Security-Go-Round

This article on DarkReading.com brings up some interesting fodder for thought. Security professionals realize that technology just isn't doing the job when it comes to protecting our resources so we should focus more on user training. But wait, we learned long ago that user training was a waste of time in many cases. So we spent more money on technology that isn't doing the job. Now we hire more security professionals to help but there aren't enough good security pros out there. Now we are left with entrusting our junior guys with the task of securing our networks. But they don't have the skills so we have to get them trained and certified. And it keeps going round and round.

There is good news in all of this.

1. We improve the security awareness of the end users (I can dream can't I).
2. We improve the technology.
3. We improve the security of the company through implementing 1 and 2.
   
4. We improve the skills of those who are in the field.
5. We improve ourselves by getting better positions in the field.
6. We improve each other by sharing what we have learned via blogging, podcast, etc..

This is all part of the cycle of how this world works. We can make the best out of it and improve or we can let it run us over and lose ground. I know that I only looked at the "bright" side of this but I'm in a good mood this morning and didn't want to start off with a negative post. This cycle reminds me of one of my favorite songs by Dan Fogelberg that has a similar theme. In it he says:
The higher you climb, the more that you see
The more that you see, the less that you know
The less that you know, the more that you yearn
The more that you yearn, the higher you climb.