Replaced by Outsourcing -- What's a Geek to Do?

SafariShane asks: "Yesterday I was fired from my position as 'Network Security Analyst' from a financial institution. I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.' At the time, I thought a vulnerability assessment of our network was a good idea, but in retrospect, it occurs to me that this company, who's other product is 'Outsourced Network Monitoring and Intrusion Detection' may pull this little trick everywhere they go. Has this happened to any other network security folks out there. Does anyone know if this is a common practice, and what's a geek to do if they find out a 3rd party assessment is on the way? If this happens again at another institution, should I just start polishing my resume right away?" Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay? For those of you who feel the threat of Outsourcing breathing down your neck, what are you doing to try and stay in your current job, or even in this current market?

"Here comes the obligatory South Park reference:

1. Perform Network Vulnerability Assessment
2. ?
3. Profit! (Sell Outsourced product)

Looks like they came up with an actual step 2:

Label anyone who is responsible for network security as the risk, and get them fired.

I wouldn't even dream up the above situation, except that when the assessment was done, all results were hidden from me. The company presented the results not to the geeks that can interpret them, but directly to the executives that still think 'Clippy' is a great product.

I'll also note, because people will ask me anyway, if there were other problems. In my year on the job, there was only 1 network intrusion: Welchia, which was contained in twenty minutes. Anyone familiar with Welchia will know that it is no easy task. I was never reprimanded for anything. In fact, I received a 12.5% raise only two months ago for job performance.

I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.

I'd like to hear comments from folks this has happened to, and what did you do as a result?"

Maybe it's time for the technocratic war to begin.

The managers and CEOs of this country have no idea about how to make router connection or how to correct a line of code in their payroll systems.

I'm on call 24x7x365 while the CEO sleeps.

The none technical types need to understand where info power resides.

Easy solution

[IGnatius+T+Foobar]

Easy solution:

Get a job working with an outsourcer. Duh.

"Services" is where the IT business is going. And yes, there are outsourcing companies in the USA and various other non-India, non-China nations. Skilled, flexible talent is very valuable to a services company. And it's satisfying work because you're not stuck with one environment all the time -- you get to play with lots of different customer environments, picking up new skills along the way.

Basically, what I'm saying here is, quit whining. Make yourself a valuable person and you will find employment. And don't rest on your laurels, either: you have to constantly adapt and pick up new skills.

Now I shall sit back and wait to get modded down by the unemployed, disgruntled Slashdot hive mind, but my position on this issue stands.

Re:Easy solution

[haystor]

Yea, become a consultant. You've already got one business in your rolodex that will buy a product from the same person inspecting whether they need that product.

What I'd do is file for unemployment immediately. This would be good to find out if they claim they fired you for cause. In Texas at least, if they want to make that claim, it has to be done in writing which means they would have to commit to those statements. If you wanted to pursue it, you could eventually find out why they say you were fired. Likely they will just take the hit on their unemployment insurance and not contest your unemployment.

If you think that something was a little bit shady, like a manager getting a kickback from the consultants you might try to use your current contacts to feel that out. Unlikely you'll find out anything there but if you do you could be a real bastard about it.

I ran into a situation where I was hired by a business consulting group to do some work they normally didn't do. I had contract signed and everything when they never called back with a start date. After two weeks of expecting a firm date, I called them and they said it was a no go. I suspect they filled the position internally after using me to land the contract. They had accidentally let me know the company they were pitching and it turns out the President of that company is a family friend. All I had to do was ask an uncle to ask this guy over lunch if they had someone doing this job from company xxx. After weighing the possibilities of what I would/could do if I was right, I decided I just didn't want to know and time would be best spent concentrating on a job/career instead of money and time lost. When lawyers get involved the only sure thing is that the lawyers make money.

Things are looking up

[QuackQuack]

I work for a software company. After many months of people having a hard time getting interviews, and very few leaving for other jobs. In the past three weeks, suddenly we had seven people announce they are leaving for new jobs. I have a friend who was recently laid off from another tech company a couple of weeks ago. He's had quite a few interviews already.

Things seem to be looking better out there. New jobs will replace the old ones lost.

the good, the bad, the ugly

[Broadcatch]

I was "outsourced" two years ago and after 25 years of seamlessly moving between companies with never once even writing a resume, I haven't been able to get back into the market.

• the good : I've had lots of time to play with my 2 year old son
• the bad : I've got a family to feed
• the ugly : I'm learning that experience in the industry hurts ones chances te land a job, as we're considered "too expensive"

I've found a few consulting gigs to help, but now I'm moving out of the Bay Area - can't afford to live here anymore.

Re:What's good for the goose is good for the gande

I'd say he should contact his former employer and offer to perform testing of the outsourced security system as a consultant -- after all, he knows those systems as well as anybody else. Then he should try to hack the system -- since he's working as a consultant, it would be legal to do so.

Then when he's able to hack in through the outsourced security system, he should state that the outsourced company's report was right -- a disgruntled former IT person is a big threat, but since he knows the tricks he'll know how to counteract that threat.

