Security is soooo insecure
I’ve read a couple of year end pieces recently (sorry, I haven’t yet gotten into the habit of collecting links for pseudo-interesting stuff as I read) claiming that information security type jobs will be protected from the current economic downturn. The logic seems to go that companies understand that, in order to compete on the Internet, they have to protect themselves more than ever before. So, though they’ll be laying people off in all other sections of the business, they will actually expand their staff in protecting their digital assets.
This is some of the stupidest wishful thinking I have ever seen. Not THE stupidest, but it’s truly dumb.First, it depends on business executives being rational. Second, it depends on business executives actually seeing the difference in something other than dollars between information security and other business units such as HR and sales. But in times of economic stress, business leaders traditionally increase the emphasis on sales, to try and boost that all-important bottom line.
Thirdly, and this one’s a killer, the idea that infosec will increase or at least not shrink along with the rest of the economy depends on business executives understanding the functional difference between infosec and system and user support. In my experience, having done server support and user support, most people think “a computer guy is a computer guy.” They hear that you recently stayed late because of patch Tuesday, applying Microsoft patches to fifty or so servers, and they ask you if you can help them configure Outlook. Or they ask you for advice on picking an internet service provider, or building a web page, or debugging a game they’re trying to write using some library nobody ever heard of (I’m not making this up).
The point is that when people hear you work with computers, they assume you know everything about them and ask about any of a hundred things that have no resemblance to the described activity. To an extent, it’s true that true computer geeks are often generalists with some knowledge of a lot of different areas that HR considers specialties. That’s the way I’ve always been. But that doesn’t mean there aren’t specialities. I’ve done help desk but only because the people whose job it was weren’t around at the time. The people who did it every day were better at it than I was (though I was, of course, very very good!).
The question is, does this generic attitude apply to VPs and higher who actually make staffing decisions? Of course it does. It’s not their job to care whether an Oracle DBA is different from a Cisco configuration expert. No one can remember and understand the exact job description of every single position in even a medium sized business. That’s what middle and lower management are for. And those people, when they are told to cut X amount of dollars, are going to just have to do it. Cutting high-paid specialists and hoping the generalists who remain can take up the slack is the most common method.
Think about it. Your company has seen a slip in sales. Layoffs have been mandated from above. You know that security is important but you haven’t been told to beef up ANYTHING. You’ve been told to cut. So who do you get rid of? The ten year veteran who has installed software all over the place, configured servers and routers both and is known and liked by most of the end users, or the equally highly paid specialist who writes security policies, examines logs, scans systems and does many other important things but doesn’t even know the name of your CRM software or the VP of finance?
You’d rather not cut either but given the choice you cut the guy who is more specialized and hope that the systems that person has set up over the years to monitor and protect your environment can run automatically, at least until your budget goes up again. If it ever does.
No, I don’t think the security jobs are safe. I think the people writing columns saying they are have crafted their arguments to reach a foregone, and completely ridiculous, conclusion.
LinkedIn
Technorati Favorites