don't know the song:
http://www.metrolyrics.com/lyrics/38962/Oingo_B
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
The best advice I or anyone else can give you is to consult a real lawyer, not a slashdot-wannabe-lawyer. Would you come to slashdot to ask for love advice? ... I didn't think so. ;-) IANAL either, but I drool over the female ADAs on L&O though. :)
"EDS stock took a beating mainly because of that one moron, and he gets off with a wrist-slap and an apology?"
I'd say the lesson is not to depend too much on those guys who recommend stock. Most recent economic history has taught that lesson.
We just hired two people recently, and we're bringing on a third person just after the holidays. That'll probably be the extent of our growth for a while, until we're given more systems. And I'm wagering with the results we're producing (and the sysadmin to server ratio) that we're going to get more in the future.
Spoken like a sheep.
The people who understand technolgy need to start running things. If that means shutting down the infrastructure of the country, so be it.
They regulate howm musch we get paid, they dictate laws the specifically state software people can not get over time.
being salary is not enough to warrent no overtime.
Everystate has very specific guidlines on who gets overtime, regardless on how they are paid.
Now software developers no longer enjoy that right.
How bad does it have to get before we lash out?
Comment removed based on user account deletion
Comment removed based on user account deletion
Where have you ever seen a 75% tax rate?
Like you, I also like where I live. I wouldn't like to live in a place where I could get fired on a whim with no recourse but to launch expensive litigation. I wouldn't like to live in a place where the accident and emergency search my body for a credit card before they'll think about helping me.
Does my bum look big in this?
Though your employer probably didn't do anything illegal, assuming you were an 'at will' employee, I'm thinking they probably will not give you a glowing reference. You should consult with an attorney to see if there is any recourse you may have since the results were 'secret'. You may have a legal right to view your employee file (depending our your country of employment), and I would think that the cause of termination would be recorded, in which case you may want/need to keep a copy for future use.
At the least I would check and see if there is anything you can do to obtain a copy of those records.
The Big Three killed my baby...
Come and see the violence inherent in the system!
COntrary to the belief by many people, business's do not exist to provide a job to any particular person, excepting perhaps, the owner. A business exists for the sole purpose of making money for the people who own it. The fact that they provide jobs to other people is mearly incidental. As such, the owners or management can choose who they want working for them.
Anybody who doesn't see it this way should try to put themselves into the position of the owners. Try to imagine owning a company. If you are the boss and you don't want a particular person working there any longer, you would fire them, right?
If you don't like people having that sort of power over you, start your own business.
Now, don't get me wrong, I do feel that what the company did was most likely a bad move, and certainly was not a good way to repay a person who seems to have been a good employee.
Any way you look at it, the management is responsible to the owners, be it private parties or stockholders. Their job is to make money for them. It is not to provide the employees with work.
Sorry for the rant, but I get irritated when people think the their employer OWES them a job, they don't.
Hockey - Canada's gift to the world
Opening up the network is just poor performance.
Remember poor Randal Schwartz serving jail time for running password finders to show people at Intel that the passwords were weak.
individuals most choose to specialize in order to obtain the economic benefits of specialization. This requires a degree of trust and cooperation ...which futher emphasizes the importance of rewarding people for investing the time, money and energy to specialize in a highly technical career.
But now it's "eh, you lose. Learn some new skills before you ask for another paycheck."
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
Actually, you CAN be fired without a verbal warning and/or written warning. It's called "Just Cause".
It's a nice catch all that allows actions taken against company policy.
They terminate you with "Just Cause", give you some going away money, and out the door you go.
Get another job and stop crying.
> I don't see it being that hard to support. Who best knows how to attack a virus scanner or system than a virus scanner writer.
If you don't see it being hard to support, then support it, rather than making dubious generalizations.
Poisoning the water supply would increase business for doctors, and they'd know how to do it, but does that mean we should arrest them if it happens?
More crime would mean more money for police - does that automatically mean cops are mugging people in their off hours?
More fires means more work for firefighters - are you suggesting they're all committing arson?
Despite what you seem to think, these kinds of wild, baseless claims are completely unrelated to actual evidence, and in fact may verge on slander or libel.
That's what I did. My former employer of five years spent several times my salary-to-date on consultants from Gartner, who convinced management that everything I'd built was wrong and they should spend my salary for the next five years on Microsoft products. I helped them roll it all out, they showed me the door... and now (from what I hear from a few friends there) they are hurting. {shrug}
Yeah that makes sense. Prove them correct, "See I told you he was a security risk." Besides he said a financial institution. I don't know about the rest of you but I do not want to pull federal time...
Why would a comapny pay you less for working from home? The cost for a company for you to work from home is a little less then working in an office. In both terms of office space and increased productivity.
They fired you AFTER you resigned? And now they're claiming you were fired for "Gross Misconduct"? Make a federal case out of it with the NLRB... them firing you after you resigned ought to be persuasive.
Yeah, and back in the nineteenth century, management didn't know how to run a weaving machine or shovel coal into a boiler. Knowing how--or being able--to do "real work" doesn't have anything to do with having power. "Knowledge workers" don't have any more power than the factory workers or laborers did during the industrial revolution. At best, they comfort themselves with the illusion of power. Sorry.
--and who is John Galt, anyhow?
Great men are almost always bad men--Lord Acton's Corollary
I am not a security geek - so can not comment on the issue of having a security audit cost me my job.
On the other hand, I do have some thoughts on increasing your likelyhood of finding or keeping a job in this tough IT marketplace, that can be found here...
The executive summary: diversify your skill base, and become a jack of all trades; coupled with that, look at other means to increase your ability to satisfy your user community better and faster than the competition.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
Be careful! Bears shouldn't consume large furry dogs.
Job security in IT is a myth. We are all legos, that can be replaced by any one of a hundred people in India or Argentina or where ever they're offshoring to today, for half the wage. My supervisor is actually firmly against letting employees work from home, regardless of salary. I believe this is because he feels like he loses a measure of control if he can't see us.
In any case, if you think you have job security, think again.
-- -R
Actually quite easy. A competent person armed with a few bootdisks can take care of that root password problem in no time.
"We obviously need a new moderation category: (-1, Woo-fucking-hoo)" --Mr. AC
I live in Chicago, and worked in the Bay Area for 10 months on a long contract.
The housing costs were completely insane, but I have to say there isn't ANYTHING like the big stretches of Regional Parks you have right there. I could drive for 15 minutes from my office to a spot where I could walk or bike for 9 hours and see no one. Amazing!
In Chicago, you have to drive for hours just to get to jam packed picnic groves full of beer cans. It's really impossible to ever get away. So ugly here.
I'd hate to hear all those rolling hills were getting turned into more goddamn strip malls and housing developments like the midwest. The containment of the sprawl was definitely the best thing about the Bay Area. (If you live there, get a water bottle and get your lazy ass out to Sunol!)
The housing sucks if you live there, no doubt about it. But a funny thing, just about 3/4 of the people I worked with moved TO this area from other states.
In the long run I think the best thing is to let the artificial population concentration from the Silicon Valley gold rush continue to disipate from this region.
The COO (boss's boss's boss) came to the organization late in the game, and changed the rules. (from in-house to outsourced)
First, you need to realize it has little to do with you personally. The CxO has to justify his stock options and bonuses by "outsourcing" some work because that is what the financial press it praising. Since the IT portion is what he understands the least and is reported most in the press, it is what he will outsource first. He has no clue, he's just doing what MBAs do to get ahead by following the trend of other clueless CxOs. Don't take it personally, just slap the SOB with a baseball bat on your way out. (Just kidding about the bat, use a clue bat instead.)