I've had this happen. It doesn't work.

[Amiga+Lover]

I was removed from my job where the majority of my team's time was spent monitoring our data centre, and calling in whoever we needed, when we needed, to fix glitches. I was proud of our work, and it's one of the times I truly felt a true "team player" that so many employers are after.

In the space of 3 months, two separate consulting firms recommended our tasks be outsourced. We all lost our jobs, and what comes out in the wash? The outsourced monitoring company is a subsidiary of one of the consulting firms. No surprises there.

Now, my employers have gone from having a small dedicated team who treated their equipment as their very own, to having a useless 'monitoring' company who not only can't detect an outage to save themselves (when the most clueless of managers has needed to contact them to ASK if a server is down when it's been out all night, things are bad) but don't actually do fixes themselves, but re-outsource those also

Last I heard email went out for 4 days. Our worst was a 3 hour fix, which was a combination of intermittent server problems and a backup clean slate machine that failed right after install, so we needed to source and rebuild a box from scratch. The new firm's best time is over a day.

The only thing I like about the whole situation is they're getting what they deserved, and are locked into it for another 18 months. Morals be damned, schadenfreude is fun.

Not just in IT

[The+Tyro]

medicine has become the same way.

Many hospitals are contracting with large national companies to provide physicians services that were traditionally provided "in house." This is most easily done for things like Radiology, where films can be digitized and shipped anywhere in the world to be read by a room full of radiologists. It's also being done (and has been for years) with Pathology services... send your slides and tissue specimens to a big lab to be examined rather than the employing a bunch of local pathologists. Admittedly, there are some economies of scale that enter into the picture... "sending out" can be more efficient.

This is also a big deal in my own specialty (emergency medicine); competition is brutal. There are large national "contract management" ER groups that are constantly approaching hospital administrators with sales people, brochures, and a pitch about their high-quality, lower-cost emergency medicine care. Contracts change hands in ER all the time, which is why a lot of ER docs live like gypsies... if your hospital outsources their ER services, you get fired, and have to find another job (if you live in a smaller area with only one or two hospitals, you can be SOL... time to uproot the family and move.)

How do I/we fight it? Relationships and service. We make ourselves available to the administration to address concerns and problems. We build relationships with the community physicians, so that they KNOW who's taking care of their patients in the ER, and KNOW they can trust us to take care of the critically-ill. We integrate ourselves into hospital committees, and get involved in the community. We implement Quality Assurance and Peer Review to ensure that we're practicing up to the standard of care. It can be a lot of work trying to keep your job (never thought you'd hear a doctor say that, did you?).

In ER, losing your contract/job or not usually has nothing to do with bad medicine... it's failure to "play the game" that sinks you. There may be a parallel here for the infosec geek that was fired... If there's one area where the prototypical "geek" personality probably hurts the most, it's in the eschewing of those critical relationships. It's great to have m4d 5ki11z in the server room... but a little face time with the powers that be could make the difference between paycheck and pink slip...

There's no guarantees, however... even with all my efforts, I can still get sold out if my hospital administrator gets a wild hair, or just plain doesn't like me.

It's business reality for lots of folks, not just IT.

Workers Rights

[Aron+S-T]

Whenever an issue like this comes up the inevitable /. knee-jerk libetarians come out of the wood-work: "capitalism good protection bad" Well maybe some of these libetarians should find out what Adam Smith was really about. His model of capitalism is based in an agrarian society with independent artisans and traders. His idea of a free market is exactly that - where everyone has equal access to market and equal information.

Corporate America has as much to do with the Adam Smith model as the Bolshevist U.S.S.R. It's not even related to Marx' model of capitalism, for in Corporate America, capital is as alientated from controlling the means of production as labor is. Instead, what you have is a management class which calls the shots and enriches itself at the expense of both workers and owners - can you say Enron, Adelphi, Worldcom etc etc.

Sure a worker has the "freedom" to say "fuck you" to his boss and look for another job. In theory. In practice, as the job market shrinks despite the "improving" economy (i.e. the management class being further enriched) those jobs are very hard to come by. So the worker has to bite his tongue as his workload is doubled, as her boss wittles away more and more of her "perks," as the threat of outsourcing is used to bludgeon him into obedience.

Saying to someone "go out and upgrade your skills" is also BS. A friend of mine is in his mid-40s, extremely talented, engineer/MBA out of work for a year and a half. Who's going to hire people in their 40s and 50s, no matter how much talent and experience they have, no matter how upgraded their skills are? And you young 'uns are going to get there faster than you think.

Corporate America demands obedience, makes people work like slaves, uses them, chews them up and throws them out when they no longer are useful. Maybe we should just kill off laid of workers so we don't have to worry about unemployment insurance and welfare?

And no I am not speaking out of personal bitterness. I have a successful consultancy business and work for myself. But even if you believe in ultra-selfishness, a society with many poor, disaffected people is a very scary and dangerous place to live in. This is an issue that effects all of us, not just the laid off.

