Heard my department might be on the chopping block, can anyone confirm?
11 replies (most recent on top)
Let's be honest. EIS was never set up to be effective. Leadership has come to my group and asked for no reduction in Capital (Feature) delivery AND we need to close all vulnerabilities. The ones we planned to close over the last 2 years, but were prevented from closing since it would slow delivery.
This is just Security Theater. I feel bad for the folks in EIS if they get cut for leadership's continued failure to prioritize Cap PRJs and de-prioritize O&M by holding it at 10% funding.
Lets face it we all know why Polaris ran into the Billions...it wasn't about the Engineers or complexity, it was an army of Beewatchers burning cash by billing to its PRJs.
InfoSec suffers from similar issues.
I have heard this new Optum Care CMO’s goal is to streamline and eliminate waste. That translates to reorg and down sizing. He needs to get in get his feet wet and it will be about end of may June when he thinks he knows it all and can start slicing off the fat.
If all the "security" team can do is run code scanners and yell at teams from a distance to get in line, they arent very useful.
Anyone can run a code scanner. Implementing the fix and prioritizing updates never gets done because management wants their features.
@wsi+1rK9GGrN Nobody in leadership will hold one of their own accountable. They have fostered a culture of separating us in feudal classes. They are the feudal lords, we are the serfs. They laud each other and bequeath their fellow lords with titles for the accomplishments of their serfs. And when something bad happens, the serfs get punished.
And going after teams for CVEs is equivalent to punishing us for not praying hard enough for plenty of rain and a bountiful harvest.
Just to clarify, EIS can't stop people in the business from doing stupid things, like giving unnecessary or forbidden permissions to contractors to see PII. All EIS can do is audit and escalate for that.
EIS was given a % of $ to cut from total budget and manpower budget by 100x. This despite the increased risk the 2022 and 2023 acquisitions brought in.
We all can agree or disagree. In every org. there is always the good bad and ugly. At the end of the day leadership needs to be held accountable.
Checks and balances of a well run org. goes back to strong leadership leads by example.
Do we blame on misbehaved children or do we expect parental guidance? ACCOUTABILITY!!
@hyh+1rK9GGrN I have bad news for you, it's not just EIS that is focused on false positives and package versions. All of our leadership is obsessed with it as these 'vulnerabilities' fit neatly on reports that get sent to people who think "number go up bad" and "number go down good" is a meaningful contribution to the company.
The optum security people think that upgrading irrelevant versions in packages and addressing false positive CVEs is more important than making sure Wipro cant see Pii and SSN. Theyre incompetent. Optum had to call in ACTUAL security experts to address the CHC ransomware. Dont feel bad.
Obvious the top needs to find scapegoat!
Does Congress(senate knows the difference between corporate versus information security? 🤣🤣
Blame storms always push down stream never the other way around …sadly
Laying off security people right after the largest healthcare hack in history... Ooof.
Write to congress! Have your elected leaders hold these croonies responsible.
Confirm with whoever told you.