Editor’s Note: Ira Winkler, CISO at CYE Security and former Chief Security Architect at Walmart, is a renowned cybersecurity expert and author. His works include “You Can Stop Stupid” and “Security Awareness for Dummies.” The views expressed in this article are his own.
Recent layoffs at Proofpoint, Secureworks, Rapid7, HUMAN, Splunk, and countless other companies make people question the industry. People in the industry bemoan these companies and talk about how unfair they are. Having been on both sides of the issue, I thought I would provide some insight into the layoffs and their unfortunate inevitability.
Before I go on, if you really need a job, unless you have multiple offers, you should take whatever comes along, even if it is a bad company. You need to eat, and your work environment is important, but a secondary consideration.
Differentiating Between Economic Stress and Poor Management
Not all layoffs are alike. Some companies lay people off because they have bad managers who are probably sociopaths. I have been at companies (none listed on my profile) where managers were just bad, over-promised revenue, and fired people for little to no reason, or when their over-promised revenue didn’t come to fruition.
Let’s face it, most people know when they are working in such a company. They know their managers are terrible people who are not achieving goals. You are never safe in this company, and if you are competent, you are only staying there until you find a better position. This is not the majority of the companies.
The other symptom of bad management, no matter how wonderful managers seem on social media, is high turnover. They don’t have to fire people because people they quit at the first opportunity. These managers talk about great work environments and sound like the champions of the employees, but in actuality, they are horrible. Again, if you have the ability, to ask for turnover numbers, ask. Be discerning about your future employer.
The Complexities of Acquisitions
Regarding post or pending acquisitions, such as Proofpoint and HUMAN, they are attempting to make their balance sheets look better. Proofpoint is most likely setting itself to go public again, while HUMAN is potentially positioning itself to be acquired. They are likely going to get rid of people and functions that are expendable, and not likely to enhance revenue.
Many people believe that this is evil, and at face value, it seems that way. I would say that this is fairly straightforward and admittedly, it is a rather Machiavellian attitude. Companies have to do what they have to do for the betterment of the investors and the employees they retain.
Then there are the recent acquisitions. Employees at legacy Splunk, Talon (by Palo Alto Networks), and Dig Security (acquired by Palo Alto Networks) are likely going to experience cuts due to duplicate functions. It is inevitable. Palo Alto Networks and Cisco already have massive sales forces that sell across product lines, and they will not need to retain sales and marketing people specific to the acquisitions.
They might keep some people, who will thrive, but the people who are acquired are at risk. This is a double whammy for many people, as they are not likely to receive what they think is a fair share of the sales price of the company and they will likely lose their stock options not vested.
Then many otherwise good companies are laying people off because sales are not as expected. Frankly, the current economy is rough, few companies are hitting revenue targets and talk of the cybersecurity boom is overblown. Many CISOs have either had their budgets cut, or are anticipating a cut, and holding back on purchases.
Some companies hired based on sales projections that were not realized, such as Dragos, Inc. Dragos is not likely to go out of business but did need to cut back on expenses due to the current circumstances Other companies appear to be seriously cutting back as their existence is in jeopardy.
The Role of Cybersecurity “Influencers”
Many “influencers” are quick to criticize such companies, yet these “influencers” are not out there hiring or managing people themselves. The economy is tough and managing a successful business even in a good economy is still difficult. Companies may have pressure from their investors to cut back, and rightfully so. Whether executives are good or bad at running a business, the reality is that they are doing their best.
Consider the scenario where a company overestimates its revenue. Would it have been better if they didn’t hire in the first place? If they are struggling or going out of business, they frequently have much more at risk than just salaries. Would employees prefer that they didn’t have a job in the first place?
I am blessed to work for a CEO who is extremely conservative in how we spend and hire. While I might sometimes be displeased that I don’t get everything I want, the company is financially stable and performers don’t have to worry about layoffs. I realize that this is rare and understand that there is a potential downside to being slow to capitalize on certain opportunities.
Caution Against Misguided Advice
Other large companies are likewise being impacted by the economy. I can think of several major companies that are reorganizing their cybersecurity teams and are laying off a large percentage. This is tough for them as well. This results in delayed or canceled projects, so vendors are inevitably impacted.
I can go on, but if you’ve followed me for a while, you know that I believe one of the major evils we have in our profession is the cybersecurity “influencers” who love to generate faux outrage of employers who don’t adhere to their delusional version of the industry. Don’t take hiring advice from someone who isn’t in a position to hire anyone.
In the end, yes, there are some horrible, sociopathic managers out there, who are personally responsible for companies failing and employees suffering. Unfortunately, I see a lot of these people move on to other roles. However, in most cases, employees appearing to be treated less than fairly is a legitimate aspect of business.
The Wrap
I am admittedly a bit stoic about the business world. I truly wish that every employee who deserves to be treated well would be treated as well as they want. Unfortunately, even the best managers have to make hard decisions that balance the long-term needs of the business with the needs of individual employees. The business has to come first, or else all employees are at risk.
Again, there are those select individuals out there whose incompetence and sociopathy deserve nothing but scorn. However, in most cases, there are legitimate business drivers that cause the termination of even the best employees.
If people don’t like this, the only solution is for everyone to foresee the future and have a world where people are not hired in the first place. That itself is not reasonable, and stop listening to the “influencers” generating likes through faux outrage. You can be upset with management for hiring too much, but the other option was for you not to have a job in the first place.
