cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ro83
Newcomer III

Complex solutions as job security

I have experienced situations where some people avoid learning new skills by producing complex code, configuration, business processes and/or documentation to secure their position in the company. Saddest part of it is that this mentality is often supported by mid-level managers because finding new people can be hard and implementing additional controls like effective code reviews, four eye principle etc. can be costly and time-consuming. What should be the best possible solutions to avoid potential negative impact to the company and colleagues in long term?

1 Reply
rslade
Influencer II

> ro83 (Newcomer II) posted a new topic in Tech Talk on 10-03-2018 11:49 AM in the

> I have experienced situations where some people avoid learning new skills by
> producing complex code, configuration, business processes and/or documentation
> to secure their position in the company.

Obscurity is not security. To put it another way, security by obscurity does not
work. Not in the long haul.

(Some people may argue this point, but it is basically a generalization and offshoot
of Kerckhoff's Law.)

(Use of complex solutions as a form of job security is not going to work, either.
Not in the long term ...)

> Saddest part of it is that this
> mentality is often supported by mid-level managers because finding new people
> can be hard and implementing additional controls like effective code reviews,
> four eye principle etc. can be costly and time-consuming.

Unfortunately, adherence to this type of principle ensures that the company has
more problems than simply security ...

> What should be the
> best possible solutions to avoid potential negative impact to the company and
> colleagues in long term?

They are doomed. With this type of mindset acceptable, I doubt there is much
your can do without a *lot* of time and a significant position of authority in the
organization.

The best bet for *you* is to find a new company and colleagues ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Capitalism is the astounding belief that the most wickedest of
men will do the most wickedest of things for the greatest good of
everyone. - John Maynard Keynes
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468