惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 叶小钗
云风的 BLOG
云风的 BLOG
G
Google Developers Blog
S
SegmentFault 最新的问题
罗磊的独立博客
Hugging Face - Blog
Hugging Face - Blog
美团技术团队
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
DataBreaches.Net
F
Fortinet All Blogs
TaoSecurity Blog
TaoSecurity Blog
D
Docker
C
Cybersecurity and Infrastructure Security Agency CISA
K
Kaspersky official blog
宝玉的分享
宝玉的分享
腾讯CDC
Google Online Security Blog
Google Online Security Blog
Recorded Future
Recorded Future
T
The Exploit Database - CXSecurity.com
T
The Blog of Author Tim Ferriss
V
V2EX
S
Securelist
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
CERT Recently Published Vulnerability Notes
A
Arctic Wolf
Scott Helme
Scott Helme
L
LINUX DO - 热门话题
Y
Y Combinator Blog
P
Proofpoint News Feed
T
Tor Project blog
AWS News Blog
AWS News Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
The Last Watchdog
The Last Watchdog
博客园 - 聂微东
T
Threat Research - Cisco Blogs
B
Blog
Attack and Defense Labs
Attack and Defense Labs
L
Lohrmann on Cybersecurity
C
CXSECURITY Database RSS Feed - CXSecurity.com
阮一峰的网络日志
阮一峰的网络日志
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
N
News and Events Feed by Topic
博客园 - 司徒正美
H
Help Net Security
C
Cisco Blogs
C
Check Point Blog
S
Secure Thoughts

The Networking Nerd

AI Isn’t a Genie, It’s an Intern Cisco Live 2026 – Requiem For A Corner OpenClaw Ruined AI and It Makes Me Happy The Value of Concise Communication Context Is Expensive The Inattention Economy The Heat is On Wi-Fi 8 Already? Focus is In for 2026 AI Is Just A Majordomo Don’t Let AI Make You Circuit City Is Cisco Live Still The Place To Be Do You Need To Answer That Question?
You Can’t Patch People
networkingne · 2026-04-27 · via The Networking Nerd

One of the things I’ve noticed when it comes to IT is how quickly we’re willing to use software to solve people problems. Over my career I’ve seen all manner of crazy solutions to get around people being lazy or uneducated. Remember vMotion? Or OTV for stretched layer 2? Why do you think those solutions came about? I posit that it’s because it’s faster to write software than to patch people.

Hacking Humans

I see this most often in cybersecurity. Developers love to create software solutions that prevent things from happening. Phishing and all its various forms are some of the top priorities for solutions that prevent leaking of information. While we have invested a lot in phishing tests and education it’s also very likely that there are controls in place that prevent users from accidentally giving out information to threat actors.

Why are we so willing to write software to fix problems instead of teaching people to avoid those issues? I think in part it’s because software is predictable. If I create an app or write some controls into a platform it’s going to behave the same way every time. That’s the definition of deterministic. Every time the software is presented with an input it will react the same way. That makes it easy to figure out. People that deal with risk on a daily basis just love predictability.

Humans are messy. We don’t always behave the same way every time. Even someone that knows they shouldn’t click on links in an email will do it because they aren’t paying attention or because they are tired. When you factor in how much better the phishing emails have gotten thanks to the advent of generative AI even the rank-and-file people are getting tricked. Developers would rather deal with software than trying to send more tests and update education resources.

The real issue is that we can’t patch people as easily as we can with software. If updating the filters for spam and phishing and other security related items was as simple as downloading the new attack vectors into someone’s brain we’d be doing that instead. Likewise, if we could just convince people to build things a certain way to avoid having to create complicated systems like FHRP we would be doing that instead of trying to solve for lazy developers.

Treating People Like Programs

Why is it so hard to patch people? Forget about the deterministic part of the equation for a moment. Software isn’t instantly updated when something is discovered. It takes time to develop lists of new vectors or update programs to remove vulnerabilities. Why can’t we do the same for people and reduce the overhead of all the extra software?

People can be “patched” with education. It isn’t always easy to get people to take courses or read the bulletins that are sent out. There are ways to force people to do it but that kind of friction just makes security teams resent users for trying to avoid mandatory training updates. Hence the reliance on software to fix the issues. But it doesn’t have to be like that.

Instead of forcing people to take updated training you could use something like gamification to encourage people to update training or learn about new issues. This is especially good with younger or newer employees that are used to the badge hunt mentality. Giving them the option to display achievements tied to training is a great way to encourage them to keep updated while also pulling others in that want to earn the same recognition.


Tom’s Take

I get the desire to rely on deterministic software rather than dealing with unreliable people. But there is only so much software that you can write to try and fix behaviors. We eventually have to get to a point where we can educate users and encourage them to want to keep up with it instead of forcing them to go through endless modules that don’t give them any real info. If we would just put in a bit of the effort we use on software controls into the people we’re trying to restrict we might find the effort is multiplied far beyond what we could hope for.