This isn't about outsourcing software development overseas, this is about security at a company and outsourcing security and network administration. If a company has one person who holds all the keys to the security kingdom, even if he or she is doing a great job so far, you have an insecure system. Any system the depends on the knowledge or integrity of one person is an insecure system.
That said, firing that person is not the first best answer. The first best answer is to properly distribute the responsibility and oversight. It isn't right to put all you trust in an outside vendor either.
I don't know any specifics about this particular situation, but if I encountered a person who had all such controls in his or her hands and who regarded any distribution or surrender of authority or oversight as wrong or something to be resisted, I would consider replacing that person.
No system designed around a single point of failure is a reliable system.
This is a pretty straightforward question, and not answered as near as I can see.
Were you doing exactly what you were contracted (yes, in writing) to do?
Quite often, being a security analyst doesn't implicitly include vulnerability testing, and when it comes to security, GET IT IN WRITING before touching anything. ANYTHING!
If you failed on this point, then it's just begging to be (inappropriately, but allowably) expoloited by a sleazy company.
If you were being paid to do exactly this, and then were fired as a result of it, then screw it. It's not easy losing a job, but there are some companies you're better off away from.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
"At my last job (one of the big 3 ISP's) one of the NT admin's screwed up and opened our one internal systems to the whole world. One of our techs studing security discovered the hole and reported it our PHB. Who came to our SA team to check and confirm. They were more concerned about the tech finding the hole, than the idiot NT admin who screw up an NT securtiy setting. "
Then one of two things.
He could have gone to the "idiot"(a hint here. It's not good to go to a person with your prejudices. It could have been an honest error), and told him about the problem and let him correct it, with the boss being none the wiser, and his "image" intact.
He could have fixed the mistake, with no one the wiser. If everyone is as clueless as you state? Then this should have been an easy task.
The main thing that stories like the above demonstrate is that geeks make lousy diplomats. There's a right way and a wrong way to present "difficult" news. Learn how (among other things) and you'll do well in life, and work. Forget how, and you're the subject of a story on Slashdot.
The lawyers' version of the "not my department" brush-off always means the same thing:
"You do not have enough money, or cannot win enough money through such a suit, to pay us."
Taking control of the means of production and forcing wage increases isn't bargaining, it's extortion.
Power doesn't reside in stealing another's property, it resides in controlling the issuance of work and the flow of money into and out of the corporation.
I.e., the manager has all of the power and the worker has none, even if the worker steals the equipment. Because then the manager calls the cops, gets his equipment back, and spends a little time and money replacing the worker.
Duh.
...until you find yourself living in it.
While my real job title is QA Manager, I also manage the security plan at my company (located in Canada), who makes export control restricted products (products restricted by either or both the Canadian govt and/or the US Govt). When doing security assessments on this side of the border, the citizenship requirements of the Controlled Goods Program (CGP) are far more lenient than those of the US International Traffic in Arms Regulations (ITAR). Still, because we export our products to the US, I have to take citizenship into account (i.e.: I have to in some specific cases meet the US requirements). That means in the case of specific individuals, they must be removed from projects and found alternate work. If alternate work cannot be found, then they must be let go. There's nothing the company can do about it - it's a federal requirement of employment to work for a company that designs these specific kinds of products. I will assume you are in the US, in which case a third party, such as the government or someone waving wads of cash around, has set some specific requirements for personnel working on their products. For some reason you didn't meet them. You do have a reasonable "right" to find out what specifically was the issue - was it citizenship? was it political affiliation? was it all those nights you've been downloading pr0n? Your employer should have made an effort to find you alternate work within the organization. If they didn't even try, then you might be able to make a case for wrongful dismissal. However, if they did try, or such an option simply is not feasible (and this is what it sounds like, how can you be an effective SysAdm when you can't access huge chunks of the network?), then they are within their legal bounds to let you go.
.
IANAL (but I've paid for their kids' dental work and sailboat), but there are two issues here: I think you have excellent grounds for proving damages to your reputation in the industry (from both the consultancy and your employer), in addition to wrongful termination if you were let go with prejudice (fired for false or misrepresented cause and denied unemployment). However, the real money is in the first part, so go for a libel/slander lawyer with knowledge of labor, not a labor lawyer who's heard of slander and will sue to get your job back. What you really should want from this is to (a) clear your name, (b) collect monetary damages, and (c) walk away. Dunno about FL law, but you should get all your lawyer fees back as well if you file the suit properly...
I have (unfortunately) some experience in picking a lawyer for similarly hostile and unpleasant situations. In a recent situation that involved an insurance company, I turned to my own insurance carrier (home, personal liability, auto etc) and asked to be put in touch with a couple of senior examiner/adjusters. When I reached them (no easy task), I asked them the following question:
"Who is the meanest son-of-a-bitch you never want to be across a table from?"
Both people gave me the same name, and I hired that person as my lawyer. Yeah, the hourly rate was kinda frightening, but when your lawyer scares the piss out of the other party simply by name, the proceedings tend to be much shorter, and more to your advantage.
How does that apply to your case? Call a libel/slander *defense* lawyer, and ask him/her the question above. Two votes for one name, and voila, you have your counsel.
My personal advice is not to be shy about this. There's a time to shrug and walk away from an employer who lays you off for stupid reasons (I did a few months ago), and there's a time to fight like hell against something that could drown your career. This seems to me like the latter. What will you say in a few years, when a potential employer asks "If you weren't a security risk, why didn't you fight it?"
Jon Espenschied
I think not...(*poof*)
Yes, but Just Cause is a discrete, knowable doctrine, and can be rebutted if the employee wants to pursue a claim of wrongful dismissal. You can't just say you have just cause, and have the problem go away. Also, usually only in cases where a transgression is severe (i.e. theft, fraud, lying, etc) is it legal to terminate without a second incident.
Also, in every Canadian province there are employment laws that require a certain period of notice upon termination. The money they give you is in lieu of your notice, which is generally two weeks, but can increase with long-term employment. Also generally, if they terminate you for just cause, they *don't* owe you compensation or notice in lieu of compensation.
IOW, you either get notice or pay in lieu of notice, or termination for just cause.
Never at a loss for words... because of the voices.
You would just be proving that womeone could do the job remotely
I hope that was a typo, not a Freudian slip.
Done with the off-topic, bandwidth wasting comment.
I'm going to have to remember that one!!!
-A
Nah, we still have _some_ freedoms left in the US. Why is it ok for an employee to terminate his employment for any reason whatsoever and an employer can't?
Oh wait, we're all foreigners here. Never mind.
you die?
Be careful! Bears shouldn't consume large furry dogs.
> Every society strikes a balance between individualism and collectivism.
He he. What a wonderfully pompous post! But I take your point about the social cohesion thing.
If we bring it down to a different level though, I've sometimes wondered whether our CEO has ever woken up in the middle of the night and thought "Shit! I own this company, but the Ops Manager knows the root passwords to ALL our systems... and I don't!"
Maybe I'll show him your post one day if I see him hanging around the server room looking nervous. It might calm him down.
"And the meaning of words; when they cease to function; when will it start worrying you?"
they may have just misinterpreted the company's analysis stating that internal employees pose the greatest security risk to mean that YOU as the one employee responsible for security are the actual risk. Certainly internal people can be the most dangerous to any company.
Cannot say for certain if you were the target and neither can you unless you can find a way to see the actual report on the company's security audit.
at the least find a way to let us know who these guys were so we can work within our own companies and departments to help prevent us from being sidelined by this possible devious tactic...
that is if they actually were insane enough to specifically name YOU as the topmost risk.
Economists should be screaming at about this point.
If people outside the USA want quality, they buy something from Europe, if they want something cheap they buy it from Asia - except for in the electronics industries where you get the best quality stuff available cheaply from Asia because all the US technology has been outsourced to there. If the main product of the USA is managers, while the rest of the world has the knowlege and does the production, it will be a bad thing for everyone. The best manager on earth is no match for a thousand canny Chinese businessmen - these companies are going to get screwed over.
