Chapter 5. Educating Those Pesky Users
There are essentially four kinds of IT organizations. The first kind knows that security is important and is doing a really good job with it. If you are lucky enough to work for one of the two organizations on Earth that fall into this group , you are beyond the scope of this book and probably don't really need to read it (but thanks for buying anyway). The second kind knows security is important but isn't currently doing a very good job with itthey do want to learn, however. The third kind doesn't realize that there is a security problem but can be easily convinced of their errors, at which point they are ready and willing to receive help. The fourth kind refuses to believe that there is any security problem, no matter what you do. The best thing you can do is point them toward a "partner" who will go and install something else organization-widethat way at least they can't blame you. Should you happen to work for someone who falls into the fourth category, we can't really help you. You should still read this book, however, because it's still useful to you. We also recommend you read What Color Is Your Parachute and start working on a resum . In the end, your employer will get hacked, and at that point probably blame you for their failure to allow you to protect them. It would be better to already have a new job at that time. Thankfully, the vast majority of customers fall into categories two and three.