On Thu, 16 Aug 2001, J. J. Horner wrote: > I've been wondering lately if we can expect to see an increase > in the number and potency of worm/mass exploit cases now that > the IT market is going into a contraction. I think we'll definitely see increased occurences of bigger, better and meaner worms, regardless of the state of the IT market. I think we'll see more damage done because of the layoffs in the IT area. > If companies are going through layoffs, it isn't unreasonable > to expect that some of the positions being cut are > security/experienced admin positions. A small company with > only a few machines may expect to be able to cut IT staff and > rely on other position holders to take up the slack, i.e. > a DBA now has to admin an IIS installation. I was formerly a Sr. Specialist in the Information Security department of a bandwidth trading company. When they decided to let people go, they axed four of the Specialists/Sr. Specialists in the infosec group, leaving behind one Sr. Specialist, one InfoSec Manager, and one InfoSec Director. Talk about too many chiefs and not enough indians. Shortly after we were let go, a group of Chinese crackers broke in and started causing problems on the network followed shortly by Brazilian crackers. All the "We told you so" and "Ok, but this isn't going to go away" stuff came back to haunt them. What was worse was that the person left behind was completely overwhelmed because it was more work than one person could possibly handle. Fortunately the manager was promoted from within the ranks, so he had the ability to lend a hand. Those of us who were let go felt somewhat vindicated, but it didn't get us our jobs back. I guess the bright side is that we didn't get blamed for allowing the compromise since we were no longer there. I certainly offered my services at the rate of $125/hr to assist them in tracking down the problem, but they did not take me up on the offer. > Is this a feasible concept? How likely are we to see something > like this? Considering the relative lack of knowledge among > most PHBs about security and security professionals, it isn't > unreasonable to expect that someone with an arcane/mysterious > job description is the first to go. I don't know. The company I was working for was one of those energy companies getting into bandwidth trading, and their whole business model is based upon risk management. You'd expect a company that understands risk management to appreciate things like Information Security, but such was not the case. No one truly appreciates InfoSec professionals until they are compromised and need the expertise that an InfoSec professional has to offer. However, this keeps the consulting businesses going, and has allowed me to continue feeding, clothing, and housing my family through unemployment. Regards, -- Joseph W. Shaw II Network Security Specialist/CCNA Unemployed. Will hack for food. God Bless. Apparently I'm overqualified but undereducated to be employed.
This archive was generated by hypermail 2b30 : Sat Aug 18 2001 - 10:36:43 PDT