Slashdot Mirror

← Back to Stories (view on slashdot.org)

Replaced by Outsourcing -- What's a Geek to Do?

Posted by Cliff on from the disturbing-trends-in-the-market dept.

SafariShane asks: "Yesterday I was fired from my position as 'Network Security Analyst' from a financial institution. I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.' At the time, I thought a vulnerability assessment of our network was a good idea, but in retrospect, it occurs to me that this company, who's other product is 'Outsourced Network Monitoring and Intrusion Detection' may pull this little trick everywhere they go. Has this happened to any other network security folks out there. Does anyone know if this is a common practice, and what's a geek to do if they find out a 3rd party assessment is on the way? If this happens again at another institution, should I just start polishing my resume right away?" Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay? For those of you who feel the threat of Outsourcing breathing down your neck, what are you doing to try and stay in your current job, or even in this current market?

"Here comes the obligatory South Park reference:

  1. Perform Network Vulnerability Assessment
  2. ?
  3. Profit! (Sell Outsourced product)
Looks like they came up with an actual step 2:
Label anyone who is responsible for network security as the risk, and get them fired.
I wouldn't even dream up the above situation, except that when the assessment was done, all results were hidden from me. The company presented the results not to the geeks that can interpret them, but directly to the executives that still think 'Clippy' is a great product.

I'll also note, because people will ask me anyway, if there were other problems. In my year on the job, there was only 1 network intrusion: Welchia, which was contained in twenty minutes. Anyone familiar with Welchia will know that it is no easy task. I was never reprimanded for anything. In fact, I received a 12.5% raise only two months ago for job performance.

I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.

I'd like to hear comments from folks this has happened to, and what did you do as a result?"

17 of 1,166 comments (clear)

  1. Ask the Headhunter by jdavidb · · Score: 3, Informative

    I can't recommend Nick Corcodilos' Ask The Headhunter enough. This advice is just wonderful, either for getting a new job, or for showing your worth to your current employer. It takes a little bit of mental adjustment to accept what he says (and it may be a bit scary), but he is absolutely right about how to go about it! The problem we in IT face right now is the feeling that our worth is going down as many of us are replaced through outsourcing and foreign labor. Brush up your skill set, but most importantly, learn how to apply your talents to solve real business problems in terms of dollars and you will never doubt your worth (nor will your potential employers).

    ATH's advice is great. Be sure to get the book, read as much of the website as possible, and subscribe to the weekly newsletter. It's the only HTML mail I receive every week that I actually look forward to and enjoy reading.

    --
    Secession is the right of all sentient beings.
  2. Re:Editor's comments by nate1138 · · Score: 4, Informative

    I don't know about that. If I could work from home, I could get rid of one of my cars (no public transit where I live at all) and all the associated expense. That would easily make up for a 20% pay cut (between the payment, gas, insurance, maintenance, etc). I think it would also be VERY appealing to those of us with children and two working parents. Get to work from home and be there when the kids get back from school. It doesn't apply to everybody, but for some folks it may be an option.

    Now if they tried to send me home at half pay, fuck em. I'll take the money and find a new damn job.

    --
    Where's my lobbyist? Right here.
  3. Why wait until you're out of a job? by Quarters · · Score: 3, Informative
    ...should I just start polishing my resume right away?

    It always confuses me why people don't keep their resume up to date at all times. It's much easier to ammend your resume as you are doing things than it is if you wait until you need it quickly and then have to rack your memory to dredge up the things you did over the past x years.

  4. Outsourcing wont be here for long.. by cOdEgUru · · Score: 5, Informative

    Trust me, I manage a project which is outsourced and currently employs 3 software engg offshore.

    The pluses -

    (1) Benefit in terms of costs. Well they bill us 30 bucks for a software developer where here I would assume it will be around 60.. Whoopee doo..

    (2) The supposed 24 hour day where your team onsite would plug 12 straight hours and your offshore team would plug in another 12 hours, therefore giving the client the impression that his project was worked upon for 24 hours..

    (3) Now that implementation is made seperate and outsourced, the client just needs to focus on the business aspect and the designm therefore having more time to themselves to focus on issues that need attention

    Minuses

    (1) Cost is not that much better. Quite soon, firms will try to up the prices and then you will lose the benefit in terms of cost

    (2) The 24 hour Day - Its quite different from what you are led to believe. Mostly both teams would take a couple of hours everyday trying to understand what the other has done, interact and to a certain extent, also play the blame game.

    (3) The client would find himself being pulled more often back in to the implementation and design, since his offshore partner cant understand the design or has a "better" design. Chaos ensues.