My condolances to the security analyst - anyone that has decent skills in the job can be seen as a security risk. Unless someone really likes you in a job like that it's only a matter of time before someone gets nervous and gets rid of you. The really bizzare thing is that conventional security gaurds are not in that situation.
What did they see, you were running RedHat? Hell, I'd fire your ass too!
t y. html
https://rhn.redhat.com/errata/rh9-errata-securi
-- RH, the most brain dead Linux rip-off.
-- Insecure, by default.
-- Yes, we're hear to take your hard effort in open source and free software and to turn that around just like MS and make million$! Thank you suckers, now we're not going to offer it free anymore.
Sheesh, Linux now having to be warez'd.
Actually EDS stock took its beating because of its major partnership with MCI Worldcom just before Worldcoms collapse. Under the agreeement EDS had to pay Worldcom ($US)billons over the next few years if they didnt get them enough Contracts during that time. They got out of paying some of it by giving MCI Worldcom wads of cash upfront while they were in chapter 11. Stock shares went through the floor, Dick was the scape goat as the idiot (scammer?) from EDS who originally brokered the stupid deal was already long gone. Dick may have been a complete Dick but he wasnt the main reason for EDS stock falling to 1/4 of their original price. I believe it is now only half of what it was. EDS are rumoured to be about to lose the US Navy contract as it is up for renewal. But hey that wont affect me cause Im in Australia! :)
meridian at tha.net
Safarishane,
Show this entire, many page, thread to your ex-employer.
As an InfoSec auditor it appears that this company has seriously impaired independence in this case. An auditor must (to quote the ISACA Code of Professional Ethics):
Perform their duties in an independent and objective manner and avoid activities that impair, or may appear to impair, their independence or objectivity.
-- ISACA Code of Professional Ethics (Links to a Word Document)
If the same company is both providing audit or assessment services and offering outsource services to the same client then there is a serious breach of professional objectivity.
lizardb0y
http://www.vintage8bit.com/
My spouse once had a job with a small political newsmagazine. She was the typesetter on an old obscure setup. Every word went through that machine. Since it was such a rare system, they needed her pretty badly to meet publication deadlines, and that meant that she had an editorial veto. She exercised it directly once: simply over the capitalization of an artist's name--who generally insisted that it be lowercase--and she demanded they respect his wishes. There was a standoff--editors backed down when they realized the stakes--they approached her to sound out controversial decisions after that. It helped that she was good at her job. The whole deal was a revelation for me.
This is gonna sound syndicalist (though it isn't, really, just basic strategy): the wielders of tools can exercise final power over those tools, even if they don't officially own them--because posession is more powerful than abstract ownership. Of course, being a social species, working in concert makes us far more powerful.
Damn those pesky terrorists
Any facts will just be seen as whining about things not being fair.
Technical issues do not matter, since with the current corporate culture, it's all about emotion (not always a bad thing - managers are supposed to herd people, emotion is important to them), anything that is said will just be seen as an indication that the person is unhappy, which is no longer the companies problem. If there is an "us or them" management culture, which exists in far too many places, his fate was sealed as soon as someone decided to do the security audit.
People get sacked all the time with little cause. I've seen someone get sacked after a break-in at her workplace and her computer was stolen. It would have taken her some time to re-type the documents in her computer, so she was sacked.
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
I used to do assessments for a company that wanted to do them to discredit the existing IT and replace them. After awhile it really bothered me because we went after some good, hard working, dedicated people.
I decided to get some certs and marketability and find a job less 'stressful'. In studying the Code of Ethics for the CISSP, I realized that it should be my job to help dedicated people hang on to their job with instruction, training, learning, awareness.
I now work at companies with the idea that I will locate 'vulnerabilities' and correct them with the resources they currently have. I know its a stretch for some to adopt that line of thinking but in the long run, this attitude is paying off.
Comment removed based on user account deletion
The blame falls either on yourself for not doing a good enough job for your company or your company for stabbing you in the back. Speaking from working for one of those 3rd party outsource companies we are given objectives to accomplish by the managment of the company that hires us. What they do with that info is up to them. I understand your frustration all to well I have been on that side of all this as well. Its life man move on you can't sit around crying and feeling sorry for yourself.
Comment removed based on user account deletion
One thing you could do is improve your grammar. Bad grammar makes a bad impression on people. Whether or not it actually correlates to your ability to get the job done, it makes you look less professional to have bad grammar and spelling.
Note that this is not a flame. If you are, however, worried about your job situation, it could help a little to make some PR improvements.
Now, it is starting to be seen at the fringes of management, as seen in the current article below from Red Herring. Yes, this is for the advance guard investor audience, but it is still the begnning of the pendulum swinging the other way.
Top 10 trends: Outsourcing backlash
Comment removed based on user account deletion
Excellent point, and that sig is priceless
Comment removed based on user account deletion
Put "was outsourced" as the reason for leaving on your resume and/or job applications. As long as they are not telling people you were considered a security risk, you should be OK (if you can find any work that hasn't moved to India). OTOH, if they are telling anyone you are a security risk, then you need to hire a lawyer fast.
now we need to go OSS in diesel cars
Comment removed based on user account deletion
I think that's a great idea, but you're number is probably too high. Depending on your job, you may need to offer a much deeper pay cut to make that decision the most profitable alternative for your employer, and it may require a reduction in minimum wage laws to make that feasible for some non-developer positions. I'm serious. You can find people to sit around and read security mailing lists in foreign countries for much less than US minimum wage.
Excellent advice. I would add that with many security jobs going the way of IT jobs in general, expanding your horizons should probably include re-education. The only private sector jobs in the US that are safe are service jobs that require you to be on site. Health care is probably your best bet.
Things will eventually turn around for US service workers, once the pay scale and standard of living is closer to that of third world nations. Though the manufacturing jobs are never coming back. You can thank the environmentalists for that. And what happens to a service based economy in the long haul?
Just don't have any kids. The future of the US is not bright.
NT
"I think it would also be VERY appealing to those of us with children and two working parents. Get to work from home and be there when the kids get back from school. It doesn't apply to everybody, but for some folks it may be an option.
"
It works well for the handicapped as well.
The downturn has been hardest on them.
I have read that there is a security issue with having a single person as the abministrator. thiss would imply redundancy not sacking. Is Australia there are extra payments for redundance like 1 week per year of service. It also is better than "sacked' (but still not great).
From the point of view of the sacking the company is legally obliged to tell you in detail what you did wrong so that you can study and correct those faults and not be doomed to repeat them. Ask for an "exit interview", this interview should discuss in detail the technical reasons why you failed to provide the service. You could ask for a copy of the security report under a non-disclosure agreement to supplement your knowledge of what went wrong. The company may (rightly) refuse to provide a copy of the report but you should ask.
Discuss with management that you were "outsourced" not fired and discuss with them that they should correctly reflect this to potential employers. Advise them that if you caan you are willing to assist them with problems or provide independant audits of their security at a reasonable consultant rate. It is better to leave them in a friendly frame of mind:
a) It will be reflected in your reference.
b) It gives you a slim chance of picking some extra consulting work.
c) Asking for details of security problems is a positive and should be reflected by you to your potential employers.
Don't under estimate the fact that you may have been a problem. You have given us no indication whether you followed security alerts, whether you configured your boundaries properly, etc. This may not be the case but we cannot judge your performance.
Personally, I wouldn't want to work in a place that's being kept in check by the threat of mutual assured destruction. It's too much tension. Bad for the blood pressure.
