On Tue, 26 Mar 2002, David Lang wrote: > also consider splitting your workload up in some way other then just by > firewall groups. have some people specialize in maintaining the underlying > boxes (hardware and software) while others specialize in the in's and > out's of the firewall software, and others automate things for the rest of > the group, cross train them, but put people where they do the most good. > dom't force everyone to be an expert at everything
There's a downside to this, which is that you'll be extending trust to a larger group of people. That's not just a risk because of the larger number of apples and so the larger the chance of "bad apples," it's also a potential issue because you may not have the same level of staffing control over "the server manager group" that you do over the "firewall group" down the road. Imagine the worst NT admin you've ever seen suddenly being in charge of OS upgrades on the firewall (and put it on Solaris just to make it more fun.) Duplicating other organizational structures by function often makes the beancounters start thinking about cutting redundant parts of the company. "Hey, we have one guy doing Solaris upgrades on 3 firewalls and one gal doing it on 20 Web servers, we can save 50% of our Solaris upgrade people costs by upping this gal's workload 15%." I much prefer to get people up to speed on things they're not good at, and let people cross-validate other's work. It also hurts less when one of the people goes on to persue other opportunities. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