    Mostly from my experiences, what makes all the difference is the people who are developing this offshore. If they are intelligent enough and has good communication abilities, then you have a success story. If what you have is a guy who did a 14 day java crash course and has one year experience in plugging java code in to Helloworld.java, then you have an absolute wreck waiting to happen. It happened to me, I had two stupid asses with whom I spent 3-4 hours every night trying to drill in, the architecture, the requirements, the implementation details. And then I would wake up in the morning and they would have probably coded 10 lines and sent two emails with questions which either are stupid or should have been asked the night before. So what you have is two asswipes who just billed you for 16 hours and turned out 10 lines of code, of which 9 you will probably rewrite and a bunch of questions which doesnt amount to nada.

    I dont think that any firm who is currently doing outsourcing has thought about the actual implementation through and through. They are all given rosy pictures of intelligent professionals back home plugging away on their keyboards churning out code that works on the first try.

    More so, in a few years, the real picture would come out where probably 10% outsourcing actually churned out something positive and the rest 90% lost money, less money in fact, on projects which had no direction, no able offshore partner and a bunch of developers who doesnt know the difference between a class and an object if it kicked them in the ass with it.

    Sorry I just had to rant, since I spent a better part of my night trying to work with some idiots and two days ago I kicked them out of the project. And in a combined 300 hour period, they coded two classes, and the style of coding will make you puke.

    --
    Rapid Nirvana
  5. Re:What's good for the goose is good for the gande by Glonoinha · · Score: 4, Informative

    Yea that would be a bad idea. A better idea would be to be helpful, like those guys that list all the Microsoft vulnerabilities in a public forum so Microsoft will be able to fix them right away.

    So how about listing on slashdot all the passwords, usernames, maybe the list of salaries of all the employees, ip addresses of back doors, list all that crap here for us and we will politely help the company get back on track to super-security awareness.

    Seriously though, sorry to hear about what happened. Wonder what field the next 'boom' is going to be in ... maybe we can get a head start.

    --
    Glonoinha the MebiByte Slayer
  6. The other side of the story. by Maradine · · Score: 5, Informative

    Coming from the standpoint of a security auditor in a firm that specializes in Managed Security Services, let me lay a couple of things down in our defense.

    1. Security firms are told to audit against a certain set of criteria when the audit, be it GLBA, HIPAA, or one of the open security standards. Our work only identifies human security risks in process and policy, not people. If you were individually and specifically labelled a security risk, you should demand to know why.

    2. The firm's auditors likely had nothing to do with the loss of your job. Rather, it was your management. Managed Security Firms have two sales models: Unfunded Risk, and Savings. My guess is that their sales team was working on the Savings principle and presented a more cost effective security solution. Your management team decided that cost savings were more important than your job. I hate being a catalyst for that kind of change, because I don't like seeing good people get laid off. Most of our clients use us as a supplement, rather than a replacement. I wish it always worked that way.

    3. You lost your job. But we're hiring, and we have a hell of a lot more fun than should be legal. Jobless security professionals and analysts, feel free to reply.

    --

    trustedworlds.net - gaming, security, and the gunk that lives in between

  7. Re:One word: by bleh-of-the-huns · · Score: 3, Informative

    There are many states in the US where they cannot fire you without a valid reason. They can terminate your employment (layoffs etc) for no reason but then they have to provide you with severence (usually about 2 weeks, but sometimes more), and you can still collect unemployment. Getting fired is different, your basically screwed, but in those states, they must provide a reason, for both laying a person off or firing, and it must be valid. (in the former, a simple financial troubles excuse can get you layed off, but it is still a reason).

    In places like Virginia, DC and Maryland (I think MD), these are Right to work states, meaning, they can terminate your employment for breathing in the wrong direction, and they dont even have to tell you why.

    --
    I came, I conquered, I coredumped
  8. Re:And then get arrested, convicted... by The+Good+Reverend · · Score: 5, Informative

    For those who don't know, this is a line from the movie "Office Space".

    If you haven't seen it, you should. It's really a very funny look at office politics and lost jobs.

  9. Well... Sorta! by Chordonblue · · Score: 3, Informative

    But the flipside of this is that you could end up with total incompetence in the workforce. That's fine if it's a janitorial position, but would you really want a dumbass to keep his/her job handling various functions in a nuclear reactor? What about in a financial institution you belong to?

    Recourse IS available for those who qualify. I was fired unjustly from a company 15 years ago, believe me I know. I went to the employment board and filed a grievance. In 30 days I had the choice of getting my job back or taking a settlement - I took the settlement.

    YOU don't know the full story in this situation either. Maybe a major security breach was found that the author of this article didn't know about. Maybe his company was looking to 'pare down' their IT staff anyway. My point is that in the U.S. shit can and will happen, but I believe the system works itself out. Not perfect, but then neither is a 75% tax rate under socialism.

    --
    "...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
  10. Re:One word: by CountBrass · · Score: 3, Informative

    Uhm excuse me but that's not true.

    The world is not the US. Where I work if you've worked somewhere for 2 years or more then they can't just sack you. In mainland Europe they have evn stronger worker's rights.

    So please, before submitting, remember that /. has an international audience and the US != The World.