Re:I don't trust you

My own experience relating to this:

1) Medium to large size business do not trust individuals: only other businesses are trusted. A local Goodwill (yeah, really, Goodwill) used to outsource work to me on a very regular basis. I'd give them plenty of freebies (again, it's Goodwill) along with the outsourced work. Eventually they hired someone to take care of internal matters and the outsourced work finally stopped (he had a gripe with me apparently). The CEO didn't question his judgment because he was moving to Microsoft products and outsourcing to larger companies. It didn't matter that they were paying six times (I kid you not) as much for the same work, their firewall had been removed (the new guy didn't understand how to manage it), and they removed a perfectly stable Linux box in favor of Exchange (easier to maintain for him, but DID go down frequently). None of this mattered. The CEO and kin felt more comfortable with larger businesses despite the problems. They care about feeling better, not about how much they're paying or how often something goes down. They will excuse ANYTHING if they're happy.

2) This (security assessment) is a new tactic from a small group of companies/individuals that have been around for a while. Years ago I handled support for a local ISP. The ISP had (shame on them) sold bandwidth to an adjacent office which was plopped right on the main network (no bridge/firewall/etc). This office had a MUD server which was compromised and made a really great packet sniffer. Account info was snagged and used....by a **network security firm** working out of Canada. They changed a few passwords to get attention, then e-mailed the owner of the ISP with a 'Hey, we didn't do anything but we wanted you to know your setup is easily corrupted. We can supply you with services to prevent this in the future.'. It's like, some kind of dorky geek mafia.

The original submitter could be a dick or a great employee. Either way, it doesn't matter because these security goons are out there and using a much better tactic to get business. It's pathetic, but it's real and there are enough ignorant businesses out there to make it profitable. All the education in the world won't help some employers, they're just too fucking stupid. Maybe the submitter's best bet is to hook up with one of these shitty security firms....join 'em before they beat you out of the market (re: multiple bad security profiles).

Sorry for the long rant...too much coffee ;-)

Re:What's good for the goose is good for the gande

[t0qer]

He should sue the outsourcing company for slander and libel (since they probably handed his employer a report stating he was a security risk)

Of course it all depends on what context he was fired for. Are we getting the whole story here? Did you do any activities that could be considered a security risk?

Re:What's good for the goose is good for the gande

[ToasterTester]

Pointed Haired Bosses don't think that way. At my last job (one of the big 3 ISP's) one of the NT admin's screwed up and opened our one internal systems to the whole world. One of our techs studing security discovered the hole and reported it our PHB. Who came to our SA team to check and confirm. They were more concerned about the tech finding the hole, than the idiot NT admin who screw up an NT securtiy setting. They were insisting on firing the tech. They said opening up our system to world was less of and issue, than a employee sniffing our network, even if he reported it.

I've worked for too many large corporations don't ever think management is going to think logicly.

Re:And then get arrested, convicted...

[theglassishalf]

Well, he could sue them. It's called "slander." If they wrote it down as well, it's called "libel." As a bonus, as part of the trial he could subpoena all the documents related to the case, and find out what they really had to say about him.
Courts tend to look at libel related to employment very favorably. He should contact a lawyer.

Re:What's good for the goose is good for the gande

[Greedo]

Exactly what I was thinking.

Here in Canada, you also can't get fired on the spot (well, not for this). You have to receive at least a verbal warning and/or a written warning first, outlining what it is you are doing wrong.

I don't know what the laws in the US are (or even if you are in the US), but you might want to check with a lawyer. A quick consult shouldn't cost you much, if anything.

Re:What's good for the goose is good for the gande

[h4rm0ny]

If that's possible then yes, he should sue. It might be extremely difficult however.

I have some experience in this as I was fired as a security risk. The cause? I installed a firewall on my PC. The formal letter stated that this could interfere with their network firewall (a Cisco box that was very over-the-top for a small development company of twenty people).

Of course that wasn't the real reason. It was the refusal to work unpaid overtime and perhaps a tendancy to correct my boss that got me out. However, how do I go about getting this fixed in court? No matter how expert I am in IT (and I am quite expert), they can through an 'expert' back at me in court, and how will a judge know the difference.

And aside from that, what would be the charge? I'd already resigned and was working out my notice. The sole result is that any reference from my former employer now states that I was fired for 'Gross Misconduct.' The burden is on me to convince people that it wasn't fair.

A very nasty situation all round.

I wish the poster good luck if he finds a way to sue, but beware of getting into a credentials battle with various "experts," because most courts wont be able to assess your case on the basis of technical details.

Re:What's good for the goose is good for the gande

[ScottSpeaks!]

Revenge? you want revenge? Just sit back and watch as the security for that company gets pummeled.

That's what I did. My former employer of five years spent several times my salary-to-date on consultants from Gartner, who convinced management that everything I'd built was wrong and they should spend my salary for the next five years on Microsoft products. I helped them roll it all out, they showed me the door... and now (from what I hear from a few friends there) they are hurting. {shrug}