User Education can't be a bust

RSnake thinks that user education is a bust or so he says in his DarkReading post. The only problem with this is that if it is a bust then we might as well all just pack up and go home. If we give up on trying to teach our users how to be more secure then we will lose. We can't and I surely don't want to work in an environment where IT and Security controls every thing that goes on. Why? Because it would be a support nightmare. Users will still find ways to cause problems and the tighter we twist the thumb screws the more they will fight back.

If we don't continue to train them and attempt to make them more secure at work and at home then eventually the bad guys will own enough systems to make it impossible for us to secure enough to do any good. My little corner of the network might be secure, but no one else out there will be secure enough to do business with.

I have lots of respect for RSnake and would not want to have him try to come after my systems, but I have to call him to task on this. Having this kind of attitude towards User education is easy. It takes the onus off of us to deal with people who don't get it and who irritate us because they don't get it. I'd much rather have total control than spend 30 minutes teaching someone something that should only take them 3 minutes to understand, but that does no one any good. I've said it before and I'll say it again; what we teach them will make the internet safer for everyone, even if it drives us crazy.