Yes, this arms race has gone on far too long... someone should have a talk with the powers that be up on Capitol Hill.
Gin up a fancy powerpoint presentation showing copious egregious "vulnerabilities" (get a list from CERT or something and dump everything in) and get a friend to dress nice and give them a spiel. Follow that up by getting hired by your employer as a "contractor" for 2X previous wages.
People with skills that are in demand do not have trouble finding a paycheck. It's when someone has highly specialized skills that aren't in demand that there's trouble.
Amazing magic tricks
Things will eventually turn around for US service workers, once the pay scale and standard of living is closer to that of third world nations. Exactly, as long as it's accompanied by an American awakening that we can't always be picking up the slack for everyone or have such high expectations.
OT: I believe it was Emo Philips who said --- I used to think the brain was the most interesting part of the body. Then I thought, look what's telling me that
must... stay... awake...
Sorry to hear you are jobless. In my opinion, some companies are moving the wrong way. I have been the CIO/CFO for almost a year. I don't know if my opinion is right since I am relatively a newbie to the position, but I would NEVER outsource security or any other confidential type work. How does a company justify paying a third party rather than an employee. I can understand adding dollars to the bottom line, but building a team of employees / co-workers is much more important. The problem with tech jobs is the people signing your paycheck and doing the hr work dont know sh*t about your job. In my area, central nj, tech jobs are steadily on the rise. I am about to start looking myself ;) Look at it this way. It's an opportunity to move onto bigger and better things. A company that does not value its employees is doomed to failure. Good luck.
Health care is too broad a category. Dentists are struggling. You should have specified the medical and convalescence fields.
This is the best revenge. I had this happen to me and I did exactly what is told to do. I was contacted four months later to talk with the owner of the company and he offered me a contract to train the people, my job was as a Video Engineer, and I told him that I had a company and was doing it all over the nation, I had 17 contracts, I told him my going rate 65% more then what I was charging but, I would knock off 10% for the contract. The contract was for 18 months. Basically I made out like a bandit, and the best part was my old manager had to sit through my classes to be trained. It was really a great experience for me.
If the infosec audit did find that the organization is not up to par, they may well lose government contracts. This is generally very bad news.
It is also important to remember that there is much more to security than your firewall rule set - look into Common Criteria, or the Australian Defence Signals Directorate - ACSI 33 regulations (this is a good read for any network admin BTW).
It is entirely possible that our fellow reader had no clue what to do, was untrained, etc. etc. How to apportion the fault is another matter, but do realize that most network admins have no idea what infosec means.
Jan
Personally, I think that kind of thing should get him kicked off the trading floor, but hey, that's just my opinion. I also think it fairly stupid for the market to react to what is basically just guesses by people that may or may not hve an agenda. Again, that's just my opinion, and maybe there are good reasons for that.
I would just like to underscore Dr. Bent's point.
I have a friend who works for a telecom company that shall remain nameless. They employ Indian programmers for three hundred dollars a month. The average American software developer earns $78K annually (source: sdmagazine.com), more than twenty times as much.
Are you willing to work for 5% of your current salary? Didn't think so.
Shoot, Learn to speak chinese, move there, and wait for "outsourcing" to reach the executive level so you can tell your old boss off in cantonese. Take comfort in that you are not alone, 3 million working class guys have had to move home to their parent's basement in the last 3 years.
Shouldn't that be 24x7x52? Or 24x365?
At least your CEO can count on you...
Xix.
"Everything is adjustable, provided you have the right tools"
If you know you are going to have a 3rd party audit, and you know there are holes. DOCUMENT EVERYTHING YOU KNOW AND REPORT IT TO YOUR MANAGEMENT BEFORE THE AUDIT OCCURS.
The fact is, most of us probably know of a small issue or two that we would like to have fixed, but have a lack of time or budget to patch/repair/upgrade or tighten down.
Cover your ass so that when the audit comes back, you can at least say, "hey, I knew about all of that crap before the audit, but lack of funds/time prevents me from tightening things down."
Goals are deceptive - the unaimed arrow never misses.
So you get a day off about once every four years?
'All the time' is much more accurate way to say what you mean. Try it sometime.
Look out!
That doesn't help much when the skills in demand are
for fry cooks and cashiers at Walmart.
My guess is he wasn't fired on the spot. He was laid off on the spot, a common practice, meaning they tell you not to come in tommorow, but your official last day isn't for several weeks (at least 2, up to 6 is common and 3 months has happened to little guys). That is not vacation time, but regular pay. He is just working from home for that time, with his job to find a different job. They give you your regular pay checks, and after your time is up send you a check for anything else owed you. In most cases this means all the vacation you haven't used yet plus anything not vested in the various investment plans. (Watch the latter, if you don't handle ir right you can owe a lot in taxes)
Upper managers often are sleeping while you are one call, but at the CEO level and one step below that isn't the case. CEOs have to be workaholics, or the shareholders fire them. Nothing unuseable about a CEO calling the CFO at the office on 2am sunday morning and getting an answer. (despite no knowledge before hand he is in the office)
Not that CEOs are always doing good useful work, but they are working often. Not a life I recomend anyone live, but they do it.
You make a great point, but I've personally been in situations where management actively discouraged attempts to break through this divide.
Sometimes, it's not the people on the "tech side" of the fence who have the communications problem. I recall wanting to bring up an issue directly with our company's C.E.O. - because I knew it was going to get buried or spun into some watered-down idea invented by my manager if I went through the usual "chain of command" with it. I finally had a good opportunity when I ran into him as he was going from one building to the other, and we were chit-chatting a bit. I went from the "small talk" to my idea. Know what? The C.E.O. stopped me after only a couple sentences, telling me he didn't want to hear any more about it - and that I needed to discuss it with my direct manager instead.
Management often does things that ensure they stay well seperated from the "rank and file" employees, except when they feel it's strategically important to make a personal appearance. I recall being in meetings where the managers and VP's of depts. all went out to lunch together, leaving everyone else to eat the catered lunches that were ordered for everyone.
In fact, the very idea that they get real offices with doors they can close automatically sends a message that the company thinks it's important that these people have a higher level of isolation than everyone else gets.
Also, while it's always more productive to have solutions than complaints, sometimes the complaints are generated because of co-workers generating *false* solutions, in attempts to look superior. I recall doing *plenty* of complaining at a couple of past jobs, yet I'm typically looked upon as one of the people who has "all the answers" or is good at coming up with "creative solutions". When I start complaining, it usually has a lot to do with implementation of poor ideas that are being pushed off as solutions by someone who doesn't have a clue (but who can "talk the talk" enough to sell his/her poor ideas to management anyway).
Most companies will not report to companies asking for a reference what is not substantiatable - it makes them too vulnerable to court suits. If you are truly worried, perhaps there is someone with a company that could help you - ask them to call for a reference on you, including asking why you left your former company.
guys, open source is killing our industry. If software is free, why pay the developers?
People with skills that are in demand do not have trouble finding a paycheck.
Bullshit. I have 20 years of experience in computer programming, networking, project management, business management, computer graphics, accounting, research, technical writing, etc. Only place I'll find a paycheck is stocking shelves somewhere.
It's when someone has highly specialized skills that aren't in demand that there's trouble.
Funny how the requirements of those highly specialized skills change just in time to fuck people out of their careers, and usually right after they sign a mortgage.
But hey, destroyed careers and financial ruin for people who have an education, years of experience and hard work are just a fact of the "free market," right?
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
Because sitting back and watching puts oh-so-much food on the table.
If there was justice in the world, the guy wouldn't have gotten fired in the first place. Don't count on karma to say, "Whoops, missed you getting screwed the first time, but don't worry, I'm on the job now!"
No, I think he's got a more-than-legitimate case against these people. I can't believe something like this would even happen in real life; this guy wasn't even given a chance to defend himself? Good grief.
