As published in the September/October edition of InfoSecurity Professional Magazine
By Deborah Johnson
Advice on how to mitigate a sudden job loss due to redundancy, recession or ‘rightsizing’.
Diana Contesti was a business continuity planner at a major steel manufacturer in Hamilton, Ontario, when a recession hit the Canadian steel industry in the early 1990s. The economic contraction forced companies to cut jobs.
Her employer called it “rightsizing” when leadership announced it would cut approximately 3,000 positions. The layoffs were based on seniority by department, and based on that criterion, Contesti knew she was out.
“I was extremely worried. I’m a single mother and all those fears, ‘Oh, my God! How am I going to feed my kid?’ kicked in.”
For years now, a growing global cybersecurity workforce shortage and robust economies have left information security professionals with a strong sense of job security. Still, companies merge, an industry contracts, an organization realigns its focus. That’s when your job may be in jeopardy and, depending on where you live or work, a comparable position elsewhere may be difficult to come by.
If you were to find yourself “downsized,” “rightsized,” “redundant” or any other euphemism for being forced out, would you be prepared?
In Contesti’s case, after her initial panic, the CISSP says she “took a step back and said, ‘I have two degrees. I have skills.’” Those skills came into play. An opportunity arose when the same company decided to create a centralized information security system. “I understood risk and risk management. I was fortunate that I had some skills that led me into the position,” she says.
‘I FIGURED SOMETHING WAS UP’
Another (ISC)² member with experience surviving a downsize is Glenn Leifheit, CISSP.
Leifheit was a member of the internet architecture team at his company when he began observing layoffs throughout the organization. Despite three years in his role, the job cuts left him unsettled. “There’s kind of that pit in your stomach as to what the hell’s going on,” he recalls.
It quickly became clear that his team was being disbanded. “I was nervous. I was frustrated.”
Throughout his tenure, Leifheit had developed additional skills, as well as strong relationships. “I had a little birdie chirp in my ear” that there were opportunities ahead. After a very short interview with the CISO, Leifheit got the new job before he officially lost the one he had.
“Yes, my technical skills played a big part in it, but it was the fact that I had the people skills to work through a seven-minute interview [and] was able to adjust to the adversity that was going on behind the scenes.”
Based in the Seattle area, Leifheit is now a senior security program manager for Microsoft’s Customer Security and Trust team.
‘I THOUGHT GREAT WORK WOULD BE REWARDED’
“It was like I was stabbed,” recalls executive and career coach Joan Tabb when she lost her job as a marketing executive for a major Silicon Valley computer networking corporation in the early 1990s. By then, she had many successes that she believed would inoculate her from a layoff.
“I was ranked No. 1 in marketing in this huge corporation I was in, so I thought I was sitting pretty.” Little did she realize that when her company merged with another computer networking organization, her job was at risk. “So when I was taken into that little room and told my job was eliminated, I was shocked.”
Political savvy “to see how the winds are blowing” is crucial, Tabb says. “I have to say, as smart as I was, I did not have political savvy.”
Now an author, blogger and career coach in the San Francisco Bay Area, Tabb helps others advance or change their careers.
THE ‘R’ WORD
Since the global economic downturn in 2008, the tech sector has grown steadily as innovations in data storage, security and applications have flourished. “The companies that … came out of it relatively unscathed were a lot of the software companies that were offering cloud and software as a service (SaaS) subscriptions,” says John Freeman, vice president of Equity Research at the Center for Financial Research & Analysis (CFRA), a global investment research company.
The U.S. Bureau of Labor Statistics estimates that employment of computer and information technology occupations will grow 13% from 2016 to 2026, faster than the average for all occupations, adding about 557,100 new jobs. The sectors hiring the most: cloud computing, the collection and storage of big data, and information security.
Several nations, including the United States and Australia, have experienced long stretches of economic growth in recent years (almost three decades for Australia). This has many wondering when the next recession will come, and how severe it may be. The National Association for Business Economics released a survey earlier this year in which 77% of the 281 respondents “expect an economic recession by the end of 2021.” But an economic downturn can happen quickly, and sooner, based on geopolitical events or market jolts, such as the collapse of the U.S. housing market that set off a global financial meltdown in the previous decade.
