Replaced by Outsourcing -- What's a Geek to Do?

SafariShane asks: "Yesterday I was fired from my position as 'Network Security Analyst' from a financial institution. I was pushed out by a 3rd party vendor, who labeled me the major security risk, after performing a 'vulnerability assessment.' At the time, I thought a vulnerability assessment of our network was a good idea, but in retrospect, it occurs to me that this company, who's other product is 'Outsourced Network Monitoring and Intrusion Detection' may pull this little trick everywhere they go. Has this happened to any other network security folks out there. Does anyone know if this is a common practice, and what's a geek to do if they find out a 3rd party assessment is on the way? If this happens again at another institution, should I just start polishing my resume right away?" Here's a question I always wish I could ask managers, whenever the topic of 'outsourcing' comes up: if dealing with programmers overseas is more appealing to the bottom line, why not let your programmers work from home for 50-80% of their current in-office pay? For those of you who feel the threat of Outsourcing breathing down your neck, what are you doing to try and stay in your current job, or even in this current market?

"Here comes the obligatory South Park reference:

1. Perform Network Vulnerability Assessment
2. ?
3. Profit! (Sell Outsourced product)

Looks like they came up with an actual step 2:

Label anyone who is responsible for network security as the risk, and get them fired.

I wouldn't even dream up the above situation, except that when the assessment was done, all results were hidden from me. The company presented the results not to the geeks that can interpret them, but directly to the executives that still think 'Clippy' is a great product.

I'll also note, because people will ask me anyway, if there were other problems. In my year on the job, there was only 1 network intrusion: Welchia, which was contained in twenty minutes. Anyone familiar with Welchia will know that it is no easy task. I was never reprimanded for anything. In fact, I received a 12.5% raise only two months ago for job performance.

I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.

I'd like to hear comments from folks this has happened to, and what did you do as a result?"

Maybe it's time for the technocratic war to begin.

The managers and CEOs of this country have no idea about how to make router connection or how to correct a line of code in their payroll systems.

I'm on call 24x7x365 while the CEO sleeps.

The none technical types need to understand where info power resides.

Things are looking up

[QuackQuack]

I work for a software company. After many months of people having a hard time getting interviews, and very few leaving for other jobs. In the past three weeks, suddenly we had seven people announce they are leaving for new jobs. I have a friend who was recently laid off from another tech company a couple of weeks ago. He's had quite a few interviews already.

Things seem to be looking better out there. New jobs will replace the old ones lost.

Re:What's good for the goose is good for the gande

I'd say he should contact his former employer and offer to perform testing of the outsourced security system as a consultant -- after all, he knows those systems as well as anybody else. Then he should try to hack the system -- since he's working as a consultant, it would be legal to do so.

Then when he's able to hack in through the outsourced security system, he should state that the outsourced company's report was right -- a disgruntled former IT person is a big threat, but since he knows the tricks he'll know how to counteract that threat.

Re:Easy solution

[haystor]

Yea, become a consultant. You've already got one business in your rolodex that will buy a product from the same person inspecting whether they need that product.

What I'd do is file for unemployment immediately. This would be good to find out if they claim they fired you for cause. In Texas at least, if they want to make that claim, it has to be done in writing which means they would have to commit to those statements. If you wanted to pursue it, you could eventually find out why they say you were fired. Likely they will just take the hit on their unemployment insurance and not contest your unemployment.

If you think that something was a little bit shady, like a manager getting a kickback from the consultants you might try to use your current contacts to feel that out. Unlikely you'll find out anything there but if you do you could be a real bastard about it.

I ran into a situation where I was hired by a business consulting group to do some work they normally didn't do. I had contract signed and everything when they never called back with a start date. After two weeks of expecting a firm date, I called them and they said it was a no go. I suspect they filled the position internally after using me to land the contract. They had accidentally let me know the company they were pitching and it turns out the President of that company is a family friend. All I had to do was ask an uncle to ask this guy over lunch if they had someone doing this job from company xxx. After weighing the possibilities of what I would/could do if I was right, I decided I just didn't want to know and time would be best spent concentrating on a job/career instead of money and time lost. When lawyers get involved the only sure thing is that the lawyers make money.

Not just in IT

[The+Tyro]

medicine has become the same way.

Many hospitals are contracting with large national companies to provide physicians services that were traditionally provided "in house." This is most easily done for things like Radiology, where films can be digitized and shipped anywhere in the world to be read by a room full of radiologists. It's also being done (and has been for years) with Pathology services... send your slides and tissue specimens to a big lab to be examined rather than the employing a bunch of local pathologists. Admittedly, there are some economies of scale that enter into the picture... "sending out" can be more efficient.

This is also a big deal in my own specialty (emergency medicine); competition is brutal. There are large national "contract management" ER groups that are constantly approaching hospital administrators with sales people, brochures, and a pitch about their high-quality, lower-cost emergency medicine care. Contracts change hands in ER all the time, which is why a lot of ER docs live like gypsies... if your hospital outsources their ER services, you get fired, and have to find another job (if you live in a smaller area with only one or two hospitals, you can be SOL... time to uproot the family and move.)

