Not so long ago, a bright security professional and a firm
believer of the Pareto Principle, was tasked with designing and implementing an
impregnable security solution for his company’s internet. He did his research
and arrived at what he thought was an accurate total cost of $4M. Just prior
to striding into his manager’s office for approval, he had a quick discussion
about the project with a recent new hire reporting to him about the project.
“I’d be careful,” she advised. “At my last company, we found
that each major phase cost 50% more than the previous phase. We had several
discussions about ‘risk profiles’ and ‘perfect protection’ before getting
buy-in on deliverables and budget on a less ambitious result.”
The bright security professional thanked her and said, “I’m
quite confident in my projections and will stake my job on this project. In
fact, I will bring it in under budget.”
So, the bright security professional met with his somewhat
parsimonious manager, and guaranteed the results. “In fact,” he said, “the
first phase of the project will get us 80% there for only $800k." The manager
said, “Fine, but go over budget on this and your next position will have you
saying, ‘Would you prefer a grande or a venti latte?’” and with that, the
project was approved.
At the completion of the project, how much under budget was
the confident security professional?
First, the Pareto Principle is named after economist
Vilfredo Pareto (1848-1923), From Investopedia, “The principle states that, for many phenomena, 20% of invested input
is responsible for 80% of the results obtained. Put another way, 80% of
consequences stem from 20% of the causes. Also referred to as the "80/20
rule".”
The answer is – the individual left to “pursue other
opportunities” when he found himself having exhausted the budget, told his manager
that he now felt that 100% was unobtainable
and that it would cost an additional
$2.5M to get to 97.5% protection.
How did this happen?
Earlier, a factor (chosen by me) added by the wise new hire
was that each phase of the project was that each phase of the project was going
to cost 50% more than the previous phase.
Phase 1 - $800k spent (total $800K) to reach 80% of perfection
Phase 2 - $1.2M spend (total $2M) to reach 90% of perfection
Phase 3 - $1.8M spent (total $3.8M) to reach 95% of perfection
Phase 4 – Plug pulled on project. The estimate was $2.7M
(total $6.5M) to reach 97.5% of perfection and you never reach 100%
Some morals of this parable
·
100% is tough, if not impossible, to achieve
·
Know your risk profile and your company’s risk
profile when working on security projects
·
Know how to make coffee drinks
Posts
No comments:
Post a Comment