This week there was an announcement in the news that a security company is laying off some of their staff.
While other individuals and other companies in the same industry might see this as a positive note, personally I do not. Here’s why:
Security, specifically Cybersecurity needs all the help it can get. We can’t afford to lose personnel. Our adversaries do not go through layoffs. They continue to ramp up. They probably do not go through background investigations, and they definitely don’t have the onboarding processes we do in current large companies. Another concern: as a society dependent on IT, we are fantastic at provisioning access to systems, information, and etc. when bringing people aboard and piling on additional duties. However, we are terrible at de-provisioning access when employees have moved on in one definition or another. This leaves gaps that social engineering and targeted attacks are designed to use to their advantage.
Let’s hope that those individuals, no matter what company you work(ed) for; find strong positions that fit their skill sets in the Cybersecurity industry ASAP. The entire ecosystem including industry, customers, partners, consultants, government, etc. etc.; still has ground to make up to stay ahead of our adversaries.