I think I’ve found one of the best stories of 2013, despite the fact we’re still only in January. It’s right up there with the horse burger story which has been generating so many jokes.
Despite being such a great story, it’s not that easy to find it anymore. In fact, two days after the source for the story was originally posted on the verizon security blog by Andrew Valentine, it appears to have disappeared but thanks to the wonders of technology (Google web cache in this instance), it can be found here.
This story not only provides a fantastic example of just how profitable outsourcing can be but also might lay the foundations for the future business models of many IT providers going forward.
The story concerns a company that discovered an open and active VPN connection from Shenyang, China. The IT security department was obviously perturbed by this discovery, especially as the company was a US critical infrastructure business. The credentials being used for this connection belonged to a developer who was sitting at his desk in the office. For want of a better name, Valentine has dubbed him ‘Bob’, a software developer in his mid-40s with skills in C, C++, Perl, Java, Ruby, PHP etc. An inoffensive family man, Bob had been working for the company for quite a while and was highly rated for his work.
After ruling out the possibility that the VPN connection was caused by zero day malware, the Verizon investigators got a forensic image of Bob’s workstation and found hundreds of pdf invoices from a third party contractor/developer. In Shenyang, China.
Bob, who earned a six-figure salary, had quietly outsourced his job to a Chinese consulting company for a fifth of the price. To let the third party contractor access the VPN during the workday, Bob had sent his RSA token to the Chinese company. To people in the company it looked as if Bob was at his desk everyday immersed in his work, but all the while a Chinese developer was doing his job for him.
In his blog, Valentine says that a check of Bob’s web browsing history revealed his typical work day looked like this:
9:00am – Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30am – Take lunch
1:00pm – Ebay
2:00pm(ish) – Facebook, LinkedIn updates
4:30pm – End of day update e-mail to management
5:00pm – Go home
Upon further investigation, the team uncovered evidence that suggested Bob had been doing the same thing with other companies in the area, earning him several hundred thousand dollars a year at a cost of around $50,000.
But Valentine saves the best part until last. While they were digging into Bob’s record, the investigators had a chance to read his performance reviews. "For the last several years in a row he received excellent remarks," Valentine writes. "His code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building."
Obviously what Bob did was illegal but in another way he was merely acting as a service provider or aggregator, searching out the best developing skills he could find and outsourcing work to them (at an amazing margin). I bet there are a lot of companies out there just wishing they could get the same return Bob did for doing something very similar, but legitimately. After all, who wouldn’t want to watch cat videos all morning and get paid for it?
Subscribers 0
Fans 0
Followers 0
Followers