Stories of a CISSP: Surviving Layoffs
7:19am - Logged into my bank account to make sure my direct deposit had arrived. There was something weird though, I got paid three times my normal amount! I've heard of this thing before, only rarely is it a mistake. Because most of the time, you just received your severance package.
7:45am - I quickly texted some other colleagues to see if they had the same issue. Phew! They did! But not one particular senior engineer. That didn't make sense. Why would we all get such a large direct deposit and not that person? The feeling that we had all been let go except a single senior engineer who didn't receive the direct deposit was still in the back of my mind.
8:40am - It was actually my day off, I thought I'd take the kids to a park with a lake where they could feed some turtles and maybe kick the soccer ball around. It would be nice to spend time outside while always being in the house and around our neighborhood during quarantine. It's dragging on my mentality guys, but, have to stay strong and vigilant.
9:52am - I receive a call from my manager to attend an important all-hands conference call at work for 10:00am.
"But it's my day off..."
"You're going to want to join this, it might have something to do with the deposit we received today".
I hang up and get a sick feeling in my stomach, I was probably about to get laid off today. !@#$!!
I had to tell my kids that we won't be able to go the park today and that I have to go to work. Little did they know it may be the last time for a while! I ran down to my computer and opened up my work email. I saw the Skype invite and accepted it as by now it was only 2 minutes until the join time.
But, looking at the invite again, my conference call was for 11:00am, not 10:00am.
I pinged my manager directly about it who was already in the meeting, but didn't receive a response until 10 minutes later. He said:
"Hey Luke, we all just laid off. Except you and the other senior engineer. That's why you probably got an 11:00am invite and not 10:00am. Those on the call at 11 did not get laid off."
I couldn't believe what I was reading. I've worked with these people for almost a decade, knew their families, went to conferences together...
"WHAT?!??!?!?!?!?" - Was my only reaction. What else could I say?
Manager went on to say that not only was he laid off along with the rest of the team, but so was the Director and a few of the higher leadership team. Basically the old guard was gone, and the only two the survived was me and the other senior.
At this point, I logged back into work and just worked the rest of the day. What else was I going to do? I just survived a double-layoff, it didn't feel right to take the day off.
Looking at the ticket queue, and watching the flow of firewall changes, load balancer NAT mappings, OSPF network updates, and resolving TLS handshake connectivity issues, the weight of how much work only two people were now responsible for was overwhelming. What took 20 people to sift through, was now down to two.
At this point I was thinking maybe the severance package wasn't a bad offer after all...
All my former coworkers green "online" status was now showing "red offline". Big announcements from senior management slowly started to trickle into my inbox about "recent changes" to the organization, what to expect, and if more layoffs were expected. I skimmed them and couldn't bring myself to think of the fact that I could easily delete these emails because it doesn't affect me. But I could only think about what people are now telling their spouse and children about losing their job today. It sucked. There was no moment of self-congratulations, or patting ourselves on the back, or antagonistic thoughts of "they deserved it..." or "they should have worked harder!". It was just another layer of depressing news on top of the ongoing onslaught of 2020, starting with Kobe Bryant.
Snapping out of it, I realized there was now the case of the additional money in my account. I definitely can't keep it and should tell someone about it right away.
Later on the in the day a higher level executive gave me a call on my personal cell phone. She asked how I was doing.
"Well, you and your colleague were given justification to be omitted from the list of those who were let go today".
I noticed she said "who were let go" and not "who we let go". Just something to file away in my memory banks for later.
Given the tone, at this point I didn't ask any questions or even have a need for more details. All I had was this follow-up question:
"What's going to happen to the money in my account?"
"That was a clerical error. You weren't supposed to get that. Don't spend it. We'll put in a transaction to have it pulled back from your account".
"Okay, thank you."
This is the second time I survived a company lay off. For situations like this, your mind wants some sort of reason. How did I manage to keep my job?
There's no way for sure to tell that having a CISSP and a GCIA GIAC saved me from being let go. Or working extended hours just to meet deadlines or resolve an ongoing troubleshooting issue. Or show some improvement in professional performance consistently throughout the years by getting certs and learning new technologies. There is no way to calculate that.
What I can say is that I went back and looked through each of the CISSP Code of Ethics canons and checked off to see if I accomplished each one in my daily work grind:
Protect society, the common good, necessary public trust and confidence, and the infrastructure
I tell the truth and don't share PDF copies of CISSP books. I check to make sure all fire extinguishers are up to code and appropriate for the environment they are in (kitchen vs data center)
Act honorably, honestly, justly, responsibly, and legally
Always. The truth will always defend itself.
Provide diligent and competent service to principals
If I know how to do something, I'll do my best. If I don't know how to do something, I'll get help or admit right away I am still learning, but a fast learner.
Advance and protect the profession
I guess just by writing this blog post
These three qualities also never failed me in the workplace:
Don't be late
Give them an update before they ask for one
Finish what you started
So as it stands, my workload has increased 5 times over, most likely having to take a night shift here and there and of course being on-call more frequently. But you know what? It's fine. I'm glad to have a job and health insurance, it's not about what I really want. With a different world reality now, I haven't even had a time to sit down and think for a minute on whether to leave my current job while I have one to look for greener pastures or see how long I make it in this company. I hear it is better and easier to look for a job while you have one, instead of looking for one when you're unemployed.
For everyone studying for their CISSP, I take comfort in knowing you are on your way to obtaining a certification that can only yield positive results. Not just on your resume and a checklist, but also in instilling the necessary discipline and mental strength to still stay the course no matter how much the ship is sinking. Sorry, didn't mean to be a downer with this blog post and take you away from your studying, but just wanted to let you know the value of the CISSP.
If you do go through something like this, writing letters of recommendation or providing your information to former employees to use as a professional reference are great ways to help them out. Security is still a small sector, word gets around fast.
CISSP Take-Away Concepts
Domain 1: Security and Risk Management
Management sent email regarding "recent changes" to the organization
Looked at the ticket queue to see how much work was waiting to be completed. This helps to prioritize them in order of importance.
Separation of duties
The executive does not have the authorization to withdraw the money back from my account. There is a formal process to submit a request for a reverse transaction to the accounting department.
Domain 6: Security Assessment and Testing
User Deprovisioning/Account Management
Coworkers access to chat system and other corporate accounts were revoked minutes after following layoffs.
Domain 8: Software Development Security
Aggregation and inference
Aggregation: Direct deposit amount was triple the normal amount, it was payday so a good time to let people go and end their health insurance plan at the same time, there were already layoffs going around.
Inference: Took all the information in the above and made an educated guess that I might be laid off today.