If you've been watching the stock market this month, you know that, economically speaking, things are going the wrong way. We seemed to be in a period of economic recovery, but now, whatever recovery we might have been having seems to have fallen right through, like piping-hot coffee melting the bottom of a cheap cup. Whether or not you consider stock market activity as a representation of the overall economy, I can tell you that my company seems to be falling on hard times as well.
It all started with a budget review. Our budget had seemed to be in pretty good shape. Last October through December, we proposed, defended, cut and rescued various IT initiatives through a fairly normal budget planning process. The result was a final IT budget for 2011 that we had been able to stick with. Until now, that is. Now, our executives have asked us to make some cuts.
That can't be good.
So the entire IT management went back over the budget last month, looking for any unnecessary spending. We also took a good, hard look at our purchase orders and invoices, to find any automatic or unnoticed expenses that we don't need. Through this process, we managed to save quite a bit of money. But we also had to cancel any new projects and planned purchases for the rest of the year that weren't absolutely necessary to run the business (or to keep the lights on, as they say) in order to make the target reduction our execs are looking for. And we still fell short.
Starting to get a bad feeling about this?
We went back over the budget again this month, looking for additional places to save money. There really wasn't much we could do other than to cancel virtually all new projects and any in-flight projects that we haven't spent the money on yet. This includes my data protection, vulnerability management and network access control projects, which were in my road map for the second half of the year. And those are really important for protecting the company's information assets. Well, maybe I'll get to do them next year. But for now, the advance of my security program has ground to a halt, at least on the technology side.
We've also had to cancel all open positions, and it looks as if we won't be hiring any new staff for the rest of this year. And we let all our contractors go. Meanwhile, we're experiencing above-normal staff attrition due to increasingly demanding work requirements. That's a vicious circle -- as more people leave due to being overworked, the remaining people end up with more work to do. So we are now running IT with a skeleton crew.
Nobody has said the word "layoffs" yet. But that does seem like the next logical step, right? We saved as much money as we could by freezing our current and future spending. If we need to save more, where else would it come from, besides staff?
This has been a long recession, and during it, I've lost my job as security manager twice. Maybe I'm just pessimistic, but it sure feels like history is about to repeat itself -- again.
This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at firstname.lastname@example.org.
To join in the discussions about security, go to blogs.computerworld.com/security.