What is Your Plan B?

By Mike Rothman

In what remains a down economy, you may be suspicious when I tell you to think about leaving your job. But ultimately in order to survive, you always need to have Plan B or Plan C in place, just in case. Blind loyalty to an employer (or to employees) died a horrendous death many years ago.

What got me thinking about the whole concept was Josh Karp’s post on the CISO Group blog talking about the value of vulnerability management. He points out the issues around selling VM internally and some of those challenges. Yet the issues with VM didn’t resonate with me. It was the behavior of the CTO, who basically squelches the discussion of vulnerabilities found on their network because he doesn’t want to be responsible for fixing them. To be clear, this kind of stuff happens all the time. That’s not the issue.

The issue is understanding what you would do if you worked there. I would have quit on the spot, but that’s just me. Do you have the stones to just get up, pack your personal effects, and leave? It takes a rare individual with the kind of confidence to just get up and leave – heading off into the unknown.

Assuming it would be unwise to act rashly (which I’ve been known to do from time to time), you need to revisit your personal Plan B. Or build it, if you aren’t the type of person with a bomb shelter in your basement. I advise all sorts of folks to be very candid about their ability to be successful, given the expectations of their jobs and the resources they have to execute. If the corporate culture allows a C-level executive to sweep legitimate risks under the rug, then there is zero chance of security success. If you can’t get simple defenses in place, then you can’t be successful – it’s a simple as that.

If you find yourself in this kind of situation (and it’s not as rare as it seems), it’s time to execute on Plan B and find something else to do.

Being a contingency planner at heart, I also recommend folks have a list of “things you will not do” under any circumstances. There are lots of folks in Club Fed who were just following the instructions of their senior executives, even though they knew they were wrong. My Dad told me when I first joined the working world that I would only get one chance to compromise my integrity, and to think very carefully about everything I did. It makes sense to run those scenarios through your mind ahead of time. So you’ll know where your personal line is, and when someone has crossed it.

I know it’s pretty brutal out there in the job market. I know it’s scary when you have responsibilities and people depend on you to provide. But if someone asks you to cross that line, or you know you have no chance to be successful – you owe it to yourself to move on quickly.

But you need to be ready to do so, and that preparation starts now. Here is your homework over the weekend: Polish your resume. Hopefully that doesn’t take long because it’s up to date, right? If not, get it up to date. Then start networking and make it a habit. Set up a lunch meeting with a local peer in another organization every week for two months. There is no agenda. You aren’t looking for anything except to reconnect with someone you lost touch with or to learn about how other folks are handling common issues. Two months becomes three months becomes a year, and then you know lots of folks in your community. Which is invaluable when the brown stuff hits the fan.

You also need to get involved in your local community, assuming you want to stay there. Go to your local ISSA, NAISG, or InfraGard meeting and network a bit. Even if you are happy in your job. As Harvey MacKay says, Dig Your Well Before You’re Thirsty.

No Related Posts

Mike- thanks for highlighting Josh’s piece on this. We have all been there. You wake up one day and say WTF am I doing here. I think we all understand that life gets in the way of truly doing whatever you want, but for sanity’s sake it is better to move on.

By alan shimel

An excellent article with excellent advice. Anyone who has come out of a layoff situation knows this well.

By Mitch

btw, the National Security Agency was recently hacked. Yes hacked! But it was downplayed to the media for obvious shameful reasons. Here

By IT Ninja

It’s shocking the number of folks who believe they are trapped in a bad spot. They tell me some tale of woe and then when I ask why they just don’t leave, I hear they can’t.

Let’s be candid here, staying in a bad situation is as much of a choice as leaving. A person rationalizes who knows what to get up in the morning and go to a situation that is non-productive and unhealthy. I should know, I’ve been there and I’ve got a highly tuned rationalization engine.

The point here is to recognize the issue and start moving towards Plan B. Maybe you can’t run out in a huff like in the movies, but you *can* make progress. Even if it’s just a little bit every day.


By Mike Rothman


Thank you for saying this. As a whole, we all need to ensure that we have put all the necessary pieces in place to ensure that we can stand our ground when it is necessary for the sake of security and our personal integrity.

Too many people let themselves end up in situations where they don’t have the “Plan B” to ensure confidence in giving the correct answer to executives, not just what they want to hear.



By SecBarbie

If you like to leave comments, and aren’t a spammer, register for the site and email us at and we’ll turn off moderation for your account.