How do I/we fight it? Relationships and service. We make ourselves available to the administration to address concerns and problems. We build relationships with the community physicians, so that they KNOW who's taking care of their patients in the ER, and KNOW they can trust us to take care of the critically-ill. We integrate ourselves into hospital committees, and get involved in the community. We implement Quality Assurance and Peer Review to ensure that we're practicing up to the standard of care. It can be a lot of work trying to keep your job (never thought you'd hear a doctor say that, did you?).

In ER, losing your contract/job or not usually has nothing to do with bad medicine... it's failure to "play the game" that sinks you. There may be a parallel here for the infosec geek that was fired... If there's one area where the prototypical "geek" personality probably hurts the most, it's in the eschewing of those critical relationships. It's great to have m4d 5ki11z in the server room... but a little face time with the powers that be could make the difference between paycheck and pink slip...

There's no guarantees, however... even with all my efforts, I can still get sold out if my hospital administrator gets a wild hair, or just plain doesn't like me.

It's business reality for lots of folks, not just IT.

Workers Rights

[Aron+S-T]

Whenever an issue like this comes up the inevitable /. knee-jerk libetarians come out of the wood-work: "capitalism good protection bad" Well maybe some of these libetarians should find out what Adam Smith was really about. His model of capitalism is based in an agrarian society with independent artisans and traders. His idea of a free market is exactly that - where everyone has equal access to market and equal information.

Corporate America has as much to do with the Adam Smith model as the Bolshevist U.S.S.R. It's not even related to Marx' model of capitalism, for in Corporate America, capital is as alientated from controlling the means of production as labor is. Instead, what you have is a management class which calls the shots and enriches itself at the expense of both workers and owners - can you say Enron, Adelphi, Worldcom etc etc.

Sure a worker has the "freedom" to say "fuck you" to his boss and look for another job. In theory. In practice, as the job market shrinks despite the "improving" economy (i.e. the management class being further enriched) those jobs are very hard to come by. So the worker has to bite his tongue as his workload is doubled, as her boss wittles away more and more of her "perks," as the threat of outsourcing is used to bludgeon him into obedience.

Saying to someone "go out and upgrade your skills" is also BS. A friend of mine is in his mid-40s, extremely talented, engineer/MBA out of work for a year and a half. Who's going to hire people in their 40s and 50s, no matter how much talent and experience they have, no matter how upgraded their skills are? And you young 'uns are going to get there faster than you think.

Corporate America demands obedience, makes people work like slaves, uses them, chews them up and throws them out when they no longer are useful. Maybe we should just kill off laid of workers so we don't have to worry about unemployment insurance and welfare?

And no I am not speaking out of personal bitterness. I have a successful consultancy business and work for myself. But even if you believe in ultra-selfishness, a society with many poor, disaffected people is a very scary and dangerous place to live in. This is an issue that effects all of us, not just the laid off.

Re:I don't trust you

My own experience relating to this:

1) Medium to large size business do not trust individuals: only other businesses are trusted. A local Goodwill (yeah, really, Goodwill) used to outsource work to me on a very regular basis. I'd give them plenty of freebies (again, it's Goodwill) along with the outsourced work. Eventually they hired someone to take care of internal matters and the outsourced work finally stopped (he had a gripe with me apparently). The CEO didn't question his judgment because he was moving to Microsoft products and outsourcing to larger companies. It didn't matter that they were paying six times (I kid you not) as much for the same work, their firewall had been removed (the new guy didn't understand how to manage it), and they removed a perfectly stable Linux box in favor of Exchange (easier to maintain for him, but DID go down frequently). None of this mattered. The CEO and kin felt more comfortable with larger businesses despite the problems. They care about feeling better, not about how much they're paying or how often something goes down. They will excuse ANYTHING if they're happy.

2) This (security assessment) is a new tactic from a small group of companies/individuals that have been around for a while. Years ago I handled support for a local ISP. The ISP had (shame on them) sold bandwidth to an adjacent office which was plopped right on the main network (no bridge/firewall/etc). This office had a MUD server which was compromised and made a really great packet sniffer. Account info was snagged and used....by a **network security firm** working out of Canada. They changed a few passwords to get attention, then e-mailed the owner of the ISP with a 'Hey, we didn't do anything but we wanted you to know your setup is easily corrupted. We can supply you with services to prevent this in the future.'. It's like, some kind of dorky geek mafia.

The original submitter could be a dick or a great employee. Either way, it doesn't matter because these security goons are out there and using a much better tactic to get business. It's pathetic, but it's real and there are enough ignorant businesses out there to make it profitable. All the education in the world won't help some employers, they're just too fucking stupid. Maybe the submitter's best bet is to hook up with one of these shitty security firms....join 'em before they beat you out of the market (re: multiple bad security profiles).

Sorry for the long rant...too much coffee ;-)

Re:And then get arrested, convicted...

[theglassishalf]

Well, he could sue them. It's called "slander." If they wrote it down as well, it's called "libel." As a bonus, as part of the trial he could subpoena all the documents related to the case, and find out what they really had to say about him.
Courts tend to look at libel related to employment very favorably. He should contact a lawyer.