"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life
You make a good point about not burning bridges and though I try to stick to science on good ole /. My story involves my career of cooking. I went to work one day, (night shift) a pretty high class restaurant, wanted something to drink and noticed the bar was closed (locked tight) I wanted a glass and had to settle with a coffee cup kept with the dishes. Had some grape juice with ice and went to work. Well there were some problems, new management and I was part of the old management, I was a stickler for quality and the original recipes such as making stocks from scratch rather than using prepared soup bases, taking the skins off, seeds out of the cucumbers before grinding them for the salad dressing etc. I am a damn good cook and probably an asshole (in the kitchen) but I take my cooking seriously. Back to the story, I was called down to the office about two weeks later and fired for drinking on the job, wine they said. The only wine was cooking wine above the heat lamp and it was mostly (by now) syrup, drinking on the job in a kitchen can get you hurt and I burned and cut myself enough sober. I drank like a fish afterwards but not then. Back to the story, I filed for unemployment and they refused, filed for a hearing and lost, my proof and story were considered moot. Filed for an appeal and was turned down. Walked 4 miles round trip to get my last paycheck, it was January twenty something and there was a 40 below chill factor, thirty-mile winds the whole I grew up in the depression stuff. Goddamn sixty-dollar check and I was spitting mad but I never told them off. About six months later I wanted to buy a house, as many of you know the mortgage payment cannot exceed more than a certain amount of you income to qualify for the mortgage. Well I was about .5% over meaning too much of my income was going to the house payment and they were unsure since I had changed jobs rather quickly, I might of blabbed about why, so they asked me to have the kitchen manager sign a paper saying I was an ok guy and probably will hold a job so they get their money. I will be goddamn if he wasn't happy to sign, I got my house, still living here after 20 years and the restaurant closed for bad management and lousy food. I know I got what I wanted and I suppose they got what they wanted. WAIT!! Goddamn, I forgot when they called me down to the office they wanted me to sign a confession admitting my guilt, they were sitting there in an office about 8by12 feet with me standing in the doorway while this discussion went on, three of them sitting with tall glasses of chilled Chablis in front of them. When I told them what I thought about their confession paper thing their eyes started to get wide, the only way out was past me, I was pissed and laughed all the way home, anyway do not burn bridges, something positive might come out of it, or at least you will have your integrity. If I get modded down well hell I just like telling some of my stories and I got a bunch. Carryon .
I eat my grapes at room temperature, cuz the cold ones hurt my teeth
Send an anonymous comment to the biggest institutional shareholders of your former employer that X vulnerabilities now exist after Y analyst took over.
It's much better to get engaged in a political activity against offshoring.
Indian monkeys are so good in marketing "skills" they do not posses and making bribes. Our CEOs just love it since they do not care about companies they manage but about personal interests at shareholders expense.
If they are its news to me...I had to wait a month for an appointment...A month!
If the IT world drys up today I'll go to dental school and become a dentist.
-----
One is born into aristocracy, but mediocrity can only be achieved through hard work.
I don't know that you'd want to fuck them. keep in mind, he said he worked for a financial institution. assuming that means a bank/credit union/savings&loan, etc, that is putting peoples money at risk. maybe even your fellow slashdotters. so you want to fuck your fellow slashdotters life savings huh?
I audit financial institutions for IT security. But I do it from the state government regulatory side. I'm not passing judgment on SafariShane, but I would certainly have questions for the financial institution of why they fired their IT Security guy. My job allows me to demand answers like that and then write them up if they haven't done their due diligence or refuse to answer me.
I'm good with numbers -
They (the politicians and the robber barons) have free markets when it serves their greed-oriented purposes, but never when it serves the common people's
So its all a big scam..
The C.E.O. stopped me after only a couple sentences, telling me he didn't want to hear any more about it - and that I needed to discuss it with my direct manager instead.
If there's one thing most executives have in common, it's that they are very busy people. Every case is different, but in most cases they prefer to receive their information filtered through people they know and trust.
I don't know the specifics of your case, but for all I know the CEO knows you are a complainer and he was just trying to give you the brush off without offending you.
In fact, the very idea that they get real offices with doors they can close automatically sends a message that the company thinks it's important that these people have a higher level of isolation than everyone else gets.
VPs get offices with closed doors because they are often discussing information that is of a sensitive nature. How would you like to have your annual review conducted within earshot of everyone else in the office?
-a
About the only solution I figure is to become a business professional and compete with the companies that hire you by outsourcing Indians and Chinese as well.. It seems to be the only colution other than boycotting the Indians and Chinese.. I've seriously considered creating nuclear weapons and threatening the government, so that I can get food and support for free, hey it works for North Korea!!
Just say no to license servers!!
How about just disconnecting the network from the Internet, that would keep them from ever intruding!! And brownie points, you would never have to worry about outsourcers.. Hey what the heck marketing people are stupid anyhow, take advantage of the stupidity while you can..
Just say no to license servers!!
If that had paragraphs, I might have read it.
If I had found some luser installing ZoneAlarm on his machine, I would have
- re-Ghosted his machine without even asking him
- directly complained to his manager.
(back when I was network admin)
So-called "personal firewalls" are useless crap.
And lusers are not supposed to install any security related or system software without permission from IT. Period.
The current issue has two articles of interest: the NAFTA shortcomings and the IRS targeting executive compensation accounting. There's a third article on a gent who buys distressed industries and was able to re-open a steele mill because the workers agreed to work for just-below-union wages. I bet he buys an IT something or other and re-employs US IT workers at a percentage below what they formerly earned. It's an iPods tune waiting to be activated.
Just because you have specialized skills doesn't mean they are in demand. Perhaps a lot of other people have them too. If you can't find alternative employment, then by definition they are not highly in demand.
Your situation, I should add, sounds like it would be benefitted by a new approach to the job search. There is a great book I read called "Don't send a resume" that I think would help you find another job very quickly if you wanted one.
As a side note, if one gets a mortgage and makes lots of plans based on the idea that he'll never lose his/her job then it's simply gambling. In a free society people are free to gamble in this way, and many are pleased with the result. But it's still gambling by choice. It would make sense for people to hedge their risk with alternative training or a more modest mortgage.
Amazing magic tricks
This seems to be a wise thread. I was laid off a few years ago for "cost cutting" reasons. I was very nice to my managers afterwords(days later). I told them where recent code was that they didn't know they needed and how to (and why) to make use of it. In the mean time I got a cool contract working on a StrongARM embedded Linux job(for less money). As luck would have it, when the contract was almost complete they asked me to come back for the same pay. I asked why they wanted me back and they mentioned my kindness(and their sorrow).
A(nother) suggestion for your problem would be to watch for up coming security matters that might effect them such as an exploit or virus and warn them of it right away. Just be careful how you warn them, some warnings can be taken as threats. You might even add how to combat the threat.
Just a thought... it worked for me.
1. Just Wardrive em, create a report and outsource your security skills to them. :)
2. Make it your life long mission to make sure the company doesnt succeed in any way.
3. Send them LOTS OF PORN!
4. Find a new job.
I got bumped out of a job a few months ago decided that if I couldnt beat to join them. I started my own tech firm and consult to small businesses and individuals. Im making more money now than I ever did working for someone. Its suprising how equip, software and hourly rates add up to a lot of money coming in. Good luck, I feel your pain. Rich
"It's time for the laid-off geeks to stop whining. Better to use the energy to start your own company."
Yeah! Anyone wanna buy a case of "enlarge your penis" pills?
I had four days left, due to leave at the end of the week. Unfortunately, UK employment law is uninterested in cases like this unless you have worked for the company for over a year. I had been there eight months.
