When your skillset becomes a commodity, then all of a sudden those offshore workers start looking quite a bit more attractive to your employers.
* IBM will move thousands of jobs to India and China in an effort to reduce costs. What kinds of jobs? Software and chip engineers. High-paying, white collar jobs.
* Microsoft is creating a customer support center in Bangalore, India, that will initially employ 150 people, but over time will scale to over 1000 jobs. At the same time, Redmond cut 161 jobs from its American consulting services arm, and there are apparently plans to cut 800 more in Texas.
* Sprint considers sending hundreds of IT jobs overseas.
* In the last two years, Bank of America has laid off almost 5,000 workers in technology and back-office positions; at the same time, thousands of those jobs are heading off to India.
But there are much bigger rumblings, approaching earthquake-size. Forrester Research predicts that "at least 3.3 million white-collar jobs and $136 billion in wages will shift from the U.S. to low-cost countries by 2015." More specific to the readers of this column, Gartner estimates that "[b]y the end of 2004, one out of every 10 jobs with U.S.-based IT vendors and IT service providers will move to emerging markets ..., as will one out of every 20 IT jobs within user enterprises."
It's happening to American employees constantly. Jobs are leaving the US for India, the Phillipines, Russia, China, Hungary, Costa Rica, Bulgaria, South Africa, Ireland. In India, a worker at a call center earns about $2,700 each year, while a new graduate with a degree in IT will make around $5,000. A Chinese IT professsional earns about 1/6 of what an American IT worker makes.
The companies named above argue that they have to move jobs overseas due to competitive pressures; as IBM's Tom Lynch, Director for Global Employee Relations, put it, "Our competitors are doing it and we have to do it." However, companies contend that such overseas migrations benefit American consumers as well by keeping prices low and by helping to raise the standard of living in the countries to which they have outsourced, creating larger markets for American products and services.
Of course, none of this is new. My grandfather worked his whole life cutting leather in a shoe factory located in a small town. A few years after he retired, that shoe factory moved all its operations overseas. During the 70s and 80s, manufacturing felt the pain. A decade later, service workers started seeing the jobs flee. Now it's IT workers.
So when are security pros going to get hit?
First of all, the bad news. There are without a doubt many security pros in the numbers I mentioned above. And security pros will undoubtedly lose more jobs in the future. Vivek Paul is the President of Wipro Technologies, a highly successful Indian IT outsourcing company. He makes a sobering observation: "We know how this movie ends. ... If a decade ago we discovered that manufacturing can be done anywhere, in this decade we are learning that knowledge can be learned anywhere."
Let's face it: someone in India can monitor a bank of routers as well as someone here in the U.S., and an individual in Budapest can evaluate and harden a server remotely just as easily as an American worker. In both cases, it can be done a lot cheaper abroad.
It's been years since corporate America even thought that protecting American jobs was a priority; now, it's all about the bottom line. In that analysis, if it saves money to use workers on the other side of the world to perform basic security functions, then a lot of companies, if not most, are going to take advantage of the opportunity to save a few dollars.
Now, some good news. Even companies that are successfully using offshore labor report problems. Chief among them is difficulty communicating with people that don't speak English well or understand American culture. Another big issue is missed deadlines. A key concern that trumps all of these? Trust.
Even in this day and age, in which we have phone-conferencing and email and video-conferencing available to us, those old-fashioned face-to-face meetings are still vital. Smart companies realize that they need to know -- really know -- the people tasked with ensuring the security of their data, their networks, and their systems.
Think about it like this. We're outsourcing to India today, but what if India and Pakistan start lobbing nuclear weapons at each other? What if there's a coup in the Philippines? What if a member of the Russian mafia infiltrates a company in that country?
I'm only mildly paranoid, and I'm certainly not xenophobic. Disasters, both human and natural, can certainly occur in this country. I'm just trying to point out that it's relatively safer to outsource some IT functions as opposed to others. Is security an area of IT that should always be performed by folks halfway around the globe? Which aspects of security? It's a question that every organization needs to spend time pondering. The consequences of a bad decision could be disastrous.
So what does this mean for you? It's up to you to demonstrate the unique value you bring as a security professional to your clients, even if your only client is the company that you work for. You need to constantly emphasize your trustworthiness and your skills, making it obvious to your co-workers and your bosses that you are essential to the safe running of the businesses you're tasked with protecting.
This means detailing what you're doing and, more importantly, how you're benefitting your clients. What are the metrics of success that the people paying you understand? Use a language they comprehend -- techie or managerial, whatever works -- and fill in the details for people. How many attacks did the network receive this week? Which of your brilliant actions helped neuter those attacks? How many patches did you install this month, and what did those patches do for the company (be sure to explain this in words people can understand!). What actions by your co-workers did you applaud for their foresight?
And when it comes to skills, by the way, security pros more than anyone else in IT need to obey the mantra we all know: lifelong learning. These days, if you pause in your skill acquisition and rest on your laurels, you're dead meat. When your skillset becomes a commodity, then all of a sudden those offshore workers start looking quite a bit more attractive to your employers. Keep learning, keep growing, keep expanding your knowledge base ... and let those who pay you know it.
None of this is a guarantee that you won't see your job leave the country, never to come back. Overseas companies are busy building trust as fast -- and as reliably -- as they can. But there will always be a need for a person who can come in to a situation, look the right people in the eye, and assure them, "I know what your issues are, and I can help safeguard you." You need to be that person.
These days, security pros need to balance a commitment to their jobs and a commitment to themselves. We can't be cynical and expect the sword to fall any day, but at the same time, we need to insure that we have a soft spot to land should there be complications. As Ronald Reagan used to say about nuclear weapons inspections, "Trust, but verify." Don't assume that you're going to lose your job to someone in another county, but don't get complacent either.