# The human element of security

By [Doug Lane](https://paragraph.com/@axalane) · 2022-04-01

---

It's often said that humans are the weakest link in most organizations' security posture. It's probably true. But it's also a bit unfair. Working securely is actually pretty hard these days, even if you're technically savvy.

You're told not to click on unsafe links. But you're bombarded with inscrutable URLs every day, including many from the same people who will blame you the one time you make an error.

Emails from the outside partner you work with every day have the same "dangerous outsider!" label as those from a threat actor trying to social engineer you.

You're told not to use unsanctioned tools for communicating and collaborating with outside parties. But any company-sanctioned alternatives are too locked down to be useable.

If you're a developer, you're expected to write bug-free code, even though you face unrelenting pressure to ship new capabilities continuously.

If you're a SecOps pro, you're expected to catch every threat, even though you're hit with an information firehose every day.

It's been like this for years. But I'm encouraged by how many security vendors I now see:

*   Respecting the practical needs of users who must communicate and collaborate across geographic and organizational boundaries.
    
*   Giving developers something better than boring online training modules to develop their security acumen.
    
*   Creating security process linkages to non-security teams like developers and infrastructure ops teams who can improve security at a foundational level.
    
*   Harnessing the power of machine learning to bring greater focus and context to threat hunting and security monitoring.
    

There is still a long road to travel. But it feels like we're finally starting to embrace the human element of security rather than point fingers at it.

\-Doug

---

*Originally published on [Doug Lane](https://paragraph.com/@axalane/the-human-element-of-security)*