It's pretty persuasive to future employers and I shall raise it at interviews (along with the excellent references I get from the people I actually worked with rather than those who fired me). There's not much else I can do under UK law though.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Thanks mate. Would you also have the Administrator password for the whole network and all machines be a single OBVIOUS lower case english word for months while you re-located MS SQL Server to the same box as Exchange and misconfigured the back-up tools? Because that's all our SysAdmin did.
It was Tiny personal firewall actually, not ZoneAlarm and I had a valid reason for needing to block ports. If this is such a terrible thing then why, after I left, did the same fellow want to install BlackICE on all company machines inside the 10k cisco firewall?
Anyway, you're surely not suggesting that my little firewall could interfere with the fat Cisco box that sat on our connection to the outside world are you? Because that was the point of my post - it was a made up excuse that would be difficult to explain to a jury.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
The rich might not care. The poor certainly will when they reach retirement or medical catastrophe. If a poor person notices their pennies turn to dust when they save them for a rainy day, they have less incentive to save them. When they need them, they're pretty screwed.
Plus, why should anyone work to manufacture or perform labor in exchange for the soon-to-be-worthless money ? What are you going to buy with money that no one will accept ?
You know what? I think I *would* actually like to see annual reviews conducted "in the open". Hold a meeting for that purpose, and let the manager address each individual working for him/her, and go over what he/she sees as areas needing improvement, as well as areas each person is doing well in.
One of the biggest things that harbors distrust and resentment in the corporate environment is secret-keeping and subsequent rumor-mongering. Every time you see someone pulled into the bosses' office and the door shut, rumors start flying about what trouble the person got into. Usually, reality is much less of a "big deal" than the silly things people come up with on their own.
And as for salaries, that's another whole "can of worms". I understand each situation is different, and there may be very good reasons for keeping salaries a big secret. But as a rule, I'd prefer working for people who post their salary ranges for each job position clearly, so everyone knows (within a couple thousand bucks or so, anyway) what everyone else is earning. Companies that refuse to give you any idea what your co-workers are earning create more problems than it's worth, in the long run. Accusations fly about "the new guy that started out making more than the guy who worked there for 5 years to earn that much pay", and so on. It may or may not be true - but it doesn't matter. It hurts morale.
Agreed.
With opinions like that, I'm sure you're the most popular guy in the office. :-)
-a
What's a geek to do when your job gets outsourced?
Become a contractor, duh.
Outsourcing is the biggest trend in the industry right now, and the big losers are going to be the "geeks" who whine about employment. Forget employment... its for sheeple anyway. The winners in this trend are the geeks who are able to sell themselves as consultants/contractors and produce real results.
You'll be better off to recognize where the industry is headed and to go along with it. Become a contractor, get a few clients, and you'll be on your way to personal freedom and job security.
Skiers and Riders -- http://www.snowjournal.com
I address this guy's 'logic' and I get modded down for it. Unbelievable. I guess it IS easier than actually writing a rebuttal though, eh?
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
It might help if some CIO's realized that
is, in terms of foolishness, ranking right alongside"Provided by the management for your protection."
Two links for anyone considering Pharmacy as a career (I was, but not anymore):
u it .PDF
0 30 1.cfm
http://www.nacds.org/user-assets/PDF_files/recr
http://www.pharmacychoice.com/news/pr/reuters07
Is there something that prevents you from suing that company? On what grounds did they make the assessment that you posed a viable and possible threat to your (old) company's security? I think your first move should be to fire an answering shot. You been treated as guilty until proven innocent, and there are laws against that.
I would contact an attorney if I were you.
*** *** You're just jealous 'cause the voices talk to me... ***
Just because you have specialized skills doesn't mean they are in demand.
Every hiring manager's perfect excuse.
As a side note, if one gets a mortgage and makes lots of plans based on the idea that he'll never lose his/her job then it's simply gambling.
Not for the mortgage company. This is a very basic inequity for employees/customers. The employer can fire an employee anytime they feel like it and for any reason.
The employee STILL HAS TO PAY THE MORTGAGE. They are CONTRACTUALLY OBLIGATED.
Now why can't an employee expect the same reliable business arrangement as the mortgage company? As a business agreement, it's ridiculous. No manager would ever make an agreement to pay if they weren't ABSOLUTELY SURE there was revenue to cover the payments. Yet employees are REQUIRED to do so every single day, even if they live in an apartment.
Unfair and inequitable. Period.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
I hope that you will die a horrible death. Your concern for spam is so blown out of proportion that I almost want to smash your stupid fucking sore hands with a ball-peen hammer. Motherfucking cocksucker.
I can't tell if you're completely serious... but I'll bite anyway:
Hiring managers should want to hire the best person for the job. If they fail to do this, then they should themselves be fired.
A mortgage company agrees to loan you money because it thinks you will pay it back. Not everyone can obtain a mortgage. Clearly, both you and the mortgage company want the contract to be honored in full by both sides (you want the house, the mortgage company wants the principle + interest). If something goes wrong and you do not have any other options, there are several varieties of bankruptcy filing that you can move forward with. These are intended to give people a way out when there are unforeseen circumstances, while being as fair as possible to the creditors. You can declare bankruptcy and never work another day in your life and the mortgage company is screwed.
In fact, some employees do obtain long term contracts. These are typically employees whose value is so high that they are able to negotiate such deals. Think of Executives, Entertainers, Athletes, etc. These don't guarantee that these people will have a job, only that they will still be paid for the agreed upon period assuming they live up to their end of the contract.
Contracts are a good thing. We enter into them voluntarily. They enable trust to exist in a systematic way where without them nobody would trust anybody.
As another side note, when an employer hires you, it is also a gamble. You could turn out to be a bad match for the position, or you could undergo training, learn valuable trade secrets, and then immediately quit. Your employment history is the best indicator of whether this kind of thing will happen, which is why employers ask for it.
It is true that in this period of relative economic downturn (compared with a few years back) employers have more power than they did when it comes to making bad decisions and getting away with it. There are a lot of people right now looking for work, and so the supply in many cases exceeds the demand. This won't last long, however, because every business owner wants to expand his/her business and make more money. In the end, the odds are stacked strongly in favor of productive people.
Amazing magic tricks
I work as a non-IT consultant for an engineering firm in Houston who has had the worst luck since they canned the outsourced IT group and starting hiring and firing IT managers to run the IT staff. A few months ago, the latest IT manager who is some kind of security guru left the guest account wide open. I started digging around on the network, and I had more access as a guest than I did as myself. Still have some folders to prove it. When I mentioned this to my client contact, he notified the IT manager and not the company president.
I've been fishing for a new gig since.
A mortgage company agrees to loan you money because it thinks you will pay it back.
Yep, and they are relying on the exact same promise to pay as the employee is: the income provided by their W-4 job, which is subject to the whims of some lying cheat fuck middle manager.
If something goes wrong and you do not have any other options, there are several varieties of bankruptcy filing that you can move forward with.
The disadvantages of which all fall on the employee: credit destroyed for 10 years, no mortgages, no jobs (they check your credit now), no apartments, no cars, no student loans, no credit cards. The bank gets the house, and the employer doesn't give a fuck.
In fact, some employees do obtain long term contracts.
Sure, and they should. W-4 at will employment is the worst of all possible arrangements for the employee, yet it is by far the most common.
The vast majority of employers would chortle in amusement at the very suggestion of offering a guaranteed contract to an employee, yet the mortgage company gets exactly that, with several hundred thousand dollars worth of collateral as the guarantee. The employer will also insist on guarantees of payment from all of their vendors, customers, associated companies, etc. The only person who gets no guarantee is the employee.
They enable trust to exist in a systematic way where without them nobody would trust anybody.
Which is why I don't trust employers any more, at all.