The technology sector can weather a potential economic storm, according to a published report by economists at the BCG Henderson Institute in the April 2019 Harvard Business Review. “Technological progress will not stop during a downturn; neither, therefore, can companies afford to put their digital change agendas on hold.”
But as we’ve seen, businesses can refocus priorities, companies can be bought or sold. Any of these changes can eliminate jobs. Here is some expert advice on how to hold on to employment during economic upheaval.
- Be Prepared and Don’t Panic
“You should always be ready for something to happen,” warns consultant Ted Demopoulos. “Often, we’re blindsided by downturns, whether it’s in the economy or our employer.”
Demopoulos is an information security veteran with 30 years of experience and says every professional should maintain an updated resume and/or CV and LinkedIn profile.
The way to stay at the top of your game is to be both technical and strategic, advises Deidre Diamond, founder and CEO of CyberSN, the cybersecurity job network. “People who are both technically hands-on and also possess leadership qualities and problem-solving skills are the ‘purple unicorns.’”
And start planning now how you’ll earn those skills, she adds. “Don’t just wait for something to happen.”
Despite her initial shock and fear, Diana Contesti says she didn’t freeze. “Was I angry? Yes, I was angry for a day or two. But you have to shake it off and move on.”
Even though her company was downsizing, she had the skills to fill the newly created security position. “I was in the right place at the right time.”
- Network (Yes, It’s Who You Know…)
Don’t expect your skills and technical prowess to speak for themselves. You need to get in front of people to be noticed now. “The majority of people find jobs by networking,” Diamond says.
“Most [jobs] come from personal contacts or contacts of contacts,” Demopoulos concurs.
Staying connected takes constant effort, admits Tabb. “You’ve got to keep your network working by attending professional associations, keeping up with colleagues, people you used to work with, managers you used to have, people who know you do good work.”
“But I’m not a people person,” is a common refrain. “Reach out and engage with people,” Demopoulos says. “They may love you, but if they haven’t heard from you in a year … you’re not top of mind.”
Glenn Leifheit’s “little birdie” was a former manager from a previous company, someone he said he’d “be happy to work with again.” In addition, Leifheit took steps to ensure he was comfortable talking to anyone at any level. He joined Toastmasters, the international organization that promotes “effective communication.”
“The decision was life-changing,” he says. “I feel that the trajectory of my career drastically changed.”
- Know Which Way the Wind Is Blowing
Political savvy is absolutely crucial, according to Tabb. Yes, you need to be excellent in your position, but there’s more.
“You need to look beyond the scope of your job. You need to see the winds of change as they’re coming in your industry and your company.”
And ask questions, she adds—lots of questions. “What are the priorities coming up and how can my skill set match those? And to whom are these priorities going to be given? The big budgets? Who should I talk to?”
Diamond sees the importance in knowing how the actual job may be changing.
“People need to stay in tune,” she says. “Pay attention to the marketplace in general, of what’s happening to the function of the roles that we do. It’s not the job that gets eliminated. It’s certain tasks and projects based on technology … or outsourcing. Part of this is knowing how the economy works.”
CFRA’s John Freeman advises looking ahead to the latest applications in security, with an eye to leverage the skills you have. Like automation: “Get yourself up to speed on any of the automation tools. It’s what you want to get control of because it allows you to secure your job.”
Artificial intelligence (AI) and machine learning are also on his list. “Figure out what subset of AI, what specific techniques are being applied on the cutting edge in the specific area you are in.”
There are nearly 3 million information security jobs going unfilled, particularly in the Asia-Pacific region, according to the (ISC)2 2018 Cybersecurity Workforce Study. The study also reports that there will be an increase in corporate spending for security in the years ahead. That’s good news, especially if you work for an organization that has prepared ahead of time for slower economic growth, or even a recession.
If you are feeling the winds of change blowing your way, know that there are opportunities as long as you know how to recognize them—and act on them.