Have you ever noticed that the average Infosec practitioner only really gets excited, interested and focused on advanced security activities? If you start talking about how to do real time forensic packet inspection across your network, a half dozen security engineer types show up out of the blue to kibitz with you. Talk about how to patch your windows desktop and its like a ghost town around your desk.

This is a serious problem. Very serious. According to both the Mandiant and Verizon reports this year, the vast majority of successful intrusions involved two crucial factors. One was a human that could be tricked in to accessing malware in some way, whether that was a website, a spreadsheet or some other attack vector. Second was a system that wasn’t protected by the basics; like anti-virus, up to date patches or properly configured browsers.

I submit to you that all the vendor emphasis on selling new products, the security fascination with new stuff, and the fact that information secur…