In a rare flash of insight, I realized that I spend most of my days talking to people in my organization about what security is, and how to do things in a way that a) they can get their work done, b) they can get their work done, and c) how to get there work done in a way that slightly lowers the organization's exposure to information risks.

I do not spend a lot of time on technology at all. This is in line with observations that the real threat to information security is caused by a vulnerability commonly known as a user.

Life would be so much easier if patching users was as simple as patching servers!