[unisog] Operational vs project time

Russell Fulton r.fulton at auckland.ac.nz
Mon Oct 30 21:24:34 GMT 2006

Sigh...  Our experience is that, if you allow it, operational work
expands to the time available, just as Parkinson predicted.  We have two
techies and a manager and all of us fight a constant battle to get
project work done.  I have resorted to doing programming in my own time
to get important projects uderway.   I believe that there needs to be
about a 50-50 split (and more on project stuff if you are playing catch
up.  The catch is that if you are playing catch up you will have more
operational stuff that you can't ignore, a classic catch 22 situation :(

Bojan and I estimate that we spend around 70% of our time on operational
stuff and I suspect that Steve (our manager) may even be higher.  We
could easily use another full time person but we are not going to get
them.  To do justice to the management, over the last 4 years we have
gone from just me to three people.

I come back to my assertion that, in a university environment, you need
a roughly 50-50 split between development and operational work.  At the
moment threats are evolving quite rapidly (think about what has happened
to spam over the last two months) and even if we could buy commercial
products that we can afford and that well work adequately in our
environment there is still a considerable amount of effort to deploy new
defences. If, as is often the case, we have to cobble something together
ourselves then this is even more resource intensive.

The ideal would to be in a position where you had enough development
time that you have all the systems you need in place and all your admins
thoroughly trained and security aware (ditto for users) and the
operational load would be somewhere down around 10%. Then you would be
able to respond to new threats when you first notice them instead of
waiting until they are having major impact on the institution.


Gary Flynn wrote:
> Hi,
> We're undergoing some internal analysis and were wondering what
> security groups were seeing as the proportion of time spent on
> operational work vs project work.

More information about the unisog mailing list