As another side note, when an employer hires you, it is also a gamble.
Yeah, well at least if the employer loses they don't lose the building, the rest of their employees, their credit and all their money.
See, years ago there used to be an unwritten social contract between employers and the communities they do business in:
If an employee does a good job, they get to keep their job. If a student earns an education, they will have significant opportunities.
Every single person I know in my parents' generation worked the same job for AT LEAST 10 years, and some for 35 years and more.
Not one person I know in my generation has had the same job, earning a living wage, for more than two years.
Not a single one.
In each case, at or near the two year mark they were fired, usually as part of a mass layoff of hundreds of people. I've seen people fired after a few weeks for vague reasons, or, more commonly, for no reason whatsoever.
Now, it's completely backwards: employers proudly discard their obligation to employees (and society) and wantonly destroy people's careers by the dozens or hundreds in pursuit of some short-term dubious benefit to the business.
Hiring managers as a MATTER OF ROUTINE tell employees to "put their degree last" because employers no longer value the decades of education and thousands of dollars employees invest in it.
A college degree should ON ITS FACE be qualification for just about any professional career that doesn't require a license, regardless of the major. Only a third of a baccalaureate degree's units are required by the major. College degrees are far more likely to be used as a DISQUALIFYING factor in a hiring decision, all because the employer either doesn't like or doesn't understand the major.
"What could an Art History major possibly know about real estate?"
Good question. I have a better one: what the fuck does the hiring manager know about Art History? And for that matter, what is so fucking complicated about real estate that a college-educated person couldn't LEARN in a few weeks or months? Oh, I forgot, entry-level people aren't allowed to have jobs any more unless they are mopping floors or stocking shelves.
This has enormously destructive and corrosive consequences in a community. People can't rely on their job, and therefore cannot ever be confident in really settling in a particular community, buying a house, etc. People have no choice but to conclude that if employers do not value their education, they should not either. This is a significant disincentive for people to pursue higher education.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
Something that's too funny. I married a gal who was head of our high school varisity cheer squad her senior year. Who was I? The tuba player in the band and all around geek.
How the hell we ever ended up getting together, I'll never know.
great post. you just got friended.
Companies do not have any obligation to employ someone for any length of time. The only incentive they have is that training is expensive and it costs more to keep brining on new, inexperienced people.
In the past people did hold jobs longer. I've worked for one company that had a lot of "lifers", and a lot of them should have been let go. When seniority becomes more important than merit, then you have a screwed up situation.
If you think Mortgage companies should be kinder and gentler, then start your own mortgage company, do business that way, and see how long you stay in business. If you do stay in business, then you'll soon dominate the industry b/c who would do business anywhere else?
The question is, do you think mortgages should exist? If so, then you should be happy with the status quo or else start a company that is able to profitably provide a better service. Don't just sit there and complain.
If you don't like hiring/firing practices of existing businesses, then start your own business and be truly loyal to your employees. If you are, then people will want to work for you and you'll have your pick of the top talent.
It really sounds to me like you'd rather be running your own business. Being an employee isn't for everyone.
BTW, one thing I've learned about people in the workplace: Second rate people hire third rate people because they think it will make them look good. Thus, those second rate people will often avoid hiring a first rate person because they are afraid he/she will make them look bad. It's important to find a company full of first rate people (who hire each-other).
Amazing magic tricks
Its a complex situation.. This interview is with Sunny Zhou, an IT student in Dalian, China It's from a blog at http://www.sinosplice.com/~dezza/ (I have no connection to these people..)
Real Chinese Interviews #2: Sunny Zhou
Name: (Zhou Yue) / Sunny Zhou Hometown: Dongfeng (population: 500,000), Jilin Province Age:21, born in the year of the Dog, 1982 Education: Sophmore-Class of 2005, Information Technology major, Neusoft Institute of Technology
About Sunny Zhou:
Sunny is another one of my star students. She is a very keen student of English and although often shy at times in conversational situations, she is still very enthusiastic. Before she was in my class, Sunny wasn't enthusiastic about learning English but since September she has been very interested in all things English. This is one of the reasons why I love to teach English in China, because of great students and friends like Sunny.
RCI: Describe yourself.
Sunny: I am a Chinese college student. Last year I received the school's admission. In college, I am learning IT and Business Management. I like this major so I came to Dalian and learn last year. My mom has supplied me from when I was born until now. I am ashamed of this. 18 years old is an adult in China. But I can't get independence and I must use my mom's money. But in China most of the person as young as me the same as me. All my schoolmates do like this.
RCI: What are your hobbies?
Sunny: After school, I often surf the internet. Most of the websites are about music and IT.I often read blogs, both English and Chinese. I am interested in what people real think in their real life. I like my foreign teacher's blog best. From reading his blog I can know what his thinking when he living in mainland in China and read the native English articles can improve my English reading skill. Very fun to do. Most of the day off I was in the room and surfing on the internet. Sometime I went to the seaside or Xinghai Square. Dalian is a beautiful city to visit.
RCI: As a college student, do you have an optimistic or pessimistic view of the job market after you graduate?
Sunny: Now I don't think I can find a job easily after I graduate. China has so many undergraduate students every year. Last year there were two million six hundred thousand undergraduate students of all kinds of callings. And every year the colleges enlarge the number of recruit students. I don't know when I graduate what will be the situation and what kind of the person does the job market need. Competition is very severe in China. Because China has so many people. I think IT is a hot calling now, that's why I choose to learn it. I think IT has a bright future. Maybe the undergraduate students learning IT can find a job easily then other ones in China. I think in the future the world is an internet world so IT is very important. Whatever the situation is, I think as an undergraduate student I must be good at one skill at least. I hope to be able to write HTML, JavaScript, make FLASH, ERP, CRM, etc. The IT industry is changing everyday so I must study hard, follow the steps, or else I will be washed away.
RCI: Do you like to study English? Why or why not.
Sunny: Now I really like to study English. Why do I say this? Because I studied English for passing all kinds of exams at last. But why I am interesting in it and I know if I can speak pretty good English I can get a job easier than the other people who can't in China. English is more important than before. When I met Derrick (my foreign teacher) I learned what is the real English. I can learn something in the oral English class that isn't in Chinese-teacher taught grammar English class. That's why I like English especially ora
You're obsolete. Useless. You have no future. Why wait? Leave and make room for a new generation. The time has come.
Well, popular or not, I can tell you that quite a few co-workers expressed similar feelings on the salary issue. I certainly wasn't the "lone exception".
IMHO, there's a serious double-standard going on with regards to pay. People act like what they earn should be a highly-guarded secret, yet the same folks who are most concerned about this buy conspicuous, high-ticket items to show off their wealth. (EG. You don't *need* a new luxury sedan to get to and from work. A cheap Chevy or Ford would do just fine. But then, it wouldn't have the "impress my friends/acquaintances" factor... the "look at me - I'm really going places!" look of a new BMW or Lexus.)
By contrast, ask any retail, fast-food, or low-level factory shop floor worker what their co-workers make, and they're very likely to know almost the exact numbers. It's no big secret to them.
I think the "salaries should be kept confidential" idea is a company policy and most employees are willing to go along with it.
It's basically the law of supply and demand. You could have got X, but you were willing to settle for Y. Some people play the gambit of threatening to quit, and these people get paid more. (But sometimes their employer will call their bluff.)
-a
I work as an analyst/auditor for a large IT outsourcing company.
While I would admit that our salesforce does largely pitch our services on the basis of cost savings, it is usually the CFO of the client's companies who ask us who much can we save them in EFT (Effective Full-Time) headcount.
When doing solution design, I usually look at improving the overall level of service to be provided, rather than how many people could be sacked.
