This article on DarkReading.com brings up some interesting fodder for thought. Security professionals realize that technology just isn't doing the job when it comes to protecting our resources so we should focus more on user training. But wait, we learned long ago that user training was a waste of time in many cases. So we spent more money on technology that isn't doing the job. Now we hire more security professionals to help but there aren't enough good security pros out there. Now we are left with entrusting our junior guys with the task of securing our networks. But they don't have the skills so we have to get them trained and certified. And it keeps going round and round.
There is good news in all of this.
- We improve the security awareness of the end users (I can dream can't I).
- We improve the technology.
- We improve the security of the company through implementing 1 and 2.
- We improve the skills of those who are in the field.
- We improve ourselves by getting better positions in the field.
- We improve each other by sharing what we have learned via blogging, podcast, etc..
The higher you climb, the more that you see
The more that you see, the less that you know
The less that you know, the more that you yearn
The more that you yearn, the higher you climb.