Hacker News new | past | comments | ask | show | jobs | submit login

I find that in large organizations, business only cares about business. Maybe because they can't be bothered with IT or security or any of the geeky disciplines. I'm pretty sure it's all about soft skills: they just can't handle dealing with folks that lack soft skills and those geeky, nerdy folks running the technology stack lack soft skills and only ever ask to spend money ...

If you, tech geek, learn enough to speak well to The Business, you have another challenge: the market is at a place where incentives matter. You can articulate, in the right language, the need for cleaning up the company security posture, but you can't articulate an incentive. User can't sue because the ToS says 'mediation;' There's no regulatory agency that will really threaten our profits - we can afford a $10MM fine when they get around to levying such after three years of investigation ... what's the incentive to spend half a million dollars this year on additional employees and licenses when that's money destined for high-level bonuses this year, and by the time that fine arrives, this executive team will have moved on?

>In my opinion organizations still don't rely enough on "defense in depth" techniques...

This flies in the face of 'easy money.' 'Easy' meaning we, The Business, comprehend the purpose of a particular budget line item. Spending money is bad. But spending money in some places is a necessary evil, and only acceptable when it is in a place that is directly reflected in the price to the customer. Acquiring, manufacturing, assembling parts in the final product? Fine. Marketing to acquire a customer? Sure. Attaining regulatory approvals? Bah, ok. After we've articulated the costs and padded an acceptable margin, the only thing left is the self-congratulatory bonuses for executives!

I've found that at large companies, employees touted as having great soft skills often lack the ones that I consider key for productivity: communication, integrity, responsibility, and work ethic.

Meanwhile, engineers possessing all of the above traits as well as hard skills are told to develop their other soft skills (i.e. positive attitude, courtesy, and professionalism) to make themselves more palatable to the inept.

In a vicious cycle, the feeling that everything is focused around appeasing those that contribute the least is enough to erode many engineers' soft skills.

Enter the dead sea.

Ridiculously accurate assessment of the situation. Incentives matter.

The small and medium companies that seem to be rethinking IT security are the ones hit by a cryptolocker.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact