Security people are the first to go

Interesting title thread, I know. I've been on the fence about my next career move for some time. When I moved into networking, I had an interest in it, but I was more interested in getting experience with firewalls.

I was discussing with a friend the other day, that I think I want to get my CISSP and focus only on security technologies, such as firewalls, IPS. I think also IAM.

His response baffled me, he said I'm better off staying in a networking position, because whenever there is a layoff, security people are more likely to go. He also said configuring firewalls and IPS are a network engineers job, not a security persons

Are these points right? If second point is, does a CISSP even make sense to get? Might as well stay vendor specific?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

E Double U

mnashe wrote: »

His response baffled me, he said I'm better off staying in a networking position, because whenever there is a layoff, security people are more likely to go.

hahahahahaha never heard this before. maybe his point is applicable to your company specifically.

EANx

Depends on the company. Any company that collects customer data as a part of its business better not have this as a layoff strategy. An older manufacturing firm that collects little customer data is less likely to be concerned about IT security. They're more likely to say things like "will it keep the truckers from delivering concrete?" Will it stop us from mining copper?"

mikey88

mnashe wrote: »

He also said configuring firewalls and IPS are a network engineers job, not a security persons

IA team manages the firewalls in the public sector. Plus I have not seen any evidence that Security personnel are the first to go. Maybe in some mom and pop shop.

UnixGuy

sure, can be. depends on what 'security' they do. Configuring firewalls/IPS is a network security task, can be done by either a 'security engineer' or a 'network engineer'....

The more skills and the more useful you are, the more likely that you can get gainful employment...

mnashe

thanks everyone. I'm glad i'm hearing the opposite here. Not that I thought my bud didn't know anything, he's a well respected network architect. Maybe that's what he's experienced at his job.

I'll continue to push on

yoba222

Sounds like your friend's company has yet to have gotten hacked and owned badly. Some people have an old school mindset and only learn the hard way.

chrisone

never listen to another technical staff member on executive decisions lol

TechGuru80

Saying security people are the first to go is definitely far from true. My guess is that your friend mainly has experience with smaller companies because that is possible if things don’t go as expected...a medium to large company isn’t going to adopt that strategy.

Decide what kind of company you want to work at...smaller will require you to wear many hats but larger companies will let you specialize.

cyberguypr

In regards to security peeps being the first to go, sure that may be true in some tiny subset of non-mature shops, but it's not the norm at all. I've heard this line before from non-security people that for some reason feel the need to point out that security "is a bubble" or perhaps that "it sucks". With the importance of security growing every day, regulation catching up, and many other factors, this just doesn't make any sense and just shows the ignorance of the person making the comment. It would be like denying SDN, cloud, DevOPS automation, or any other area that the market demands.

In regards to configuration, that also depends on the company. In smaller shops this could come down to InfoSec. Bigger/mature shops may have separation of duties and have a role who configures the devices and another one who validates/audits configs. YMMV.

jcole4lsu

Your friend sounds like an idiot. Quit listening to people like that.

E Double U

chrisone wrote: »

never listen to another technical staff member on executive decisions lol

I come to TE for all of my executive decisions

chrisone

E Double U wrote: »

I come to TE for all of my executive decisions

the only executive decisions I get to make with TE advice is on which cert guide to use hahahaha

Clm

My Organization Had lay offs for two years in a row and nope the security team was safe. Heck when i worked for a security company 80 percent security people they laid sales members off first.

ITSec14

I could see the very small shops letting security people go first, but not the bigger more regulated companies with complex infrastructure. I work for a global company which is subject to GDPR and I can tell you that security people are by far some of the most important right now. It has been absolutely insane getting ready for the deadline in May.

mnashe

thanks everyone