Wednesday, October 07, 2009

Peter Principle

The Peter Principle is the principle that "In a Hierarchy Every Employee Tends to Rise to His Level of Incompetence." It was formulated by Dr. Laurence J. Peter and Raymond Hull in their 1969 book The Peter Principle. Whether intentionally or inevitably, every person who is doing a great job will be promoted until they no longer have that job. The promotion is not necessarily to a more difficult job, but it is not the job the person was trained to do. For example, a management position is a different skill set than how a programmer has proven themselves.

When we apply this principle to cybersecurity, it is referred to as "The Generalized Peter Principle." It was observed by Dr. William R. Corcoran while testing hardware in a nuclear plant. He observed the tendency to continue to use what was familiar even to the point of not being useful. People want to use old devices for new problems. Take anti-virus software for example. I was recently asked "Why, if I run A/V, do I keep getting pop-up ads on my computer?" We rely on the software to "quarantine" viruses, and it does it so well that we want Adware Blocking as well. And as long as we don't have ads, we want to block Spyware. And really we want to be notified every time there's a new call to the internet. Meanwhile, the only thing it ever did very well was scan email attachments.

In the workplace, the solution is to forgo promotions in favor of pay increases, or to offer training for the new position. In software, the solution is to recognize what problems the program is actually solving, and find separate, new solutions for new problems. Avoid product creep by building a custom arrangement instead of the all-in-one quick fix.

1 comment:

LonerVamp said...

But...but...I want my AV super suite to be my physical access card printer. And scan my web apps for vulns. And manage the firewalls.

And make me donuts.