In many cases the reason we are able to improve the service offering at a lower price is due to process and procedures, combined with best-of-class technology. We often take on board the staff from the client site, retrain them so that they can use the newer technology and give them opportunities to move between client sites or move into management positions if they wish.
cheers
Sara
a Macgrrl in an NT World
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Unless you know how a replacement could do the job without knowing all the passwords etc etc?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
But they've got as much chance of ending up running the show as the geeks have. Which leaves a clear field for the bastards.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I wuold agree with the parent post that reviewing slashdot (though not for five hours as the grandparent post "suggested") on a daily basis is a good thing. That it shows that you are tracking the risks and threats in the environment at large.
This is pretty off-topic, but Walmart is primarily an IT organization. Their success is entirely attributable to a giant room full of computers that manage their just-in-time sourcing and delivery logistics. The rest is just commodity stuff, largely indistinguishable from any retailer in a similar market position.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
Companies do not have any obligation to employ someone for any length of time.
Completely missed the point.
In the past people did hold jobs longer. I've worked for one company that had a lot of "lifers", and a lot of them should have been let go.
Sure. They've been at their job too long, so throw 'em out and take their houses and retirements.
When seniority becomes more important than merit, then you have a screwed up situation.
Yeah, lots of foreclosures.
The question is, do you think mortgages should exist?
Yes. I think careers should exist too.
BTW, one thing I've learned about people in the workplace: Second rate people hire third rate people because they think it will make them look good. Thus, those second rate people will often avoid hiring a first rate person because they are afraid he/she will make them look bad.
Imagine that!
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
i was replaced by outsourcing nearly 4 years ago. after mos of trying to get work i turned things around and contacted the outsourcing company that had replaced me and asked them for a job. sure i had to move to Eastern Europe and i really miss the USA, still it beats being unemployed. cost of living is cheap, i get paid much more than most other folks here, there are tons of really, really hot girls to go around -- i couldn't even get a date before i moved here and now i pick and chose as i want. consider the alternatives :)
James
yep
I know this is going to be WAY below everyone's threshhold, but what we (sysadmins, programmers, network security people) need is a real professional association to advocate for us. Something like what the AMA does for doctors. Right now most of the "associations" out there seem to be either vendor dominated educational efforts or pilot programs for organized labor. There are enough of us who still have jobs and make decent money to fund something like this. If anyone knows of a legitimate association that advocates for tech employees I'd like to know. I for one am ready to join up and be heard.
There are so many aspects to SafariShane's posting I'm at a loss as to where to begin, so I'm just going to grab a piece and start pulling.
... twice ... and you know how that story ends.
:-) :-) :-)
I've been 'a security risk' so many times now that I'm considering having it put on my personal business cards. I know how things fit together and that system knowledge absolutely *terrifies* people who have their position based on political skills. This is the root of many of the 'wrongful discharge' posts - I suppose most of them are ethically wrong, but don't imagine that the world is going to change for you; in my eighteen years in the business it has become more sleazy, not less.
The best revenge is getting a better job next week. The second best revenge is an employment attorney - if they jacked you around on vacation, sick pay, the cause for your firing, etc get yourself a bloodsucker and attach aforementioned parasite to their bottom line. I've hired an employment attorney twice in the last nine years and I should have done it more than that - if your boss is an underperformer and you know this to be the case its the number one way for him/her to 'achieve visibility' at a higher level.
I don't think an underperforming boss is the case here. Get with some acceptance of your fate. Everyone and their incontinent cocker spaniel mix is a security expert post 9/11/01 and they're all bending the ears of any clueless suit with purchasing power that falls into their clutches. Ever hear of HIPPA? This little beastie fills the same ecological niche that Windows 3.0 did in the early 90s - it is full employment for anyone who can fog a mirror while breathing those letters.
What sort of ADP audit did this financial institution have to have on an annual basis? The poster might have been doing a wonderful job on port filtering but missing *dozens* of nonsystem related security issues - there are a great many things in the CISSP certification that *aren't* common sense to a guy with a screwdriver and a packet filter.
As you move on in life you'll find more and more sleazy stuff like this - I've seen all of the following in the last ten years:
Meth head PC tech employees setting up skilled contractors to be fired for equipment theft. Happened half a dozen times, crapping on the careers of half a dozen decent network admins before they finally figured it out. No, I didn't get an apology letter later.
Vendors without a lick of sense selling stuff that doesn't exist to suits with even less sense after labeling me incapable, then aforementioned suits getting on my ass for being unable to work on nonexistent solution they bought. This one has a happy ending - employment attorney put the fear o' god in 'em back when, and I now regularly abuse that vendor for being flighty and incompetent and it works. They'd like to kiss and make up but I tend to hold grudges.
Drunk help desk chickie sleeps with old director of network support department. Drunk help desk chickie doesn't like me. Out the door I go after Director Dicklips contacts my boss and puts the pressure on him. This particular meat grinder ate up four different WAN engineers in twenty one months and this was before the internet boom and not in Silicon Valley nor anywhere close to places where employment churn was so high.
There is just a snippet of cold comfort in all of this. Companies that breed for less threatening(to suits) employees on the inside are often much more focused on internal politics than servicing their customers. After a few rounds of 'selective breeding' they have cubicles full of the people who don't do anything without asking permission
Go to a startup and take your paycheck directly via running a bloody trench right up the middle of their market share - hard to do with a financial institution, but you get the idea - I've started doing this in lieu of the employment attorney and its *much* more painful to the previous employer
I am very easy to get along with, but I don't have time to waste being nice to people who are being stupid. -Theo
Corporations are groups of folks who get together and come up with an idea for how to make money. They're a lot like other community organizations such as 4H, The Lions Club, etc. A corporation is quite simply an organization designed to make money. There are other organizations, such as 4H, the Salvation Army, Lions Club, The Shriners, Bowling leagues, etc., that are not designed to make money.
Corporations are just entities owned by a group of folks (shareholders) who are just like you and me. The corporation exists to make the shareholders money, not so that employees can get or keep a mortgage.
It might be smart for a corporation to create a strong incentive for employees to be highly productive (such as a good salary), and employees may decide to spend that salary on a house, but that doesn't mean that the employee deserves to have that salary paid indefinitely just because of the mortgage.
I think what you're looking for is called communism.
Amazing magic tricks
Corporations are groups of folks who get together and come up with an idea for how to make money.
You're kidding.
The corporation exists to make the shareholders money, not so that employees can get or keep a mortgage.
Excuse me. Corporations are artificial business constructs given their status by the states in which they are formed. Corporations should exist to serve the public good, just like the businesses that start them.
It is not the function of business, whether it be a corporation or otherwise, to simply "make money." This is a myth. The function of business is to serve its customers.
Corporations have existed for some 400 years, and it wasn't until just recently that blow-dryed assholes with wire-rimmed glasses, four-figure car payments and aluminum-clad cel phones discovered that they could stuff their own pockets with the proceeds of haphazard, short-term hiring practices designed specifically to obliterate their employee's dignity, and turn people into interchangeable commodities.
It might be smart for a corporation to create a strong incentive for employees to be highly productive (such as a good salary),
It might be smart for a corporation to stop wasting so much shareholder money on churning the org chart every two years too. That costs a fuckload more than whatever meager salaries they might be paying.
and employees may decide to spend that salary on a house, but that doesn't mean that the employee deserves to have that salary paid indefinitely just because of the mortgage.
They do if they are doing a good job. If a business is going to hire someone, they ought to make a fucking commitment. The same FUCKING COMMITMENT they make to the BUILDING OWNER when they SIGN THEIR FUCKING LEASE.
I think what you're looking for is called communism.
Yes, of course. Anyone who thinks employees shouldn't have eight gallons of wet shit dumped on them every couple of months is a communist.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.