    --
    Bad analogies are like waxing a monkey with a rainbow.
  11. Re:Bigot by cOdEgUru · · Score: 3, Informative

    Dude,

    I am as Indian as they get :). I have nothing against any race or any color. And yes, my ex-offshore partner was Indian as well, but that doesnt change the fact that they were incompetent.

    I wasnt issuing a blanket statement about all Indian outsourcing firms. I am merely referring to the fact that most of the firms who indulge in outsourcing are plainly jumping on the bandwagon with nary a thought about its implications in the long run. And hence outsourcing isnt here to stay, it will blow over very soon when firms and managers realize that it makes more sense to have the team onsite rather than having someone do most of the work at night when you arent around to manage.

    And if your offshore partner is a plain schmuck, like was mine, they will shaft you at every step possible, by overbilling you, by working on other projects in the hour they bill you. Believe me, I have been a witness to this and much more.

    --
    Rapid Nirvana
  12. Re:One word: by jdreed1024 · · Score: 3, Informative
    I always love seeing the "unjust dismissal" or "simissal without cause" arguement. Listen up people. If an employer doesn't like your shirt, they can fire you. It's that simple

    Except that it's not. You have to have cause for dismissal in most states, and the employees have to have been informed of the rules and disciplinary procedures and causes for dismissal. You can't even fire someone for being late, unless they were told that being late is firable.

    Layoffs are different, though. You can lay someone off for whatever reason (services no longer required is the common one), but then they get severance packages, or whatever.

    Trust me, I know. I worked in HR for 2 years - we had a lot of turnover, and we'd have to fire people for being late, or not being properly attired (the job required uniforms) etc. And they'd of course file a claim for wrongful dismissal, and then we'd have to send a representative to the dept of labor, and if the rep didn't show up, the employee automatically won. And if the rep couldn't prove that the employee had received the handbook which contained the rules for dismissal, the employee automatically won.

    --
    There is no sig, there is only Zuul.
  13. Re:Red Herring had a different perspective. by geoswan · · Score: 4, Informative

    Yes, the A.C. points to a good article. Now here is link that works.

  14. Re:I don't trust you by Kurt+Gray · · Score: 4, Informative

    I think you're right, part of what's going on here is a cultural divide that exists in many companies between the managers in suits and the admins in the back cubes watching the network. In some offices these two types hardly ever speak to each other: no kinship, no trust, no loyalty. Both parties bear the responsibility to walk across the office and speak directly to each other once in a while.

    My years in sys admin middle management taught me that some admins just don't want to speak the managers in suits. They automatically distrust the management, they resent that anyone who knows less about networking is being paid more and is manager of many departments. They view anyone who meets with management and eats lunch with management as a kiss-ass or someone not to be trusted. This to me is exactly the kind of attitude that holds people back from getting promotions, being recognized, and makes one more vulnerable to becoming a victim of downsizing. If management has no idea who you are and what you do all day then you are effectively nobody to them, you are just another labor expense on the accounting books.

    The easiest way to let management know that you have value is find a problem, and don't just whine about, do a little homework and propose a practical solution along with some numbers as to how much it will cost/save the company. If your department manager is the type of prick who would try to steal credit for your brilliant ideas then walk around his desk and talk directly to his boss about your brilliant ideas... if you have enough of those conversations with that boss you may even find yourself being promoted to replace the prick who stole credit for all of your ideas. Don't be someone who complains all the time, try to be someone who has solutions rather than complaints. Leaders have answers, followers have complaints. Managers value people they can go to for answers.

    So in summary if you make no attempt to talk to management then don't be surprised if they become more comfortable dealing with some out-sourced vendor then they are dealing with you... don't be surprised if someday the managers you hardly ever spoke to tell you to pack up your desk.

  15. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  16. Before suing... by JawFunk · · Score: 3, Informative

    ...I would subpoena the report to see what criteria "surfaced" that convinced his employer to replace him with the new guys. This could win the case for SafariShane, if there were no other "problems" with his history at the company.

    --
    [Please sign here]
  17. Probably redundant but will go ahead anyways.... by CliffH · · Score: 3, Informative

    Personally, as a small home based computer consultant, have been asked to do assessments for companies. I think it's just my general lack of common sense or morals that play into it, but, when I've found holes I can drive a Mack truck through, the first person I have went to is the current admin, showed them what I've found, and helped them fix it. Yeah, stupid buisness decision on my part, but it kept the following intact:

    1) Person kept their job

    2) I consequently got more buisness in doing further checks and consulting

    3) Everyone was happy and the admin was upskilled

    This was a win/win in my opinion. Everyone was kept happy and safe and the admin got some more skill to put under his belt. I just don't believe in fear mongering. If there is a problem, the current admin (if there is one) should be the first to know and given the tools to help fix the problem on the spot. Now, it's a whole different ballgame if it's outsource company against outsource company where there is no true full-time admin involved but we won't go there. :)

    --
    sigs are like a box of chocolates, they all suck remove the underscores to email me