惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
T
The Exploit Database - CXSecurity.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Security @ Cisco Blogs
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
腾讯CDC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Blog of Author Tim Ferriss
Microsoft Azure Blog
Microsoft Azure Blog
罗磊的独立博客
F
Full Disclosure
博客园 - 【当耐特】
C
CERT Recently Published Vulnerability Notes
Engineering at Meta
Engineering at Meta
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Threatpost
I
Intezer
V2EX - 技术
V2EX - 技术
H
Hackread – Cybersecurity News, Data Breaches, AI and More
The Hacker News
The Hacker News
小众软件
小众软件
Google DeepMind News
Google DeepMind News
T
Tailwind CSS Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
B
Blog RSS Feed
Microsoft Security Blog
Microsoft Security Blog
N
News | PayPal Newsroom
MyScale Blog
MyScale Blog
AI
AI
Vercel News
Vercel News
Spread Privacy
Spread Privacy
美团技术团队
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
V
Vulnerabilities – Threatpost
Schneier on Security
Schneier on Security
Cyberwarzone
Cyberwarzone
G
GRAHAM CLULEY
Help Net Security
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
U
Unit 42
L
LangChain Blog
Recent Announcements
Recent Announcements

The Networking Nerd

AI Isn’t a Genie, It’s an Intern Cisco Live 2026 – Requiem For A Corner OpenClaw Ruined AI and It Makes Me Happy The Value of Concise Communication Context Is Expensive The Inattention Economy The Heat is On Wi-Fi 8 Already? Focus is In for 2026 AI Is Just A Majordomo Don’t Let AI Make You Circuit City Is Cisco Live Still The Place To Be Do You Need To Answer That Question?
You Can’t Patch People
networkingne · 2026-04-27 · via The Networking Nerd

One of the things I’ve noticed when it comes to IT is how quickly we’re willing to use software to solve people problems. Over my career I’ve seen all manner of crazy solutions to get around people being lazy or uneducated. Remember vMotion? Or OTV for stretched layer 2? Why do you think those solutions came about? I posit that it’s because it’s faster to write software than to patch people.

Hacking Humans

I see this most often in cybersecurity. Developers love to create software solutions that prevent things from happening. Phishing and all its various forms are some of the top priorities for solutions that prevent leaking of information. While we have invested a lot in phishing tests and education it’s also very likely that there are controls in place that prevent users from accidentally giving out information to threat actors.

Why are we so willing to write software to fix problems instead of teaching people to avoid those issues? I think in part it’s because software is predictable. If I create an app or write some controls into a platform it’s going to behave the same way every time. That’s the definition of deterministic. Every time the software is presented with an input it will react the same way. That makes it easy to figure out. People that deal with risk on a daily basis just love predictability.

Humans are messy. We don’t always behave the same way every time. Even someone that knows they shouldn’t click on links in an email will do it because they aren’t paying attention or because they are tired. When you factor in how much better the phishing emails have gotten thanks to the advent of generative AI even the rank-and-file people are getting tricked. Developers would rather deal with software than trying to send more tests and update education resources.

The real issue is that we can’t patch people as easily as we can with software. If updating the filters for spam and phishing and other security related items was as simple as downloading the new attack vectors into someone’s brain we’d be doing that instead. Likewise, if we could just convince people to build things a certain way to avoid having to create complicated systems like FHRP we would be doing that instead of trying to solve for lazy developers.

Treating People Like Programs

Why is it so hard to patch people? Forget about the deterministic part of the equation for a moment. Software isn’t instantly updated when something is discovered. It takes time to develop lists of new vectors or update programs to remove vulnerabilities. Why can’t we do the same for people and reduce the overhead of all the extra software?

People can be “patched” with education. It isn’t always easy to get people to take courses or read the bulletins that are sent out. There are ways to force people to do it but that kind of friction just makes security teams resent users for trying to avoid mandatory training updates. Hence the reliance on software to fix the issues. But it doesn’t have to be like that.

Instead of forcing people to take updated training you could use something like gamification to encourage people to update training or learn about new issues. This is especially good with younger or newer employees that are used to the badge hunt mentality. Giving them the option to display achievements tied to training is a great way to encourage them to keep updated while also pulling others in that want to earn the same recognition.


Tom’s Take

I get the desire to rely on deterministic software rather than dealing with unreliable people. But there is only so much software that you can write to try and fix behaviors. We eventually have to get to a point where we can educate users and encourage them to want to keep up with it instead of forcing them to go through endless modules that don’t give them any real info. If we would just put in a bit of the effort we use on software controls into the people we’re trying to restrict we might find the effort is multiplied far beyond what we could hope for.