https://community.isc2.org/t5/Tech-Talk/Complex-solutions-as-job-security/m-p/15195#M493 &gt; ro83 (Newcomer II) posted a new topic in Tech Talk on 10-03-2018 11:49 AM in the<BR /><BR />&gt; I have experienced situations where some people avoid learning new skills by<BR />&gt; producing complex code, configuration, business processes and/or documentation<BR />&gt; to secure their position in the company.<BR /><BR />Obscurity is not security. To put it another way, security by obscurity does not<BR />work. Not in the long haul.<BR /><BR />(Some people may argue this point, but it is basically a generalization and offshoot<BR />of Kerckhoff's Law.)<BR /><BR />(Use of complex solutions as a form of job security is not going to work, either.<BR />Not in the long term ...)<BR /><BR />&gt; Saddest part of it is that this<BR />&gt; mentality is often supported by mid-level managers because finding new people<BR />&gt; can be hard and implementing additional controls like effective code reviews,<BR />&gt; four eye principle etc. can be costly and time-consuming.<BR /><BR />Unfortunately, adherence to this type of principle ensures that the company has<BR />more problems than simply security ...<BR /><BR />&gt; What should be the<BR />&gt; best possible solutions to avoid potential negative impact to the company and<BR />&gt; colleagues in long term?<BR /><BR />They are doomed. With this type of mindset acceptable, I doubt there is much<BR />your can do without a *lot* of time and a significant position of authority in the<BR />organization.<BR /><BR />The best bet for *you* is to find a new company and colleagues ...<BR /><BR />====================== (quote inserted randomly by Pegasus Mailer)<BR />rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org<BR />Capitalism is the astounding belief that the most wickedest of<BR />men will do the most wickedest of things for the greatest good of<BR />everyone. - John Maynard Keynes<BR />victoria.tc.ca/techrev/rms.htm <A href="http://twitter.com/rslade" target="_blank">http://twitter.com/rslade</A><BR /><A href="http://blogs.securiteam.com/index.php/archives/author/p1/" target="_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</A><BR /><A href="https://is.gd/RotlWB" target="_blank">https://is.gd/RotlWB</A> Wed, 03 Oct 2018 17:35:00 GMT rslade 2018-10-03T17:35:00Z https://community.isc2.org/t5/Tech-Talk/Complex-solutions-as-job-security/m-p/15180#M492 <P>I have experienced situations where some people avoid learning new skills by producing complex code, configuration, business processes and/or documentation to secure their position in the company. Saddest part of it is that this mentality is often supported by mid-level managers because finding new people can be hard and implementing additional controls like effective code reviews, four eye principle etc. can be costly and time-consuming. What should be the best possible solutions to avoid potential negative impact to the company and colleagues in long term?</P> Wed, 03 Oct 2018 15:49:24 GMT https://community.isc2.org/t5/Tech-Talk/Complex-solutions-as-job-security/m-p/15180#M492 ro83 2018-10-03T15:49:24Z https://community.isc2.org/t5/Tech-Talk/Complex-solutions-as-job-security/m-p/15195#M493 &gt; ro83 (Newcomer II) posted a new topic in Tech Talk on 10-03-2018 11:49 AM in the<BR /><BR />&gt; I have experienced situations where some people avoid learning new skills by<BR />&gt; producing complex code, configuration, business processes and/or documentation<BR />&gt; to secure their position in the company.<BR /><BR />Obscurity is not security. To put it another way, security by obscurity does not<BR />work. Not in the long haul.<BR /><BR />(Some people may argue this point, but it is basically a generalization and offshoot<BR />of Kerckhoff's Law.)<BR /><BR />(Use of complex solutions as a form of job security is not going to work, either.<BR />Not in the long term ...)<BR /><BR />&gt; Saddest part of it is that this<BR />&gt; mentality is often supported by mid-level managers because finding new people<BR />&gt; can be hard and implementing additional controls like effective code reviews,<BR />&gt; four eye principle etc. can be costly and time-consuming.<BR /><BR />Unfortunately, adherence to this type of principle ensures that the company has<BR />more problems than simply security ...<BR /><BR />&gt; What should be the<BR />&gt; best possible solutions to avoid potential negative impact to the company and<BR />&gt; colleagues in long term?<BR /><BR />They are doomed. With this type of mindset acceptable, I doubt there is much<BR />your can do without a *lot* of time and a significant position of authority in the<BR />organization.<BR /><BR />The best bet for *you* is to find a new company and colleagues ...<BR /><BR />====================== (quote inserted randomly by Pegasus Mailer)<BR />rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org<BR />Capitalism is the astounding belief that the most wickedest of<BR />men will do the most wickedest of things for the greatest good of<BR />everyone. - John Maynard Keynes<BR />victoria.tc.ca/techrev/rms.htm <A href="http://twitter.com/rslade" target="_blank">http://twitter.com/rslade</A><BR /><A href="http://blogs.securiteam.com/index.php/archives/author/p1/" target="_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</A><BR /><A href="https://is.gd/RotlWB" target="_blank">https://is.gd/RotlWB</A> Wed, 03 Oct 2018 17:35:00 GMT https://community.isc2.org/t5/Tech-Talk/Complex-solutions-as-job-security/m-p/15195#M493 rslade 2018-10-03T17:35:00Z